I need to filter out all Firewall related findings in SCC. I want to avoid hardcoding all the categories names from here. Instead I was hoping to find a common denominator for all of the firewall ones (and found this to be ISO A.13.1.1 Network Controls).
How can I create filter in SCC that would filter based on this parameter?
Below are examples of what I have already tried (but did not work)
source_properties.compliance_standards.iso = "A.13.1.1"
compliances.ids = "A.13.1.1"
<-- actually adding this to OR'ed filter expression seems to break the result
My expectation was to get a list of all the findings with ISO-27001 A.13.1.1 category (most of the firewall related ones in short)
Additional notes/thoughts: I am a bit confused in general with the way the JSON finding details are structured vs how to filtering fields are structured - is there a reason these two couldn't be aligned for an easier filtering and overall work with findings?