Filtering and searching alerts by obtained information
You can filter alerts and search the alerts table for specific alerts based on the Details criterion, which refers to brief information about the alert. For example: the name of a detected file or URL address of a malicious link.
To filter or search alerts by obtained information:
Select the Alerts section in the window of the application web interface.
This opens the table of alerts.
Click the Details link to open the filter configuration window.
In the drop-down list on the left, select one of the following search criteria:
Details. The search will encompass all data on the detected object
ID.
File name.
File type.
MD5.
SHA256.
URL.
Domain.
User Agent.
Subject.
HTTP status.
Object source.
Object type.
Autosend to Sandbox.
TAA (IOA) rule.
In the drop-down list on the right, select one of the following alert filtering operators:
Contain
Not contain
Equal to.
Not equal to.
In the text box, enter one or several characters of alert information.
To add a filter condition using a different criterion, click and specify the filter condition.
Click Apply.
The table of alerts displays only alerts matching the filter criteria you have set.