.png?sv=2019-07-07&sig=0Bn5FtRBr3LOdks%2BLcygARpoKfQByTStLZhN1OOM%2Brc%3D&spr=https%2Chttp&st=2023-12-01T03%3A18%3A45Z&se=2023-12-01T03%3A28%3A45Z&srt=o&ss=b&sp=r){kind=logo}
Enforcement Action Dynamic Value Statement Syntax Table
- 12 Nov 2023
- 5 Minutes to read
- Print
- DarkLight
- PDF
Enforcement Action Dynamic Value Statement Syntax Table
- Updated on 12 Nov 2023
- 5 Minutes to read
- Print
- DarkLight
- PDF
Article Summary
Share feedback
Thanks for sharing your feedback!
The following table describes the syntax of all Dynamic Value statement (also referred to as "statement") types and the available functions and operators.
The syntax in the table includes:
- [asset type] - The asset type on which to apply the statement.
- form.field - A field in the selected Enforcement Action Configuration dialog.
- adapter.field - A field from the selected adapter.
- itemN - A value or single value field (number or string type).
In a Dynamic Value statement, form.field and adapter.field must be of the same field type (e.g., both number or both string).
Learn some useful tips and tricks for working with dynamic value statements.
See Dynamic Value Statement Examples and Use Cases for some detailed examples.
| Element | Type | Syntax | Notes |
|---|---|---|---|
| all | Statement | [asset type] all then form.field set_value | Examples: device all then form.field set_value user all then form.field set_value vulnerability all then form.field set_value software all then form.field set_value See set_value below for options. |
| switch/case | Statement | switch [adapter.field] | Operators support functions. A value can be used instead of an operator. |
| add | Function | add (item1, item2,…, itemN) | Supports a list of number arguments (values and/or single value number type fields). Adds the number arguments in the list. |
| by_key | Function | by_key ([adapter_complex_field_path], key_to_search_by, value_to_search, key_to_pick) | In an adapter’s complex field ([adapter_complex_field_path]), searches in its specified object (key_to_search_by) for a specific value (value_to_search) and returns the value (key_to_pick) that is in another of its objects. Notes:
|
| concat | Function | concat (item1, item2,…, itemN) | Supports a list of string arguments (values and/or single value string type fields). Concatenates the string arguments in the list. |
| divide | Function | divide (item1, item2,…, itemN) | Supports a list of number arguments (values and/or single value number type fields). Divides the number values in the list from left to right. |
| join | Function | join ([adapter.field], delimiter) | Converts/flattens a list (array) into a single string of values separated by a delimiter. |
| count | Function | count ([adapter.field]) | Counts and returns the number of values in a list. The field type of adapter.field is a list (array) of numbers. |
| max | Function | max ([adapter.field]) max (item1, item2,…, itemN) | Returns the highest number value in the list. The field type of adapter.field is a list (array) of numbers. |
| min | Function | min ([adapter.field]) min (item1, item2,…, itemN) | Returns the lowest number value in the list. The field type of adapter.field is a list (array) of numbers. |
| multiply | Function | multiply (item1, item2,…, itemN) | Supports a list of number arguments (values and/or single value number type fields). Multiplies the number values in the list. |
| now | Function | now () | Returns today's date and time. For example: 2023-08-22 10:03:04 |
| split | Function | split([adapter.field], delimiter) | Splits the string (in adapter.field) at the delimiter character and creates a list of the separate strings separated by commas. |
| subtract | Function | subtract(item1, item2) | Returns the result of subtracting item2 from item1. Supports two numbers (typed or values from fields) or two date-time fields. When subtracting two date-time fields, the result is the number of days with one decimal point. For example: 2.3 Note: This function expects exactly two numbers or dates. If a list (array) field is used in the function instead of a single value field, the function fails and the action field in all assets is set to the fallback static value. |
| sum | Function | sum ([adapter.field]) | Returns the sum of all the number values in the list. The field type of adapter.field is a list (array) of numbers. |
| also | Operator | form.field1 set_value "string1" also form.field2 set_value "string2" | Applies dynamic content to two or more fields in an action. |
| contains | Operator | case contains (“string”) | For lists - True if at least one item="string". |
| not_contains | Operator | case not_contains (“string”) | For lists - True if at least one item not ="string". |
| count | Operator | case count (number value) | Counts and matches the number of items in a list. For example: case count (10) |
| starts_with | Operator | case starts_with (“string”) | For lists - True if at least one item starts with "string". |
| ends_with | Operator | case ends_with (“string”) | For lists - True if at least one item ends with "string". |
| in | Operator | case in (“string1”, "string2", ..., "stringN") | For lists - True if at least one item is equivalent to one of the strings in the parentheses (string1, string2, or ..., stringN). |
| not_in | Operator | case not_in (“string1”, "string2", ..., "stringN") | For lists - True if at least one item is not equivalent to one of the strings in the parentheses (string1, string2, or ..., stringN). |
| not_starts_with | Operator | case not_starts_with (“string”) | For lists - True if at least one item does not start with "string". For string fields - True if the string value in the field does not start with "string". For example: case not_starts_with (“aaa”) |
| not_ends_with | Operator | case not_ends_with (“string”) | For lists - True if at least one item does not end with "string". For string fields - True if the string value in the field does not end with "string". For example: case not_ends_with (“aaa”) |
| field_equal | Operator | case field_equal (“string”) | True if the exact given string is identical to the string value in the field. Examples: case field_equal (“google”) for string fields case field_equal (“8.3”) for number fields case field_equal (true) for boolean fields |
| field_not_equal | Operator | case field_not_equal (“string”) | True if the exact given string is not identical to the string value in the field. Examples: case field_not_equal (“google”) case field_not_equal (“8.3”) case field_not_equal (true) |
| field_exists | Operator | switch adapter.field case field_exists then form.field set_value “value” | Tests whether adapter.field exists. If true, sets the value of form.field to "value". |
| gt | Operator | switch [adapter.field] case gt(number value) switch [adapter.field1] case gt([adapter.field2]) | Tests whether the number value in adapter.field is greater than the specified number value (for example, 10). OR Tests whether the number value in adapter.field1 is greater than the number value in adapter.field2. |
| lt | Operator | switch [adapter.field] case lt(number value) switch [adapter.field1] case lt([adapter.field2]) | Tests whether the number value in adapter.field is less than the specified number value (for example, 20). OR Tests whether the number value in adapter.field1 is less than the number value in adapter.field2. |
| set_value | Operator | set_value “string” set_value [adapter.field] set_value [adapter.field_path] set_value function () set_value item1 or item2 ... or itemN | Multiple (nested) functions can be used. The field type of adapter.field and adapter.field_path must match the field type of form.field. For example, both fields must be string type or both number type. Note that "or" is supported with set_value inside a Case statement to set the value of the action field to the first field value in the "or" list that exists on the asset. item1 or item2 ... or itemN |
Was this article helpful?