Constructing Queries: Queries are constructed in the Events Query Pane and the results are displayed in the Display Pane. To access the Inspection Events Query Pane, click the Events button on the Toolbar and then click Inspection Events in the Navigation pane. To display the Events screen, click the Events button on the Toolbar.
Filter Taxonomy Criteria: The Query Pane also includes a Taxonomy option that enables you to search filters based on the class of attack, protocol, and platform. You can select multiple options within each grouping.
|Taxonomy Criteria Query Pane Fields|
|Classification||Type of attack|
|Protocol||System communication methods, such as; LDAP, SNMTP, SSH, etc.|
|Platform||OS-based applications, services or supported device, such as; Windows Client, networked router, UNIX Client application, etc.|
- Log in to the SMS from a client.
- On the top Navigation menu click Events.
- On the Events screen, click Inspection Events in the Navigation pane. The Events - Inspection Events screen displays.
- On the Query pane, select the triangle symbol (▶) next to Filter Taxonomy Criteria to expand this option.
- Select one or more criteria from the Classification, Protocol, and Platform columns.
- To select a consecutive range of column entries, hold down the <Shift> key.
- To select multiples entries within a column, hold down the <Ctrl> key.
- Enter the number of matching rows (1 - 10,000) to list in the Display Pane. Limiting the number of row may decrease the query processing time.
- Click Refresh. The returned attack events display in the List pane.
- To save this query, click Save As. Enter a name for the query when prompted. The query displays in the Saved Queries section of the Events Navigation pane. To create a new query, click Clear. The query pane resets and clears the criteria fields.
Note: You are not required to complete all query fields. Complete only as many as you need to successfully execute your query.
Reference: SMS User Guide