Documentation forSecurity Event Manager

Create filters with the SEM Console

On the SEM Console, you can create custom filters for your event log stream to complement existing SEM Monitor filters. On the Add New Filter page, create filters by dragging and dropping default filter values, or by adding your own custom filter values. The filter builder also guides you through selecting operators and conditions to group a particular type of event, or to monitor specific events and activity.

You can add and edit filters at the root or group level. Find more information about SEM groups here.

  1. On the SEM Console, click the Live Events tab.
  2. To create a filter at the group level in the Filters pane, move the mouse pointer over a group heading to expose the vertical ellipsis, click on it, and select Add New Filter.

    Or, to create a filter at the root level, click the add icon, and select Add New Filter.

  3. Enter a descriptive name for your new filter.

    To establish notifications for the new filter, you can create a rule based on your filter with one click.

  4. Drag a value into the filter builder. The drag panel on the left contains searchable filter values that you can drag into the filter builder. Expand a filter group to select a value, or locate your value by entering a term in the search field.

    When you drag a value into the filter builder, the correct drop location is illuminated with a blue line.

    If you know the specific values for your filter, Click the add icon, and then enter your custom values.

  5. From the drop-down list, select an option, or enter a specific value or keyword directly.

    To change the And operator, or to group (bracket) the filter values, click And, and then select Or, or Group. Follow the same steps to ungroup the values.

    You can also move the mouse pointer over a value to expose the filter builder toolbar where you can add or drag values, edit values , and delete values .