Logic expressions¤

Logic expressions are commonly used to create more restrictive and precise conditions, such as filtering event, or triggering specific actions based on a set of criteria. Logic expressions operates with truth values true and false.

Logic expressions are representations of boolean algebra

For more information, continue to boolean algebra page at Wikipedia.

`!AND`: Conjunction¤

The logical !AND expression is used to combine two or more conditions that must all be true for the entire expression to be true. It is used to create more restrictive and precise conditions.

Type: Sequence

Synopsis:

!AND
- <condition 1>
- <condition 2>
- ...

In a logical !AND expression, conditions (condition 1, condition 2, ...) can be any expressions that evaluate to a boolean value (true or false). The conditions are evaluated from top to bottom, and the evaluation process stops as soon as a false condition is found, following the concept of short-circuit evaluation.

Logical conjunction

For more information, continue to Logical conjunction page at Wikipedia.

Example

!AND
- !EQ
- !ARG vendor
- TeskaLabs
- !EQ
- !ARG product
- LogMan.io
- !EQ
- !ARG version
- v23.10

In this example, if all of the conditions evaluate to true, the entire logical !AND expression will be true. If any of the conditions are false, the logical !AND expression will be false.

Bitwise `!AND`¤

When !AND is applied on integer types, instead on booleans, it provides a bitwise AND.

Example

!AND
- !ARG PRI
- 7

In this example, the argument PRI is masked with 7 (in binary 00000111).

`!OR`: Disjunction¤

The logical !OR expression is used to combine two or more conditions where at least one of the conditions must be true for the entire expression to be true. It is used to create more flexible and inclusive conditions.

Type: Sequence

Synopsis:

!OR
- <condition 1>
- <condition 2>
- ...

Conditions (condition 1, condition 2, ...) can be any expressions that evaluate to a boolean value (true or false). The conditions are evaluated from top to bottom, and the evaluation process stops as soon as a true condition is found, following the concept of short-circuit evaluation.

Logical disjunction

For more informations, continue to Logical disjunction page at Wikipedia.

Example

!OR
- !EQ
- !ARG description
- unauthorized access
- !EQ
- !ARG reason
- brute force
- !EQ
- !ARG message
- malware detected

In this example, the expression is true when any of the following conditions is met:

The description field matches the string "unauthorized access"
The reason field matches the string "brute force"
The message field matches the string "malware detected"

Bitwise `!OR`¤

When !OR is applied on integer types, instead on booleans, it provides a bitwise OR.

Example

!OR
- 1  # Read access (binary 001, decimal 1)
- 4  # Execute access (binary 100, decimal 4)

In this example, the expression is evaluated to 5.

This is because, in a bitwise !OR operation, each corresponding bit in the binary representation of the two numbers is combined using the !OR expression:

001 (read access)
100 (execute access)
---
101 (combined permissions)

The expression calculates the permissions with the resulting value (binary 101, decimal 5) from the bitwise OR operation, combining both read and execute access.

`!NOT`: Negation¤

The logical !NOT expression is used to invert the truth value of a single condition. It is used to exclude specific conditions when certain conditions are not met.

Type: Mapping.

Synopsis:

!NOT
what: <expression>

Negation

For more information, continue to Negation page at Wikipedia.

Bitwise `!NOT`¤

When integer is provided, then !NOT returns value with bits of what flipped.

Tip

If you want to test that integer is not zero, use !NE test expression.

Logic expressions¤

!AND: Conjunction¤

Bitwise !AND¤

!OR: Disjunction¤

Bitwise !OR¤

!NOT: Negation¤

Bitwise !NOT¤

`!AND`: Conjunction¤

Bitwise `!AND`¤

`!OR`: Disjunction¤

Bitwise `!OR`¤

`!NOT`: Negation¤

Bitwise `!NOT`¤