New Filter |
On the tab, you can create a new filter. You can edit an existing filter and save it as new, or create a new filter from scratch. The tab allows you to: •create new filters, •edit filters, •delete filters, •create a new filter group, •run search queries using existing filters or fill in the query and field values manually, •apply actions to threats. Filter structure A filter consists of: •, which is used for searching across data. A query consists of arguments (that is, categories of objects you are searching for) and their values (that is, parameters of objects that belong to categories). •, which define what data is displayed in the search results. One filter can include multiple fields, separated by commas. The field also allows for standard search queries, such as name of a file you have already determined as malicious. The only difference is that you have to enter fields for the results to show. Fields will be displayed as columns in a table with search results. For example, if you enter the path field, the results will show paths to the found files; the state field will show the state of the found objects; and the hash.sha256 field will show SHA256 fingerprints.
Refer to the Making Queries section for more details about queries. Access to filters You can manage access to a filter by making it visible to other service members or to you only. The following access options are available: •—the option is available only for administrators. The filter will be visible to all service members. •—the option is available only for managers and users. The filter will be visible to all space members. •—the option is available for all service members. The filter will be visible only to the creator of the filter. •—the option is available for all service members. The filter will be visible to all users working with this task. Creating a new filter Any service member can create a new filter. To create a filter 1.On the tab, fill in the and fields. 2.Click . 3.Fill in the and fields. 4.In the drop-down list, select who the filter will be visible to. 5.Select a group or create a new one by clicking and filling in the required fields. 6.Click . A notification is shown in the bottom-left corner of the page if the filter is created successfully. Editing and deleting a filter Only administrators can edit and delete global filters. Any member of the service can edit and delete private filters as well as filters available for the current space or task. To edit a filter 1.On the tab, click . 2.Select a filter. 3.Edit its parameters as you need. 4.If you want to save the changes in the selected filter: •Click . •Confirm this action in the pop-up.
If you want to save the changes as a new filter: •Click . You can discard unsaved changes in the filter by clicking . After saving the changes you can use the newly created filter as a defined filter. 1.On the tab, click . 2.Select the filter you want to delete. 3.Click . 4.Confirm the action in the pop-up window.
|