Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Events

Use the Events page to further investigate specific events to determine the root cause of an issue and work to resolve it.

The Events page displays a table of the events that contributed to a specific offense and a Time Series chart that shows the number of events sorted by date. You can filter these events to suit your needs.

Investigating Events

The Events graph on the offense details page displays the number of events that occurred at a given time within the last 7 active days.

  1. From the offenses page, click on an offense in the offense table to open the details page.

    Tip:

    Use the scrubber bar at the top of the Events graph to zoom in on specific times and event spikes.

  2. Click View Events to see a list of events that contributed to the offense and investigate event details.

  3. To configure the number of events returned in your filter results, click the arrows in the Result Limit indicator.

  4. To configure the number of events displayed in the table, click the Items per page drop-down at the bottom of the table.

  5. To sort the events table in ascending or descending order by an attribute, click the appropriate table heading.

  6. Click on an event to see more details about that event. You can also click on a log source, source IP, or destination IP for specific information on that source or destination.

  7. Click Update events to refresh the events results.

    Tip:

    You can copy and paste the URL from your browser to share the events page, including all filters and configuration options.

Filtering Events

Filter the Events page to display only the specific events you want to investigate.

As you apply filters, the events table displays only the events that meet your filter criteria.

Tip:

You can copy and paste the URL from your browser to share the events page, including all filters and configuration options.

  1. To apply a filter, click any of the following categories to see filtering options for that category:

    • Event Time

    • Magnitude

    • Log Source Name

    • Category

    • Source IP

    • Source Port

    • Destination IP

    • Destination Port

    • Event Name

    • User

  2. To include only events with specific attributes, select that attribute in the filters list. To exclude events with specific attributes, click the vertical ellipsis icon next to the attribute, and click Apply IS NOT Filter.

    Tip:

    You can right-click on a Log Source, Source IP, Destination IP, Category, or Username in the events table and quickly apply an IS or IS NOT filter to the events.

  3. To sort the events table in ascending or descending order by an attribute, click the appropriate table heading.

  4. To clear individual filters, click the close icon [x] on the filter indicator. To clear all filters, click Clear filters.

  5. Click Update events to refresh the events results.