https://live.paloaltonetworks.com/t5/general-topics/anyone-using-save-load-filter-optins-under-monitor-tab/m-p/132720#M47107 <P>I only have one filter saved, but it's one I use all the time while in the Unified Log Viewer. &nbsp;It's:</P><P>&nbsp;</P><P>&nbsp; &nbsp; (action neq allow) and (action neq alert) and (app neq teredo) and (app neq quic) and (addr in x.x.x.x)</P><P>&nbsp;</P><P>This one is great because it will show you if something's being blocked for a specific IP address, inbound or outbound, URL or Threat, or File Type, etc. &nbsp;I put the teredo/quic apps in there because they're blocked &amp; logged right now and I don't want to see those in this specific query. &nbsp;I also use the more generic "addr in x.x.x.x" instead of specifying source or destination address... because I want to see hits where x.x.x.x was the source (usually outbound connections, URLs, etc.) but also want x.x.x.x as the destination too (for blocked files, threats, etc.) &nbsp;</P> Wed, 14 Dec 2016 03:08:05 GMT jvalentine 2016-12-14T03:08:05Z https://live.paloaltonetworks.com/t5/general-topics/anyone-using-save-load-filter-optins-under-monitor-tab/m-p/132551#M47086 <P>Out of curiosity is anyone using Save Filter and Load Filter options under Monitor tab and find them user friendly?</P><P>I have mentioned to Palo&nbsp;representatives few times that filter field should have droppdown history like browser address bars have but they always suggest to go with save/load option that i really dislike <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Tue, 13 Dec 2016 03:53:58 GMT https://live.paloaltonetworks.com/t5/general-topics/anyone-using-save-load-filter-optins-under-monitor-tab/m-p/132551#M47086 Raido_Rattameister 2016-12-13T03:53:58Z https://live.paloaltonetworks.com/t5/general-topics/anyone-using-save-load-filter-optins-under-monitor-tab/m-p/132622#M47094 <P>The only time I use them is usually really long queries&nbsp;that generally and even then they have to include specific threat identification ids before I use them. Usually I just forget that they are even there and move on. I see PAs point with not wanting a drop down history though; I run a lot of query's&nbsp;that I will likely never need again and wouldn't want them constantly&nbsp;popping up.&nbsp;</P> Tue, 13 Dec 2016 13:45:01 GMT https://live.paloaltonetworks.com/t5/general-topics/anyone-using-save-load-filter-optins-under-monitor-tab/m-p/132622#M47094 BPry 2016-12-13T13:45:01Z https://live.paloaltonetworks.com/t5/general-topics/anyone-using-save-load-filter-optins-under-monitor-tab/m-p/132696#M47106 <P>Yeah issue is that usually you are working on something and have filter almost set.</P><P>And then colleque comes and asks "hey please check this for me real quick...".</P><P>Notepad helps out in those cases but there must be easier way.</P> Tue, 13 Dec 2016 21:37:57 GMT https://live.paloaltonetworks.com/t5/general-topics/anyone-using-save-load-filter-optins-under-monitor-tab/m-p/132696#M47106 Raido_Rattameister 2016-12-13T21:37:57Z https://live.paloaltonetworks.com/t5/general-topics/anyone-using-save-load-filter-optins-under-monitor-tab/m-p/132720#M47107 <P>I only have one filter saved, but it's one I use all the time while in the Unified Log Viewer. &nbsp;It's:</P><P>&nbsp;</P><P>&nbsp; &nbsp; (action neq allow) and (action neq alert) and (app neq teredo) and (app neq quic) and (addr in x.x.x.x)</P><P>&nbsp;</P><P>This one is great because it will show you if something's being blocked for a specific IP address, inbound or outbound, URL or Threat, or File Type, etc. &nbsp;I put the teredo/quic apps in there because they're blocked &amp; logged right now and I don't want to see those in this specific query. &nbsp;I also use the more generic "addr in x.x.x.x" instead of specifying source or destination address... because I want to see hits where x.x.x.x was the source (usually outbound connections, URLs, etc.) but also want x.x.x.x as the destination too (for blocked files, threats, etc.) &nbsp;</P> Wed, 14 Dec 2016 03:08:05 GMT https://live.paloaltonetworks.com/t5/general-topics/anyone-using-save-load-filter-optins-under-monitor-tab/m-p/132720#M47107 jvalentine 2016-12-14T03:08:05Z