On the New filter tab, you can create a new filter. You can edit an existing filter and save it as new, or create a new filter from scratch. The tab allows you to:
•create new filters,
•edit filters,
•delete filters,
•create a new filter group,
•run search queries using existing filters or fill in the query and field values manually,
•apply actions to threats.
Filter structure
A filter consists of:
•A query, which is used for searching across data. A query consists of arguments (that is, categories of objects you are searching for) and their values (that is, parameters of objects that belong to categories).
•Fields, which define what data is displayed in the search results. One filter can include multiple fields, separated by commas.
The Query field also allows for standard search queries, such as name of a file you have already determined as malicious. The only difference is that you have to enter fields for the results to show. Fields will be displayed as columns in a table with search results.
For example, if you enter the path field, the results will show paths to the found files; the state field will show the state of the found objects; and the hash.sha256 field will show SHA256 fingerprints.
|
FixIt! allows you to use wildcard characters ‘*’ and ‘?’ in searches. The asterisk ‘*’ stands for any number of characters, including zero, and the question mark ‘?’ stands for any single character. The files* search query will return files with such names as files, files111, files systems, files_more_worlds, etc. The files? query will return files with such names as files1, filess, files_, but not files. |
Refer to the Making Queries section for more details about queries.
Access to filters
You can manage access to a filter by making it visible to other service members or to you only. The following access options are available:
•All users—the option is available only for administrators. The filter will be visible to all service members.
•This space—the option is available only for managers and users. The filter will be visible to all space members.
•Only me—the option is available for all service members. The filter will be visible only to the creator of the filter.
•For current task—the option is available for all service members. The filter will be visible to all users working with this task.
Creating a new filter
Any service member can create a new filter.
To create a filter
1.On the New filter tab, fill in the Query and Fields fields.
2.Click Save as new filter.
3.Fill in the Name and Description fields.
4.In the Available for drop-down list, select who the filter will be visible to.
5.Select a group or create a new one by clicking 
New group and filling in the required fields.
6.Click Save.
A notification is shown in the bottom-left corner of the page if the filter is created successfully.
Editing and deleting a filter
Only administrators can edit and delete global filters. Any member of the service can edit and delete private filters as well as filters available for the current space or task.
To edit a filter
1.On the New filter tab, click My filters.
2.Select a filter.
3.Edit its parameters as you need.
4.If you want to save the changes in the selected filter:
•Click 
Save changes.
•Confirm this action in the pop-up.
|
Please note that after saving, you will irreversibly change the filter for all service members who can see it. |
If you want to save the changes as a new filter:
•Click Save as new filter.
You can discard unsaved changes in the filter by clicking 
Reset.
After saving the changes you can use the newly created filter as a defined filter.
To delete a filter
1.On the New filter tab, click My filters.
2.Select the filter you want to delete.
3.Click 
Delete.
4.Confirm the action in the pop-up window.
|
If you have deleted a filter by mistake, you have several seconds to cancel this action by clicking Undo in the bottom-left corner of the page. |