Rule off ExtraneousInfo

We have some logs coming in from Panorama and I want to create Incidents/Rules off of the ones that were generated by specific firewall rules.

For example: We have an IP blocklist and if any machine attempts to hit those addresses the Block Malicious IP - OUT firewall rule drops the traffic.

These logs are being fed into SEM and I can see the "Block Malicious IP - OUT" text in the ExtraneousInfo field of ICMPTrafficAudit event types.  

However, when I go to create a rule I'm not seeing an option for "Contains".  The objective is to create rules off certain words that pop up in the Extraneous info field, is this possible?