...
To filter Security Events by specific criteria, select the applicable objects from the following drop-down menus located below the top action menu. The default search query limit for searches is 10objects returned in each drop-down are limited to a maximum of 10 returned records, with the exceptions of 100 search queries for Feeds and Source:exception of the Feed and Source filters which are limited to a maximum of 100 returned records.
- Action: The configured action for the security rule. This can be Allow, Redirect, Block, or Log.(limited to a maximum of 10 returned records)
- Confidence: The threat confidence score assigned to an indicator. The confidence level can be High, Medium, or Low..(limited to a maximum of 10 returned records)
- Feed: The list of threat feeds against which the malicious hit was triggered. (limited to a maximum of 100 returned records)
- Class: The threat intelligence feeds, such as Phishing, MalwareC2DGA, and others..(limited to a maximum of 10 returned records)
- Level: The threat level for the malicious hit. This can be High, Medium, Low, or Info. Note: In some cases, a record may not contain all fields which will be represented as N/A on the user interface and NULL in the API results..(limited to a maximum of 10 returned records)
- Policy: Active security policies..(limited to a maximum of 10 returned records)
- Source: The location of the device within the network infrastructure. For example, the device can be an on-prem appliance or an endpoint device. You can select which records to view by selecting or deselecting from among the options available.(limited to a maximum of 100 returned records).
Show: Security and activity events can be filtered by choosing an option from the Show drop-down menu..(limited to a maximum of 10 returned records)
Note title Note Depending on the availability of data records, not all filter options may be displayed.
...