Login
      Contents x
      Filter for Specific Threats
      • 28 Mar 2024
      • 1 Minute to read
      • PDF
      Contents

      Filter for Specific Threats

      • Updated on 28 Mar 2024
      • 1 Minute to read
      • PDF
      Article summary

      Filter and find specific threats in Red Canary.

      To group and understand your threats, you can filter them by attribute.

      1. From the navigation menu, click Threats.

      2. Enter attributes in the Threats filter bar, and then press Enter.

      Threat table attributes

      Threat_Table.png

      Key

      Attribute

      Description

      Example

      1

      Severity

      The severity of the threat. Separate multiple values with a vertical bar (|).

      severity:high

      severity:high|medium

      2

      Threat

      This is the unique threat ID.

       

      3

      Classification

      Strings indicating the classification and sub-classification of a threat. Separate multiple values with a vertical bar (|).

      classification:"Malicious Software"

      classification:"Worm"|"Process"

      4

      Endpoint

      The hostname of the endpoint associated with the threat.

      hostname

      5

      Identity

      The username of the user associated with the threat.

      Username

      6

      Acknowledged at

      The date and time the threat was last acknowledged.

      acknowledged_at:2022-02-02..

      7

      Acknowledged by

      The email of the user who acknowledged the threat.

      acknowledged_by:johndoe@acme.com

      8

      Published at

      The publishing date and time.

      published_at:2022-02-02..

      9

      State

      The state of the threat. Valid options are new, acknowledged, remediated, and not_remediated. Separate multiple values with a vertical bar (|).

      state:new

      state:new|acknowledged

      state:remediated|not_remediated

      10

      Last Seen

      Filter by the date and time that associated activity was last observed.


      last_seen:2022-02-02..

      A note on dates and times:

      Date filters are specified with a from..to syntax where either from or to can be unbounded:

      • 2020-01-01.. filters for matches on or after (>=) the from date

      • ..2020-01-01 filters for matches on or before (<=) the to date

      • 2020-01-01..2020-01-31 filters for matches on or after (>=) the from date and on or before (<=) the to date

      To filter endpoints by operating system, use the operating_system: field. You may either type a word after the colon, for example, operating_system:windows; or multiple words surrounded by double quotes, for example, operating_system:"Windows 10". This field is not case-sensitive, and will match on specific endpoint operating systems, as well as canonicalized names.

      Was this article helpful?
      What's Next
      PRODUCTS
      USE RED CANARY
      SUPPORT
      Change password!
      Changing your password will log you out immediately. Use the new password to log back in.
      Change profile
      Success!
      First name must have atleast 2 characters. Numbers and special characters are not allowed.
      Last name must have atleast 1 characters. Numbers and special characters are not allowed.
      Enter a valid email
      Enter a valid password
      Your profile has been successfully updated.
      Logout