This article provides a quick reference to filtering and downloading your events.
Estimated reading time: 1 minute
You can filter your events by attribute, and then download a CSV of the results.
- In Red Canary, click Events.
- Enter attributes in the Analyzed events filter bar, and then hit Return or Enter.
- Click the download button, and then click Download to CSV (last 1500 events).
Supported filter attributes
| Attribute | Description | Example |
| MAC address | A MAC address associated with the event. |
|
| IP address | An IP address associated with the event. |
|
|
Endpoint users |
A user on an endpoint associated with the event. |
|
|
Command line |
A command line, process hash, or filename associated with the event. |
|
|
MD5/SHA256 |
An MD5 or SHA256 hash associated with the event. |
|
Comments
0 comments
Please sign in to leave a comment.