Incident Filters
Filters are a set of criteria you can use to pinpoint specific incidents. Multiple filters can be used at the same time to narrow searches.
Time Range
- Today
- This week (starts monday)
- Last week
- This Month (to date)
- Last month
- This quarter
- Last quarter
- This year
- Custom range
State of Incident
On the Incident Information panel, you will find two dropdowns. The leftmost dropdown, which defaults to “Open”, is the dropdown for the State of Incident filter. Here, you can sort incidents by their Action state.
Filters Dropdown
The Filters Dropdown can be found on the Incident Information panel. In it, you will find a collection of powerful filters.
Threat Type
Threat type filters help you sort incidents by the specific type of threat an incident contains. These are:
- Malware
- Phishing
- C&C
- Network Scan
- Mining
- Spam
- DGA
You can combine multiple threat types to find incidents across multiple threats, or use the ONLY hover flag to filter out all incidents except the chosen type.
Number of Endpoints affected
This filter will help you sort incidents by the amount of endpoints affected by said incidents. You can choose from a set of operators to refine your search. These operators are:
- Greater than (>)
- Less than (<)
- Equal (=)
- Between (>&<)
Labels
This filter has two categories: Labels Affected and Business Relevance. To learn more about Labels, consult our documentation
Labels affected
Here you can choose a label from those you have made, and determine if you want to include it or exclude it from the filter.
Business relevance
The Business Relevance filter sorts incidents by the relevance assigned to different labels. This will result in the filter listing all incidents across multiple labels that have the relevance criterion you have chosen for them. The relevances are:
- High
- Medium
- Low
Date of creation
Here you can sort incidents by the date they were created. Similar to the Time Range filter, these dates are given in ranges. The preset ranges are the following:
- Today
- This week (starts monday)
- Last week
- This Month (to date)
- Last month
- This quarter
- Last quarter
- This year
- Custom range
Using Custom Range, you can select a specific time range of your choosing.
Playback related
With the help of this filter, you can sort incidents by whether they have been found through the Lumu Playback function or not. The choices are:
- Yes
- No
Automated Response
Know more about the Lumu Portal:
Related Articles
Incident Details
Clicking on an incident will display the incident details view. This view will provide you with tactical and strategic vision of the adversarial activity and intent related to the incident, as well as provide vital intel so your organization can act ...Lumu Portal
Lumu simplifies Continuous Compromise Assessment by consolidating its management, reporting, and related contextual intelligence within a single portal. Security teams no longer need to chase down data from multiple network monitoring tools. The Lumu ...How to configure SSO in the Lumu Portal using Okta
Single Sign-on (SSO) allows you to log in to the Lumu portal through Identity Providers using their current credentials. Instead of requiring users to manage multiple usernames and passwords, SSO allows you to log in to multiple applications using ...Lumu Playback
The cybersecurity industry has found many ways to defend against zero-day threats and emerging attacks; however, several attacks and techniques still manage to go undetected thanks to the cybercriminals' own advances in sophisticated evasion ...Lumu Email Intelligence
Lumu simplifies Continuous Compromise Assessment by consolidating its management, reporting, and related contextual intelligence within a single portal. Security teams no longer need to chase down data from multiple network monitoring tools. In this ...