Search

Enter a query in the search box. A query extracts a report over a defined time frame. At the top section of the screen you can click on the ADD icon to start one or more queries simultaneously.

 

image-1594311750939.png

By default, you start with an open blank query. The search query is defined using the following parameters:

Source

EVENT, ALERT, or VULNERABILITY

Field

Allows filtering the search results to display only those containing a particular value in a field.

Operator

Allows specifying a logical expression search query to filter the events

Time

Allows the user to set a custom range of time (from year to minutes)

A search bar allows the user to search directly within a specific source.

Queries

Clicking on the QUERIES icon displays a screen with the Query List. It shows the name, comment, and last modification. The ACTION option allows for editing the query or delete it from the list. The queries are listed in chronological order (the latest generated query is displayed at the end). A search bar lets you find a particular query by the name.

 

queries-list.png