Filter Alerts

The first Alerts UI feature you can use to focus your data is Filters. You can use Filters to choose the type of data you are viewing.

  1. In the Filters panel on the left of the window, click the Bro filter.
    The central panel of the Alerts UI displays all of the Bro data it has received.
  2. You can continue to apply filters to the alerts displayed in the Alerts window to further refine the alerts list.
    As you select filters and facets, they are displayed in the Searches field.
    For example, in the following figure, we've applied the source.type filter with the bro facet and then the ip_dst_addr filter with the IP address
  3. To clear filters that have been populated to the Searches field, click (delete icon) at the end of the Searches field.