Dossier Navigation and Filters
This page describes the navigational features that are available in host dossiers.
Filters and the time range menu are available at the top of the page. Below the filters are graphs, related alerts, and Polygraphs, if applicable. The remaining portion of the page contains dossier-specific tables.
To copy the link to the current view, click the Copy link icon. You can then share that link with others so they can see the same view.
Filters
By default, a dossier displays all data from the past day. Use the following methods to refine the displayed data:
- Use the search bar or filters at the top of the page to filter by specific fields, operators, and values. You can specify the * wildcard to match one or more characters. Additionally, some table's column values let you add a filter by selecting the adjacent funnel icon .
- To remove an active filter, click its filter and then click Reset or x. To remove all filters, click Reset, which is next to the filters.
Time Range
To change the time range, use the horizontal arrows to move to another period, select a different period, or select Custom.
Only information found during the specified date range is reported. For example, if 9 days ago there was specific behavior and the specified range is latest week, this behavior is not listed.
Note that all times are local.
Tables
The following icons are available for the tables.
Icon | Label | Description |
---|---|---|
Download | Click the icon to download a comma-separated values (CSV) file of the table contents. The CSV file you download for a table in the Agents dossier is compressed in a .gz (GNU Zipped archive) file. Click Downloads in the left pane to access the CSV files you downloaded in the Agents dossier. The link to download a CSV file expires after 24 hours. | |
Select columns | Click the icon to hide or show the set of columns that are displayed in the table. | |
Search | Click the icon to search for an entry within the table. |
Clickable Links
Click an entry's link in any table to open a new detailed view for that entry. For example, click a File Hash entry to display all examples of that hash observed across your environment. Similarly, click an application name to display additional information about that process.