The potentially threatening events identified by Red Canary can be filtered by their attributes. This filtering allows you to review the potentially threatening events that Red Canary has investigated and assess what behavior is occurring on your endpoints.
Filtering analyzed events
You can filter for analyzed events by a number of criteria.
To filter for specific events by criteria:
- Click Events in the site navigation.
- Click in the filter bar next to the ICON_SEARCH icon.
- Enter the criteria that describes the events you wish to find.
You can learn more about ways to filter for events by clicking learn more about searching.
What if I want to quickly jump to an event by process path, command line, ATT&CK technique, etc?
The fastest way to jump to an event is by using ⌘-K. Many attributes of events are indexed and can be found with ⌘-K, including:
- Reporting tags
- Hostnames
- IP addresses
- MAC addresses