Red Canary’s detection analytics can be filtered by their attributes. This filtering allows you to identify detection analytics that Red Canary is using to defend your organization.
Filtering detection analytics
You can filter for analyzed events by a number of criteria.
To filter for specific detection analytics by criteria:
- Click Analytics & Intelligence in the site navigation.
- Click in the filter bar next to the ICON_SEARCH icon.
- Enter the criteria that describes the analytics you wish to find.
You can learn more about ways to filter for analytics by clicking Learn more about filtering for detection analytics.
What if I want to quickly jump to an analytic by description, ATT&CK technique, etc?
The fastest way to jump to an endpoint is by using ⌘-K. Many attributes of endpoints are indexed and can be found with ⌘-K, including:
- Indicator of compromise (IOC)
- ATT&CK technique name or identifier (e.g.,: T1234)