Table of Contents | ||||
---|---|---|---|---|
|
...
In the Hunting area, click the Add to investigation button after performing a search. In this case, elements will be also added to the Investigation list. Learn more about this in the Threat Hunting article.
...
Filter investigations
You can use the filters at the top of the Investigations area to filter specific investigations.
Rw ui steps macro | ||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
First, choose the time range you want to apply to your search by clicking the time selector at the top of the area. You can either choose an absolute time range selecting the start and end dates in the calendar or select a preset interval. You can also select a start date and activate the Now toggle to set the ending date to the current time. Click OK after choosing the time range.
After applying a specific time range, you can click the play button next to the selector to activate real-time. This will allow new results to keep appearing as time passes.
Then, set the conditions you want to filter by. These are the available options:
You can also select the Advanced Filters button to filter by the following criteria:
Click Filter. |
...
If you start defining a new filter or start defining a new filter, you can click Reset filters to ❤ to set your favorite filter.
...