Filtering and searching alerts based on names of program modules and components
You can filter alerts and search the alerts table for specific alerts based on the Technologies criterion, which indicates the names of program modules or components that generated the alert.
To filter alerts based on the names of program modules and components:
- Select the Alerts section in the window of the program web interface.
The table of alerts opens.
- Click the Technologies link to open the filter configuration window.
- In the drop-down list, select one of the following alert filtering operators:
- Contains, if you want the program to display alerts generated by a program module or component that you specify.
- Does not contain, if you want the program to hide alerts generated by a program module or component that you specify.
- Equal to, if you want the program to display alerts generated by a program module or component that you specify.
- Not equal to, if you want the program to hide alerts generated by a program module or component that you specify.
- In the drop-down list on the right of the alert filtering operator that you have selected, select the name of the program module or component by which you want to filter alerts:
- (YARA) YARA.
- (SB) Sandbox.
- (URL) URL Reputation.
- (IDS) Intrusion Detection System.
- (AM) Anti-Malware Engine.
- (TAA) Targeted Attack Analyzer.
- (IOA) IOA Analysis.
- (IOC) IOC Scanner.
For example, if you want the program to display alerts generated by the Sandbox component, select the Contains filtering operator and the name of the (SB) Sandbox component.
- To add a filter condition using a different criterion, click
and specify the filter condition. - Click the Apply button.
The table of alerts displays only alerts matching the filter criteria you have set.