Search for events

You can search for events in the Threat Events and AUP Events reports. If a Security Connector is configured for your organization, you can search for Security Connector events in the Security Connector activity report. In these reports, events appear based on applied filters and the selected dimension or criteria. Search functionality is available to locate the specific event or events you need.

How to

  1. To find threat or AUP events, in the navigation menu select Monitoring > Events. Click the Threat Events tab or the AUP Events tab.
    Note: If you are trying the new Enterprise Center interface, in the navigation menu, select Threat Analytics > Events. Select the events type.
  2. If a Security Connector is configured for your organization and you want to find Security Connector event data, in the navigation menu, select Monitoring > Activity. Click the Security Connector tab.
    Note: If you are trying the new Enterprise Center interface, in the navigation menu, select Threat Analytics > Activity > Security Connector.
  3. To filter events based on date and time, see Filter data based on date and time.
  4. To configure and apply a filter, see Configure and apply a filter.
  5. Select a dimension or event criteria to define what event data is shown.
  6. In the search field provided for grouped values, enter the dimension or criteria value. For example, if you select to show data based on domain, this means that events are grouped by domain. In this case, you would enter a domain.
  7. To search all events associated with the dimension you selected, click the arrow icon for all filtered events. For example, if you selected domains as a dimension, the All Filtered Domains events group is available and includes all events.
    A list of events appear in a table format. Go to step 9.
  8. To search for a specific event that is part of dimension group, click the arrow icon associated with the dimension value. For example, if events are grouped by domain, this action would show the specific events that are associated with the domain you expanded.
    A list of events appear in a table format.
  9. In the provided search field for events, enter a data value that is associated with the event. For example, you can enter the security action that was taken, the associated list or policy, the confidence level of the event, and more. The value you search for should match a value in one of the table columns.