Documentation forSecurity Event Manager

The Filter Creation form on the SEM Console

Use the Filter Creation form to create or edit filters on the SEM Console Monitor view.

This topic provides page-level help for the Filter Creation form on the SEM Console.

See also: Create filters with the SEM Console.

The Filter Creation form

Use the Filter Creation form to create or edit a filter in the Monitor view.

Component Description
The Filter Creation sidebar (also called the List pane)

Contains categorized lists of events, event groups, event variables, groups, profiles, and constants you can use to create conditions for your filters.

If more than one Manager is linked to the console, each item in the list pane lists the associated Manager.

The Events list contains a search box and associated buttons that switch the view between tree and list views.

Name Displays the filter name.
Lines Displayed Selects the number of lines displayed in the screen.
Description Displays the filter description.
Filter Status

Lists warnings and error messages about the current configuration logic in your filter.


Defines the data conditions reported by the filter.

To configure a condition, drag items listed in the List pane into the Conditions box.

Notifications Defines how the console responds to your event (such as a sound or pop-up message).

Reverts the screen to your last desktop action (up to 20 actions).

Redo Forwards the screen to your next saved desktop action (up to 20 actions).
Save Saves your filter changes.

Cancels your filter changes.

The filters and groups list pane

The following screen capture shows the filters and groups list pane on the Filter Creation screen in the Monitor view.

To open the list pane, click Monitor, then click Filters to open the Filters sidebar, and then choose New Filter or Edit from the or menus.

This table describes each option on the Filter Creation screen sidebar in Monitor view.

Filter Description

All console event types. Click to display the list as a hierarchical node tree. Click to list event types alphabetically, regardless of their position in the hierarchy.

Event Groups Preconfigured groups of events used to initiate a specific event filter condition or rule creation.

User-Defined Groups

Groups of preferences used in rules and event filters to match, include, or exclude events, information, or data fields based on their membership with a particular group. In most cases, these groups are used in rules for choosing which events to include or to ignore. These groups apply to Managers and are created in the Group Builder.

Connector Profiles

Groups of Agents with common connector configurations. Use connector profiles with rules and filters to include or exclude Agents associated with a particular profile. You can create connector profiles in the Build > Groups grid.

Directory Service Groups

Preconfigured groups of network computers and system users you can use in rules and filters. They allow you to match, include, or exclude events to specific users or computers based on their group membership. These groups are synchronized through the Build > Groups grid.

Time Of Day Sets

Specific groups of hours you can associated with rules and event filters. You can use time of day sets to enable your filters to include or exclude messages that occur during the hours associated with a particular time of day set, or to have your rules take different actions at different times of day. You can create time of day sets in the Build > Groups grid.

Subscription Groups

All console user names, and the Manager associated with each user. Each name represents the list of rules subscribed to each individual user. When you add a subscription group to a filter, you can build the filter so it only displays events messages related to specific rules that a particular user is interested in (or “subscribed to”). You can create subscription rules in the Build > Groups grid.

Constants The constants rules and filters can use for comparing event data. These include text, number, and time.

Various notification methods the console can use to announce an event message for the filter. You can have the console display a pop-up message, display the new event as “unread,” play a sound, or have the filter name blink. You can also configure multiple notification methods for the same filter. This list only applies to filters.