To change the event search conditions, perform the following actions in the Threat Hunting section of the program web interface window:
Click the form containing the event search conditions in the upper part of the window.
Select one of the following tabs:
Builder, if you want to change the event search conditions in design mode.
Source code, if you want to change the event search conditions in source code mode.
Make the relevant changes.
Click one of the following buttons:
Refresh, if you want to refresh the current event search with the new conditions.
New search, if you want to perform a new event search.
Grouping levels of found events are displayed: All hosts – Organization names – Server names.
Click the name of the server for which you want to view events.
The host table of the selected server opens. Event grouping levels are displayed above the table. The host table contains the following information:
Host is the name of the host on which the event was detected.
Number of events is the number of events that were detected on the host.
First event is the detection date and time of the first event on this host.
All hosts is the detection date and time of the latest event on this host.
Select the host for which you want to view events.
This opens a table of events matching the search conditions you specified. Event grouping levels are displayed above the table.
You can return to the host selection window by clicking the link with the organization name and the server name, or return to organization and server selection by clicking the All hosts link.