I've got a potential client that is trying to filter the threat log by the threat 'Name' field. He wants to see all from a specific threat.
Normally you click on the item and it puts it in the filter bar but here when you click on the name you get a pop up with the details on that threat. I've tried a bunch of combinations and can't find anything that will filter on the threat name.
Is there syntax for that field? Another way to filter that traffic?
Solved! Go to Solution.
You can use Threat ID instead.
If you click threat Name, you can see threat detail.
This window contain threat ID.
You can use this as follow:
(threatid eq xxxxx)
If I could do two correct answers I would've. I had to choose and being lazy like all good net engineers, I chose the path of least resistance. I added the column. But, both worked and worked perfectly.
Thank you both!
There should be the capability to filter using text from the Name field also. If you want to search for, let's say, Microsoft vulnerabilities, you should be able to filter using the name field. This would allow an admin to find out what vulnerabilities are trying to be exploited and whether clients or servers have been patched for those vulnerabilities.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!