Threat Log filter by 'Name' field

L3 Networker

Threat Log filter by 'Name' field

I've got a potential client that is trying to filter the threat log by the threat 'Name' field.  He wants to see all from a specific threat.

Normally you click on the item and it puts it in the filter bar but here when you click on the name you get a pop up with the details on that threat.  I've tried a bunch of combinations and can't find anything that will filter on the threat name.

Is there syntax for that field?  Another way to filter that traffic?



L4 Transporter

Re: Threat Log filter by 'Name' field

You can use Threat ID instead.

If you click threat Name, you can see threat detail.

This window contain threat ID.

You can use this as follow:

(threatid eq xxxxx)


L5 Sessionator

Re: Threat Log filter by 'Name' field

Agree with emr

You can alternatively just choose the Threat Id from the Available columns in the Threat logs as shown in the Snapshot.

Threats details can also be searched from the Threat Vault.

Threat Logs.PNG

L3 Networker

Re: Threat Log filter by 'Name' field

If I could do two correct answers I would've.  I had to choose and being lazy like all good net engineers, I chose the path of least resistance.  I added the column.  But, both worked and worked perfectly.

Thank you both!

L4 Transporter

Re: Threat Log filter by 'Name' field

There should be the capability to filter using text from the Name field also. If you want to search for, let's say, Microsoft vulnerabilities, you should be able to filter using the name field. This would allow an admin to find out what vulnerabilities are trying to be exploited and whether clients or servers have been patched for those vulnerabilities.

L1 Bithead

Re: Threat Log filter by 'Name' field

+1 for the ability to search on threat name and use some sort of wildcard language.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!