Group Alerts

Frequently, there are a large number of alerts contained in each of the Filters. To further refine the alert data, you can use the Group By feature. In addition to limiting the type of data you are viewing, you can apply searches, status, etc. to all the alerts in a group at the same time.

  1. Click enrichment:country in the Group By section at the top of the UI to group your Bro filtered data by country.
    In the following example, you can see that the alerts are now grouped into three countries: US, RU, and FR.
  2. Click on the FR (France) group to see the IP addresses listed for the country:
  3. You can click on the IP addresses to display Bro alerts for a specific host:
  4. You can apply search parameters to the grouped information to display more granular information.