Configure and apply a filter

You can configure and apply separate filters for events and activity. A Filter Editor is available in each report. When you navigate to any part of the page, the filter is always available at the top of the page.

Depending on the type of events or activity you filter, different data is available to configure the filter.

To learn about other methods that are available to filter data and narrow the list of events, see Filter Event Data.

How to

  1. To configure and apply a filter for threat or AUP events, in the navigation menu select Monitoring > Events. Select the event type.
    Note: If you are trying the new Enterprise Center interface, in the navigation menu, select Threat Analytics > Events. Select the event type.
  2. To configure and apply a filter for Security Connector events, in the navigation menu, select Monitoring > Activity. Click the Security Connector tab.
    Note: If you are trying the new Enterprise Center interface, in the navigation menu, select Threat Analytics > Activity > Security Connector.
  3. To configure and apply a filter for DNS, proxy, or network activity:
    1. In the navigation menu, select Monitoring > Activity.
      Note: If you are trying the new Enterprise Center interface, in the navigation menu, select Threat Analytics > Activity.
    2. Select one of the following:
      • For a summary of DNS activity, click the DNS Summary tab.
      • For detailed data on DNS activity, click the DNS Activity tab.
      • For a summary of ETP Proxy transactions, click the Proxy Summary tab.
      • For detailed data on ETP Proxy activity, click the Proxy Activity tab.
      • For network traffic, click the Network Traffic tab.
  4. To filter events based on date and time, see Filter data based on date and time.
  5. Click the filter icon or in the filter menu, select Open Filter Editor.
  6. In the menu, select a criterion.
  7. Depending on the criterion you select, you can click the Add Items field to show a menu with specific data or you can enter data into the field. For example, if you select Action for Threat Events, a menu with possible actions appears. If you select Autonomous System Name, you can enter the system name.
  8. Configure the filter to exclude or include the data you specified:
    • To configure the filter to exclude the criteria or data, click Not In.
    • To configure the filter to include the criteria or data, click In.
  9. If you want to add more criteria to your filter, click the plus icon and complete steps 6 to 8.
  10. Click Apply.
  11. To add specific event or network traffic data to your filter, see Add event or activity data to a filter. If you are adding data to a filter in the Identity Provider Activity report, see Add identity provider activity data to a filter.