Incident Filters

Incident Filters

Filters are a set of criteria you can use to pinpoint specific incidents. Multiple filters can be used at the same time to narrow searches.

Time Range

The Time Range filter can be found beneath Closed Incidents.
Time Range filters allow you to sort incidents using the specified time frame of occurrence. You can choose a preset time frame, or you can customize your own by selecting a start and end date. The presets are as follows:
  • Today
  • This week (starts monday)
  • Last week
  • This Month (to date)
  • Last month
  • This quarter
  • Last quarter
  • This year
  • Custom range

State of Incident

On the Incident Information panel, you will find two dropdowns. The leftmost dropdown, which defaults to “Open”, is the dropdown for the State of Incident filter. Here, you can sort incidents by their Action state.



Incidents will be filtered out if the corresponding checkbox for their state is not ticked.

Filters Dropdown

The Filters Dropdown can be found on the Incident Information panel. In it, you will find a collection of powerful filters.


Threat Type

Threat type filters help you sort incidents by the specific type of threat an incident contains. These are:

  • Malware
  • Phishing
  • C&C
  • Network Scan
  • Mining
  • Spam
  • DGA

You can combine multiple threat types to find incidents across multiple threats, or use the ONLY hover flag to filter out all incidents except the chosen type.

Number of Endpoints affected


This filter will help you sort incidents by the amount of endpoints affected by said incidents. You can choose from a set of operators to refine your search. These operators are:

  • Greater than (>)
  • Less than (<)
  • Equal (=)
  • Between (>&<)

Max limit for “Set value”= 10.000

Labels


This filter has two categories: Labels Affected and Business Relevance. To learn more about Labels, consult our documentation

Labels affected


Here you can choose a label from those you have made, and determine if you want to include it or exclude it from the filter.

Business relevance


The Business Relevance filter sorts incidents by the relevance assigned to different labels. This will result in the filter listing all incidents across multiple labels that have the relevance criterion you have chosen for them. The relevances are:

  • High
  • Medium
  • Low

Date of creation


Here you can sort incidents by the date they were created. Similar to the Time Range filter, these dates are given in ranges. The preset ranges are the following:

  • Today
  • This week (starts monday)
  • Last week
  • This Month (to date)
  • Last month
  • This quarter
  • Last quarter
  • This year
  • Custom range

Using Custom Range, you can select a specific time range of your choosing.


With the help of this filter, you can sort incidents by whether they have been found through the Lumu Playback function or not. The choices are:

  • Yes
  • No

Automated Response



This filter sorts incidents by whether they have been responded by one of your Out-of-the-Box integrations or not, based on the criteria you have configured in said integrations.

Under Orchestrated With, you can select a specific integration that you have active in your account, if applicable.

Know more about the Lumu Portal:



        • Related Articles

        • Incident Details

          Clicking on an incident will display the incident details view. This view will provide you with tactical and strategic vision of the adversarial activity and intent related to the incident, as well as provide vital intel so your organization can act ...
        • Lumu Portal

          Lumu simplifies Continuous Compromise Assessment by consolidating its management, reporting, and related contextual intelligence within a single portal. Security teams no longer need to chase down data from multiple network monitoring tools. The Lumu ...
        • Lumu Autopilot

          In today’s rapidly evolving digital environment, prompt and effective responses to security threats are essential. Lumu Autopilot simplifies the entire incident management process, reducing human error and optimizing resource allocation. By utilizing ...
        • How to configure SSO in the Lumu Portal using Okta

          Single Sign-on (SSO) allows you to log in to the Lumu portal through Identity Providers using their current credentials. Instead of requiring users to manage multiple usernames and passwords, SSO allows you to log in to multiple applications using ...
        • Lumu Email Intelligence

          Lumu simplifies Continuous Compromise Assessment by consolidating its management, reporting, and related contextual intelligence within a single portal. Security teams no longer need to chase down data from multiple network monitoring tools. In this ...