When filtering by a defined period, the table will no longer be updated. The table will display only the events and incidents whose date and time of last occurrence are within the specified period.
To configure filtering of events and incidents based on a specified period:
In the Events section, perform one of the following actions:
Open the Period drop-down list.
Click the filtering icon in the Last seen column.
In the drop-down list, select Specify a period.
If table updates are enabled, in the opened window confirm that you agree to suspend table updates.
On the right you will see additional buttons that you can use to manually define the filtering period.
Click any of the buttons containing a date and time value in the From and to fields.
The calendar opens.
In the field under the calendar on the left, specify the date and time for the start boundary of the filtering period. In the field under the calendar on the right, specify the date and time for the end boundary of the filtering period. If you want to remove the limit for the end boundary of the period, delete the value in the field under the calendar on the right.
To enter a value into the field, you can select a date in the calendar (the current time will be specified for the selected date) or manually enter the necessary value. When the date and time are entered manually, you must enter the value in the format DD-MM-YYYY hh:mm:ss.
Click OK.
The events table will display events and incidents for the period you specified.
You can configure filtering of events and incidents based on the values in all columns except the End, Title, and Description columns.
To filter the events table by the Start column:
In the Events section, click the filtering icon in the Start column.
The calendar opens.
In the calendar, specify the date and time for the start and end boundaries of the filtering period. To do so, select a date in the calendar (the current time will be indicated) or manually enter the value in the format DD-MM-YYYY hh:mm:ss. If you want to remove the limit for one of the boundaries of the period, delete the value in the field under the calendar.
Click OK.
To filter the events table by the Severity, Technology, Status, Monitoring point or Marker column:
In the Events section, click the filtering icon in the relevant column.
When filtering by severity level or technology, you can also use the corresponding buttons in the toolbar.
The filtering window opens.
Select the check boxes opposite the values by which you want to filter events. You can select the All check box to select all values in the Marker and Technology columns.
Click OK.
To filter the events table by the Source or Destination column:
In the Events section, click the filtering icon in the relevant column.
The filtering window opens.
In the Including and Excluding fields, in the drop-down lists select the types of address blocks that you want to include into the filter and/or exclude from the filter. You can select the following types of address blocks:
IP address
Port number
MAC address
Application-level address
VLAN ID
Complex – if you want to specify multiple address blocks of different types combined by the logical operator AND. To add different types of address blocks, use the Add condition (AND) button.
If you want to apply multiple filter conditions by address block type combined with the logical operator OR, in the filter window click the Add condition (OR) button and select the relevant types of addresses.
If you want to delete one of the created filter conditions, in the filter window click the icon located on the right of the field containing the drop-down list.
Click OK.
To filter the events table by the Protocol column:
In the Events section, click the filtering icon in the Protocol column.
You will see a window containing the table of supported protocols displayed as a protocol stack tree. You can manage how tree elements are displayed by using the + and - buttons next to the names of protocols that contain protocols of subsequent layers.
The table columns provide the following information:
Protocol – name of the protocol within the protocol stack tree.
EtherType – number of the next-level protocol within the Ethernet protocol (if the protocol has a defined number). It is displayed in decimal format.
IP number – number of the next-level protocol within the IP protocol (if the protocol has a defined number). It is indicated only for protocols within the IP protocol structure. It is displayed in decimal format.
If necessary, use the search field above the table to find relevant protocols.
In the list of protocols, select the check boxes opposite the protocols by which you want to filter events.
If you select or clear the check box for a protocol that contains nested protocols, the check boxes for the nested protocols are also automatically selected or cleared.
Click OK.
To filter the events table by the Total appearances, ID, Triggered rule or Event type column:
In the Events section, click the filtering icon in the relevant column.
The filtering window opens.
In the Including and Excluding fields, enter the values for events and incidents that you want to include into the filter and/or exclude from the filter.
If you want to apply multiple filter conditions combined by the logical operator OR, in the filter window of the selected column click the Add condition button and enter the condition in the opened field.
If you want to delete one of the created filter conditions, in the filter window of the selected column click the icon.
You can filter the events table by the values in cells of any column except the following columns: Start, Last seen, Title, Description and End.
To filter the table based on the values of settings in table cells:
Select the Events section.
In the events table, select the check box next to the event or incident whose setting you want to use as a filter.
If you want to select multiple events and/or incidents, select the check boxes next to the events and/or incidents whose settings you want to use as a filter. You can also select multiple events and/or incidents by holding down the CTRLor SHIFT key.
The details area appears in the right part of the web interface window. If multiple events and/or incidents are selected, the details area displays the total number of selected elements.
In the events table, move your mouse cursor over a cell of the relevant column of one of the selected events or incidents.
Right-click to open the context menu.
In the context menu, select one of the following options:
Show all events with this setting, if one event or incident is selected.
Show all events with these settings, if multiple events and/or incidents are selected.
The Show all events with this setting or Show all events with these settings options are not available for selection if it is impossible to filter by column values.
The table of registered events displays the events and incidents that have values in that same column matching the values of the selected events and/or incidents.
When filtering the events table in tree display mode, incidents that meet the filtering criteria may be presented in the following variants:
Displayed with all nested elements
Displayed only with the nested elements that also meet the defined filtering criteria
You can select the relevant display option for incidents by using the Show embedded events when filtering check box when configuring the table.