The confirmed threats in your Red Canary platform can be filtered by their attributes. This filtering allows you to review the detections confirmed by Red Canary.
Filtering confirmed threats
You can filter for confirmed threats by a number of criteria.
To filter for specific confirmed threats by criteria:
- Click Endpoints in the site navigation.
- Click in the filter bar next to the ICON_SEARCH icon.
- Enter the criteria that describes the threats you wish to find.
You can learn more about ways to filter for confirmed threats by clicking Learn more about filtering for detections.
What if I want to quickly jump to a confirmed threat by hostname, process name, etc?
The fastest way to jump to a detection is by using ⌘-K. Many attributes of detections are indexed and can be found with ⌘-K, including:
- Detection descriptions and notes from Red Canary or your team
- Marked process activity such as process names, paths, and command lines
- Marked network connections, including IP addresses and domain names
- Associated endpoint metadata, including tags, hostnames, IP addresses, etc.
- Associated endpoint user metadata, including usernames and identifiers