Create a filter to capture events from a specific device
- In the SEM Events Console, click the Events tab.
- To create a filter at the group level in the Filter Values pane, move the mouse pointer over a group heading to expose the vertical ellipsis, and then select Add New Filter.
To create a filter at the root level, click the add icon, and then select Add New Filter.
- Enter a descriptive name for your new filter.
In the drag panel on the left, expand Event Groups and select one of the following:
- To view all traffic from your device, select Any Alert.
- To view all network events from your device, select Network Audit Alerts.
- To view web traffic from your device, select WebTrafficAudit from the Event groups.
- From the fields list, drag ToolAlias into the filter builder.
When you drag a value into the filter builder, the correct drop location is illuminated with a blue line.
- Click the or add it hyperlink.
Enter a filter value to match the alias property of the device that you want to track. Use asterisks (*) as wildcard characters to avoid entering the entire value.
For example, consider the default Firewall filter. Its condition is
Any Alert.ToolAlias = *firewall*. This assumes that the firewall connector was configured with a Tool Alias that includes firewall in the name.