This article provides a quick reference to filtering your identities.
Estimated reading time: 2 minutes
To better understand and group your identities, you can filter them by attribute.
- In Red Canary, click Identities.
- Enter attributes in the Identities filter bar, and then hit Return or Enter.
Supported filter attributes
|Username||The identity's username.||
|UID||The identity's unique identifier.||
|Type||The identity type, for example, "endpoint domain account."||
|Logon domain||The logon domain, which is any string in the identity preceded by a double backslash (
|Latest detection time||The last time when Red Canary identified a threat associated with an identity.||
A note on dates and times:
Date filters are specified with a
from..tosyntax where either
tocan be unbounded:
2020-01-01..filters for matches on or after (>=)the
..2020-01-01filters for matches on or before (<=)the
2020-01-01..2020-01-31filters for matches on or after (>=)the
fromdate and on or before (<=) the