In the program web interface window, select the Threat Hunting section, Builder or Source code tab.
The event search form opens.
If you are using distributed solution and multitenancy mode and want to enable the display of events for all organizations, turn on the Search on all companies toggle switch.
Operation mode in which the program can be used to protect the infrastructure of several organizations simultaneously.
Two-level hierarchy of servers with Central Node components installed. This hierarchy allocates a master control server (Primary Central Node (PCN)) and slave servers (Secondary Central Nodes (SCN)).
Grouping levels of found events are displayed: All hosts – Organization names – Server names.
Click the name of the server for which you want to view events.
The host table of the selected server opens. Event grouping levels are displayed above the table. The host table contains the following information:
Host is the name of the host on which the event was detected.
Number of events is the number of events that were detected on the host.
First event is the detection date and time of the first event on this host.
All hosts is the detection date and time of the latest event on this host.
Select the host for which you want to view events.
This opens a table of events matching the search conditions you specified. Event grouping levels are displayed above the table.
You can return to the host selection window by clicking the link with the organization name and the server name, or return to organization and server selection by clicking the All hosts link.
Select the event whose information you want to view.
This opens a window containing information about the event.