Accessing specific value for misp_event_tags

[kmussa]

Is your feature request related to a problem?

Hello, I am trying to further filter my indicators using the aggregators "conditions" infilter. From the MISP miner, we get these as tags:

"misp_event_tags": [
"mcgill:restricted",
"canssoc:discovery-method="analyst"",
"canssoc:recommended-action="exclude"",
"canssoc:source-reliability="a"",
"canssoc:event-classification="safelist"",
"tlp:green"
],

And I having no luck using JMESPath expression for eg.

• actions:
  • drop
    conditions:
  • misp_event_tags[?analyst] == true

Am I doing this right or is there something I am missing?