Custom / Array filter in IM Aggregation Rules
In Security Analytics > Incident Management > Aggregation Rules, is there a way to filter via custom meta without using an advanced query and/or filter via an array? Lastly can a reference to a list in the reporting module be used as a reference for the query.
1. Source IP is not in 184.108.40.206, 220.127.116.11, 18.104.22.168
2. Source IP is not in IP whitelist
If not can you provide a few examples of mongo queries used here.