Filter threat activity
Threat actors list can be filtered to reduce clutter and see the most active threat actors and the most used attack techniques. Filtering the users list can help identify threat activities that must be investigated and actioned upon on priority.
Threat actors list can be filtered from the Threat actors widgets and using the Advanced filters located above the Monitored Users view.
| Filtering the user list using a Summary widget sets the Advanced filters to the criteria for the legend or data you click on the widget. Using the Advanced filters on top of the filtering criteria set by the widget filters the user list further. For example, clicking High in the Threat-Level widget and setting the Advanced filter Tactics = Exfiltration or Privilege Escalation filters the list to show threat actors using exfiltration or privilege escalation tactics for threat activities. |
|
Advanced filters
Advanced filters can be used to filter threat activities by users, threat tactics and techniques, and other criteria. The user list can be filtered solely using Advanced filters.
Click the Filter icon at the top-right corner of the users list to open the filter menu.
| Filter | Filtering action |
|---|---|
| User |
Threat activities seen in your environment by the selected users. Select threat actors by their IP addresses or user IDs. |
| Risk Level |
Users who have carried out threat activities of the selected risk level ( High, Medium, and Low) |
| Status |
Users who have carried out threat activities of the selected status ( Block, Monitor, Rate Limit, and Whitelist) |
| Tactics |
Users who have carried out threat activities using the selected attack tactics |
| Techniques Used | Users who have carried out threat activities using the selected attack techniques |
| Endpoint |
Users who have carried out threat activities on the APIs with the selected endpoint URLs. Select endpoint URLs or search for URLs by text strings. Use Precise Match if required. |
| Geolocation | Users who have carried out threat activities from the selected geolocations ( Private IP, Public geolocation, or Unknown). |
| First Discovered From | Threat activities seen in your environment with this date as the start date of the threat discovery period |
| First Discovered To | Threat activities seen in your environment with this date as the end date of the threat discovery period |
Precise Match
Precise Match is a switch to filter the text string columns of the threat actors list by the exact match of the text you enter to filter the list.
By default, the Precise Match switch is set to ON.