Search for events
You can search for events in the Threat Events and Access Control reports. If a Security Connector is configured for your organization, you can search for Security Connector events in the Security Connector activity report. In these reports, events appear based on applied filters and the selected dimension or criteria. Search functionality is available to locate the specific event or events you need.
To find threat or access control
events, in the navigation menu select Threat Events tab
or the Access
. Click the Note: If you are trying the new Enterprise Center interface, in the navigation menu, select . Select the events type.
If a Security Connector is
configured for your organization and you want to find Security Connector event
data, in the navigation menu, select Security
. Click the Note: If you are trying the new Enterprise Center interface, in the navigation menu, select .
- To filter events based on date and time, see Filter data based on date and time.
- To configure and apply a filter, see Configure and apply a filter.
- Select a dimension or event criteria to define what event data is shown.
- In the search field provided for grouped values, enter the dimension or criteria value. For example, if you select to show data based on domain, this means that events are grouped by domain. In this case, you would enter a domain.
To search all events associated
with the dimension you selected, click the arrow icon for all filtered events.
For example, if you selected domains as a dimension, the All Filtered Domains
events group is available and includes all events.
A list of events appear in a table format. Go to step 9.
To search for a specific event
that is part of dimension group, click the arrow icon associated with the
dimension value. For example, if events are grouped by domain, this action would
show the specific events that are associated with the domain you expanded.
A list of events appear in a table format.
- In the provided search field for events, enter a data value that is associated with the event. For example, you can enter the security action that was taken, the associated list or policy, the confidence level of the event, and more. The value you search for should match a value in one of the table columns.