Documentation forSecurity Event Manager

View network traffic from specific computers

You can create custom filters that highlight specific firewall events. For example, to monitor traffic from a specific computer, create a filter for all network traffic coming from the targeted computer. Use connector profiles and other groups to broaden or refine the scope of custom filters. The following procedure provides an example of creating a filter to monitor all traffic from a targeted computer.

  1. On the SEM Console, click the Live Events tab.
  2. To create a filter at the group level in the Filters pane, move the mouse pointer over a group heading to expose the vertical ellipsis, and select Add New Filter.

    Or, to create a filter at the root level, click the add icon, and select Add New Filter.

  3. Enter a descriptive name for your new filter.
  4. In the drag panel on the left, expand Event Groups, and then drag Network Audit Alerts into the filter builder.

    When you drag a value into the filter builder, the correct drop location is illuminated with a blue line.

  5. Under Network Audit Alerts fields, drag SourceMachine into the filter builder.

  6. Mouse over "Network Audit Alerts.SourceMachine" to expose the filter builder toolbar.
  7. Click the "or add it" link and enter the fully qualified domain name of the computer.
  8. Click Save.