Filters are a set of criteria you can use to pinpoint specific incidents. Multiple filters can be used at the same time to narrow searches.
On the Incident Information panel, you will find two dropdowns. The leftmost dropdown, which defaults to “Open”, is the dropdown for the State of Incident filter. Here, you can sort incidents by their Action state.
The Filters Dropdown can be found on the Incident Information panel. In it, you will find a collection of powerful filters.
Threat type filters help you sort incidents by the specific type of threat an incident contains. These are:
You can combine multiple threat types to find incidents across multiple threats, or use the ONLY hover flag to filter out all incidents except the chosen type.
This filter will help you sort incidents by the amount of endpoints affected by said incidents. You can choose from a set of operators to refine your search. These operators are:
This filter has two categories: Labels Affected and Business Relevance. To learn more about Labels, consult our documentation
Here you can choose a label from those you have made, and determine if you want to include it or exclude it from the filter.
The Business Relevance filter sorts incidents by the relevance assigned to different labels. This will result in the filter listing all incidents across multiple labels that have the relevance criterion you have chosen for them. The relevances are:
Here you can sort incidents by the date they were created. Similar to the Time Range filter, these dates are given in ranges. The preset ranges are the following:
Using Custom Range, you can select a specific time range of your choosing.
With the help of this filter, you can sort incidents by whether they have been found through the Lumu Playback function or not. The choices are:
Know more about the Lumu Portal: