...
Filtering the Security Events Tab
To filter Security Events by specific criteria, select the applicable objects from the following drop-down menus located below the top action menu. The objects returned in each drop-down are limited to a maximum of 10 returned records, with the exception of the Feed and Source , Source, Policy, and Class filters which are limited to a maximum of 100 returned records.
- Action: The configured action for the security rule. This can be Allow, Redirect, Block, or Log.Log (limited to a maximum of 10 returned records).
- Confidence: The threat confidence score assigned to an indicator. The confidence level can be High, Medium, or Low..Low (limited to a maximum of 10 returned records).
- Feed: The list of threat feeds against which the malicious hit was triggered. (limited to a maximum of 100 returned records).
- Class: The threat intelligence feeds, such as Phishing, MalwareC2DGA, and others..others (limited to a maximum of 10 100 returned records).
- Level: The threat level for the malicious hit. This can be High, Medium, Low, or Info. Note: In some cases, a record may not contain all fields which will be represented as N/A on the user interface and NULL in the API results..results (limited to a maximum of 10 returned records).
- Policy: Active security policies..policies (limited to a maximum of 10 100 returned records).
- Source: The location of the device within the network infrastructure. For example, the device can be an on-prem appliance or an endpoint device. You can select which records to view by selecting or deselecting from among the options available.available (limited to a maximum of 100 returned records).
Show: Security and activity events can be filtered by choosing an option from the Show drop-down menu..
Note title Note Depending on the availability of data records, not all filter options may be displayed.
...