Filtering and searching alerts by obtained information
You can filter alerts and search the alerts table for specific alerts based on the Details criterion, which refers to brief information about the alert. For example: the name of a detected file or URL address of a malicious link.
To filter or search alerts by obtained information:
Select the Alerts section in the window of the program web interface.
This opens the table of alerts.
Click the Details link to open the filter configuration window.
In the drop-down list on the left, select one of the following search criteria:
Details. The search will encompass all data on the detected object.
ID
File name
File type
MD5
SHA256
URL
Domain
User Agent
Subject
HTTP status
Object source
Object type
Autosend to Sandbox
TAA (IOA) rule
In the drop-down list on the right, select one of the following alert filtering operators:
Contains
Does not contain
Equal to
Not equal to
In the entry field, specify one or several characters of alert information.
To add a filter condition using a different criterion, click and specify the filter condition.
Click Apply.
The table of alerts displays only alerts matching the filter criteria you have set.