Search

You can find a particular attacker, incident, or session by using the search functionality in the Web UI. To search, type the keyword in the Query form field at the top of the Web UI window. Then press Enter or click the Search icon to search and to optionally modify the desired date-range (last 7 days by default), applications (all applications by default), and the scope of your search. The scope can include Attackers, Incidents and/or Sessions. Depending on the complexity of your search parameters, it might take a couple seconds to complete. Once finished, the results will be displayed.

Figure 108: Search Window and Search Results

The following items are indexed in the search (meaning if the string matches any items in these categories, it is displayed.):

User Agent
Browser Name
Browser Version
Incident Name
IP Address
Host
Geographic Region
Geographic City
Geographic ZIP
Country Name
Country Code
Profile Name
Profile Description
Profile Public ID
Incident Request Content
Incident Response Content