Add event or activity data to a filter

You can add specific data from an event or activity report to a filter. This includes data for threat and AUP events, Security Connector events, network traffic activity, DNS activity, and more.
Note: You must be an ETP super administrator or a user with a specific permission to view the DNS Activity or Proxy Activity reports. For more information, see Enterprise Threat Protector roles.

How to

  1. Go to the report where you want to apply a filter.
    • For threat or AUP events, in the navigation menu, select Monitoring > Events. Click the Threat Events or the AUP Events tab.
      Note: If you are trying the new Enterprise Center interface, in the navigation menu, select Threat Analytics > Events. Select the event type.
    • For an activity report, in the navigation menu, select Monitoring > Activity. Click the tab of an activity report.
      Note: If you are trying the new Enterprise Center interface, in the navigation menu, select Threat Analytics > Activity. Select an activity report.
  2. Select a dimension or criteria to define what data is shown.
  3. To add data from the Top 6 area to the filter, hover over a value, and click the menu icon that appears.
    1. If you want the data to be part of the In filter, select Add to Include Filter. A value cannot be added to the Include Filter if it’s already in the Exclude Filter.
    2. If you want the data to be part of the Not In filter, select Add to Exclude Filter. A value cannot be added to the Exclude Filter if it’s already in the Include Filter.
  4. To add specific data to the filter:
    1. Click the grouped dimension value or expand a grouped dimension value to view the events or traffic associated with the dimension. Click the data value that you want to add to the filter.
      For example, if you want to add a domain, click the domain. If you want to add a list associated with an event, click the list value.
    2. Select one of the following:
      • If you want the data to be part of the In filter, select Add to Include Filter. A value cannot be added to the Include Filter if it’s already in the Exclude Filter.
      • If you want the data to be part of the Not In filter, select Add to Exclude Filter. A value cannot be added to the Exclude Filter if it’s already in the Include Filter.
  5. To add data from the details window to the filter:
    1. Click the grouped dimension value or expand a grouped dimension value to view the events or traffic associated with the dimension.
    2. To view event or connection details, click the information icon. Click the Event Details or Connection Details tab.
    3. Click the data on the details widow and select one of the following:
      • If you want the data to be part of the In filter, select Add to Include Filter. A value cannot be added to the Include Filter if it’s already in the Exclude Filter.
      • If you want the data to be part of the Not In filter, select Add to Exclude Filter. A value cannot be added to the Exclude Filter if it’s already in the Include Filter.
  6. Click Apply to apply the filter.