Filter Events
- 19 Mar 2024
- 1 Minute to read
- PDF
Filter Events
- Updated on 19 Mar 2024
- 1 Minute to read
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
You can filter your events by attribute, and then download a CSV of the results.
From the navigation menu, click Events.
Enter attributes in the Analyzed events filter bar, and then press Return or Enter.
Click the download button, and then click Download to CSV (last 1500 events).
Supported filter attributes
Attribute | Description | Example |
MAC address | A MAC address associated with the event. |
|
IP address | An IP address associated with the event. |
|
Endpoint users | A user on an endpoint associated with the event. |
|
Command line | A command line, process hash, or filename associated with the event. |
|
MD5/SHA256 | An MD5 or SHA256 hash associated with the event. |
|
To filter endpoints by operating system, use the operating_system: field. You can either type a word after the colon, for example, operating_system:windows; or multiple words surrounded by double quotes, for example, operating_system:"Windows 10". This field is not case-sensitive, and will match on specific endpoint operating systems, as well as canonicalized names.
This article provides information on Exposing External Service UUID.
Was this article helpful?
