Constructing Queries: Queries are constructed in the Events Query Pane and the results are displayed in the Display Pane. To access the IPS Events Query Pane, click the Events button on the Toolbar and then click IPS Events in the Navigation pane. To display the Events screen, click the Events button on the Toolbar.
Device/Segment Criteria: The Query Pane includes an Device/Segment Criteria option that enables you to search filters based on segments and/or devices. You can select everything within a group or multiple options within each grouping.
|Device/Segment Criteria Query Pane Fields|
|Segment||Group of hosts protected through a licensed pair of ports on a device.|
|Device||Device managed by the SMS.|
- Log in to the SMS from a client.
- On the top Navigation menu click Events.
- On the Events screen, click Inspection Events in the Navigation pane. The Events - Inspection Events screen displays.
- On the Query pane, select the triangle symbol (▶) next to Device/Segment Criteria to expand this option.
- In the Segment and Devices areas select one or more items in the lists that you want to include in your query. You can expand a listing to select individual entries or select a top-level list item to include every item listed under it.
- Enter the number of matching rows (1 - 10,000) to list in the Display Pane. Limiting the number of row may decrease the query processing time.
- Click Refresh. The returned attack events display in the List pane.
- To save this query, click Save As. Enter a name for the query when prompted. The query displays in the Saved Queries section of the Events Navigation pane. To create a new query, click Clear. The query pane resets and clears the criteria fields.
Note: You are not required to complete all query fields. Complete only as many as you need to successfully execute your query.
Reference: SMS User Guide