Sorting events in the table

You can sort events in the table by the Event time, Event, Host and User name columns.

To sort events in the events table:

  1. Select the Threat Hunting section in the program web interface window.

    This opens the Threat Hunting window.

  2. Define the criteria for searching events in design mode or source code mode.

    The table of events that satisfy the search criteria is displayed.

  3. If you want to sort events by time, click one of the icons on the right of the Event time column name:
    • apt_icon_sort_up to display newer events at the top of the table.
    • apt_icon_sort_down to display older events at the top of the table.
  4. If you want to sort events by the event type name, click one of the icons on the right of the Event column name:
    • apt_icon_sort_up to sort alphabetically, A–Z.
    • apt_icon_sort_down to sort alphabetically, Z–A.
  5. If you want to sort events based on the names of host on which the alerts were generated, click one of the icons on the right of the Host column name:
    • apt_icon_sort_up to sort alphabetically, A–Z.
    • apt_icon_sort_down to sort alphabetically, Z–A.
  6. If you want to sort events based on the user names of hosts, click one of the icons on the right of the User name column name:
    • apt_icon_sort_up to sort alphabetically, A–Z.
    • apt_icon_sort_down to sort alphabetically, Z–A.
  7. If you want to group events based on the names of hosts or by the event type name, click one of the values in the Group by drop-down list:
    • Group by host name if you want to group events by the names of hosts.
    • Group by event type if you want to group events by the names of event types.

    If events were sorted by the Host or Event field, the sorting result is cleared when events are grouped by an equivalent attribute. To return to the sorting results, select the Group by value from the Group by drop-down list.

By default, events in the table are sorted by time, with the newest events at the top of the table.

You can sort events based on one attribute only.

When sorting by event type in a foreign language, events are sorted based on the internal name of the event type in English.

Page top