Add a filter

How to

  1. From the Select Dimension menu, choose a dimension by which to filter.
    The dimension appears as a filter item with a drop-down menu and a Select Items field.
  2. From the dropdown, select how you would like the values you specify to be treated by the filter (The selections available here will depend on which dimension you chose):
    • Match Any. The filter matches any of the values you specify. It’s equivalent to an ‘OR’ statement.

      Example: If for the IP address you choose Match Any and specify 1.1.1.1, 2.2.2.2, 3.3.3.3, the query returns the requests that originate from any of the IP addresses.

    • Match All. The filter matches all of the values you specify. It’s equivalent to an ‘AND’ statement.

      Example: If for the Attack Type dimension you choose Match All and specify Bot, WAF, Custom, the query returns the requests that had all three attack types triggered on them.

    • Does Not Match Any. The filter excludes all of the values you specify. It’s equivalent to an ‘not(OR)’ statement.

      Example: If for the Connecting AS Number dimension you choose Does Not Match Any and specify 100, 200, 300, the query returns the requests that didn’t originate from these three AS Numbers.

    • Starts With Any. Filters on multiple “starts with” conditions to show content that begins with the characters you specify.

      Example: If for the Hostname dimension you choose Starts With Any and specify m, www, qa, the query returns the requests where the hostnames start with ‘m’, ‘www’, or ‘qa’.

    • Does Not Start With Any. Filters on multiple “does not start with” conditions to exclude content that begins with the characters you specify.

      Example: If for the Hostname dimension you choose Does Not Start With Any and specify m, www, qa, the query returns the requests where the hostnames don’t start with ‘m’, ‘www’, or ‘qa’.

    • Ends With Any. Filters on multiple “ends with” conditions to show content that ends with the characters you specify.

      Example: If for the Hostname dimension you choose Ends With Any and specify com, security, io, the query returns the requests where the hostnames end with ‘com’, ‘security’, or ‘io’.

    • Does Not End With Any. Filters on multiple “does not end with” conditions to exclude content that ends with the characters you specify.

      Example: If for the Hostname dimension you choose Does Not End With Any and specify com, security, io, the query returns the requests where the hostnames don’t end with ‘com’, ‘security’, or ‘io’.

    • Contains Any. The filter matches content that contains any of the match conditions.

      Example: If for the Path dimension you choose Contains Any and specify pen, book, tablet, the query returns the requests where the path contains any of the specified values.

    • Does Not Contain Any. The filter matches content that doesn’t contain any of the match conditions.

      Example: If for the Path dimension you choose Does Not Contain Any and specify pen, book, tablet, the query returns the requests where the path doesn’t contain any of the specified values.

    • Greater Than. If you are creating a filter with the reputation score dimension, this selection allows you to create filters that match scores that are greater than the values you enter.
    • Greater Than or Equal To. If you are creating a filter with the bot score dimension, this selection allows you to create filters that match scores that are greater or equal to the values you enter.
    • Less Than. If you are creating a filter with the reputation score dimension, this selection allows you to create filters that match scores that are less than the values you enter.
    • Less Than or Equal To. If you are creating a filter with the bot score dimension, this selection allows you to create filters that match scores that are less or equal to the values you enter.
    Note: If you use the Contains Any or Ends With Any operators, limit the time range to 24 hours at maximum.
  3. If the selected dimension is either Path or Query, click to specify the case-sensitivity of the match condition.
    Note: If you select Case-Insensitive from the menu, limit the time range to 24 hours at maximum.
  4. In the Select Items box, depending on the dimension you’re working with, click in the box and choose an item from the resulting menu, or enter a value of your own choosing, as appropriate.
    Note: For ease of use, you can copy and paste comma- or tab-delimited values in this box.
    If you’d like to remove an entry, click the x at the its right-hand side. To remove all of a dimension’s entries click the X button at the right-hand side of the Select Items box.
    To remove a dimension and its entries, click the X button at the upper right-hand corner of the dimension’s area. To clear all dimensions and their entries, click the Clear All button at the bottom of the filter area.
  5. If you wish to add another dimension to the filter, click the Add button and repeat the above steps.
  6. Using the Apply filter by slider, select Request or Rule, as desired.
    A request-based filter applies its conditions to the requests and all the related rules that triggered. Rule-based filters apply the conditions on a per-rule basis.
  7. Click the Apply button.
    The filter appears in the filter area, and the display refreshes to present the filtered data.