Views:
Filter Criteria Query Pane Fields
Section Description
Filter Details Enables you to enter the name and/or number of the filter
Filter Category Enables you to select one or more filter categories:
  • Exploits
  • Identity Theft
  • Reconnaissance
  • Security Policy
  • Spyware
  • Virus
  • Vulnerabilities
  • Advanced DDoS
  • Network Equipment
  • Reputation
  • Traffic Normalization
  • Traffic Thresholds
  • Instant Messaging
  • Peer to Peer
  • Streaming Media
Profile Enables you to select a profile

Suspicious URL Metadata

 Enables you to filter events with suspicious URL metadata.
Filter Severity Enables you to select the severity of the event
Filter Type Enables you to filter the events by Security or Application type.
Reputation Type Enables you to filter the events by Reputation or Geographic filter. By default, both filters are selected.

For Geographic filters, the Events table displays the filter's name, any included or excluded countries (Filter Criteria), the country flag icon (if available), and the matching IP address for the filter.

If the Geographic filter events display as Reputation events, or if you have other issues with the search criteria, redistribute all the profiles to all the segments for the distribution to start working again.
Action Type Enables you to select the action: Permit, Block, Trust, Rate Limit, or Quarantine.
Event Comment Enables you to select All Events, Events with Comments, or Events without Comments.


Procedure:

  1. Log in to the SMS from a client.
  2. On the top Navigation menu, click Events.
  3. Select Inspection Events from the left navigational tree. The Events - Inspection Events screen displays.
  4. On the Query pane, select the triangle symbol (▶) next to Filter Criteria to expand this option. In the Filter Details fields, enter the appropriate information.
  5. In the Filter Severity area, deselect any option you do not want in your query.
  6. In the Filter Category area, select one or more categories in the Category list you want to include in your query. You can expand a listing to select individual entries or select a top-level list item to include every item listed under it.
  7. In the Profile area, select a profile from the drop-down list to include in your query.
  8. In the Action Type area, deselect any option you do not want in your query.
  9. Enter the number of matching rows (1 - 10,000) to list in the Display Pane. Limiting the number of rows may decrease the query processing time.
  10. Click Refresh. The returned attack events are displayed in the List pane.
  11. To save this query, click Save As. When prompted, enter a name for the query. The query will be displayed in the Saved Queries section of the Events Navigation pane. To create a new query, click Clear. The query pane will reset and clear the criteria fields.

 

 
Note: You are not required to complete all query fields. Complete only as many as you need to execute your query successfully.

 

Reference: SMS User Guide

Keywords: filter criteria, sms, create a query, query with filter criteria