Documentation forSecurity Event Manager

Create a filter to capture events from a specific device

  1. In the SEM Events Console, click the Events tab.
  2. To create a filter at the group level in the Filter Values pane, move the mouse pointer over a group heading to expose the vertical ellipsis, and then select Add New Filter.


    To create a filter at the root level, click the add icon, and then select Add New Filter.

  3. Enter a descriptive name for your new filter.
  4. In the drag panel on the left, expand Event Groups and select one of the following:
    • To view all traffic from your device, select Any Alert.
    • To view all network events from your device, select Network Audit Alerts.
    • To view web traffic from your device, select WebTrafficAudit from the Event groups.
  5. From the fields list, drag ToolAlias into the filter builder.

    When you drag a value into the filter builder, the correct drop location is illuminated with a blue line.

  6. Click the or add it hyperlink.

  1. Enter a filter value to match the alias property of the device that you want to track. Use asterisks (*) as wildcard characters to avoid entering the entire value.

    For example, consider the default Firewall filter. Its condition is Any Alert.ToolAlias = *firewall*. This assumes that the firewall connector was configured with a Tool Alias that includes firewall in the name.

  2. Click Save.