Searching the Threat Topology Map

1. To find a host on the map, on the right pane, in the Highlight search field, enter any of these:

   • Host IP address

   • Tag name

   • Username

   • Hostname

     

   The system highlights the node on the map.

2. To find hosts from events in a specific time period, select the time frame at the top and click icon.

3. To search for hosts with specific conditions, enter the query in the Search field and click icon.

   The basic query syntax is [<Field>:] <Filter Criterion>

   To put together many criteria in one query, use Boolean operators:

   [<Field>:] <Filter Criterion> {AND|OR|NOT} [<Field>:] <Filter Criterion> ...

   

   Note - If the number of events in the selected time frame exceeds the allowed limit for display, the system shows only partial results and displays this banner. For accurate search results, select a short time frame or enter a specific query in the Search field.