Investigating Alerts
Also available as:
PDF

Filter Alerts

The first Alerts UI feature you can use to focus your data is Filters. You can use Filters to choose the type of data you are viewing.

  1. In the Filters panel on the left of the window, click the Bro filter.
    The central panel of the Alerts UI displays all of the Bro data it has received.
    Note
    Note

    Next to the Bro filter, the UI displays the total number of Bro alerts.

  2. You can continue to apply filters to the alerts displayed in the Alerts window to further refine the alerts list.
    As you select filters and facets, they are displayed in the Searches field.
    For example, in the following figure, we've applied the source.type filter with the bro facet and then the ip_dst_addr filter with the IP address 95.163.121.204.
  3. To clear filters that have been populated to the Searches field, click (delete icon) at the end of the Searches field.