Documentation forSecurity Event Manager

Example filter: View network traffic from specific computers

You can create custom filters to highlight specific firewall events. For example, to monitor traffic from a specific computer, create a filter for all network traffic coming from the targeted computer. Use connector profiles and other groups to broaden or refine the scope of custom filters.

The following procedure provides an example of a filter that monitors all traffic from a targeted computer.

  1. Log in to the SEM Console.
  2. On the toolbar, click Live Events.
  3. To create a filter at a group level in the Filters pane, move the mouse pointer over a group heading to expose the vertical ellipsis, and select Add New Filter. For example, to add a filter to the Overview group, click the vertical ellipsis after Overview, and click Add New Filter.

    To create a filter at the root level outside of all the groups, click the add icon, and select Add New Filter.

  4. In the Name field, enter a descriptive name for your new filter.
  5. In the first column of the Filter Values, expand Event Groups and drag Network Audit Alerts into the filter builder.

    When you drag a value into the filter builder, the correct drop location is illuminated with a blue line.

  6. From the second column of the Filter Values, drag SourceMachine to the filter builder

  7. Mouse over Network Audit Alerts.SourceMachine to expose the filter builder toolbar.
  8. Click the "or add it" link and enter the fully qualified domain name of the computer.
  9. Click Save.