Filters can be applied using lists as the filter items. The following filter fields can be populated from lists:
-
Application
-
Classification
-
Common Event
-
Entity
-
General String Values, including:ActionAddressCommandCVEDomain ImpactedDomain OriginGroupHashHost NameMAC AddressMessageObjectObject NameParent Process IdParent Process NameParent Process PathPolicyProcessReasonResponse CodeResultSerial NumberSessionSession TypeStatusSubjectThreat IdThreat NameURLUser User AgentVendor InfoVendor Message ID
-
Host
-
Identity
-
IP Address
-
IP Range
-
Location
-
Log Source
-
Log Source Type
-
MPE Rule
-
Network
-
Root Entity
-
User
To use a list to populate filter items:
-
From the feature you want to add a filter to, select an option in the Add New Field Filter.
-
Click Edit Values.
-
Click Add List.
List types that match the filter type appear in the List Selector. -
Select a list, and then click OK.
-
(Optional) To learn more about the list or modify it, double-click it in the text box in the field Filter Values window.
The List Properties window appears. From here, you can add items and other lists to the list, and modify other settings if you have permission.