You can filter your events by attribute, and then download a CSV of the results.
- From the navigation menu, click Events.
- Enter attributes in the Analyzed events filter bar, and then press Return or Enter.
- Click the download button, and then click Download to CSV (last 1500 events).
Supported filter attributes
| Attribute | Description | Example |
| MAC address | A MAC address associated with the event. |
|
| IP address | An IP address associated with the event. |
|
|
Endpoint users |
A user on an endpoint associated with the event. |
|
|
Command line |
A command line, process hash, or filename associated with the event. |
|
|
MD5/SHA256 |
An MD5 or SHA256 hash associated with the event. |
|
To filter endpoints by operating system, use the operating_system: field. You may either type a word after the colon, for example, operating_system:windows; or multiple words surrounded by double quotes, for example, operating_system:"Windows 10". This field is not case-sensitive, and will match on specific endpoint operating systems, as well as canonicalized names.
This article provide information on Exposing External Service UUID.
Comments
0 comments
Please sign in to leave a comment.