User guide
Chapter 8: Working with Security Events
84
Viewing Security Event Information
Introduction The Security Events tab lists hundreds of attacks, audits, and security events. You can
customize how events appear to make viewing and searching easier.
About filters and
regular expressions
Security events filters use regular expressions to limit the number of events displayed.
Regular expressions (also known as regex) are sets of symbols and syntax that you can use
to search for text that matches the patterns you specify. If you have ever performed a
wildcard search, you have used regular expressions.
At the most basic level, the following wildcard search types are supported:
Regular expressions search all columns in the Security Events list. If you search for http*,
for example, the search returns all events that match the http protocol column and all
events that begin with http.
Selecting columns
to display
To select columns to display:
1. Select Security Events.
2. On the Security Events tab, click Select Columns.
3. Select the check box next to the columns that you want to appear.
4. Click OK.
5. Save your changes.
Note: If you have grouped and sub-grouped events, the columns for those events no
longer appear in the Security Events tab. Instead, they appear as items in a grouping tree
that you can expand or collapse.
Grouping security
events
To group security events:
1. Select Security Events.
2. On the Security Events tab, click Group By.
3. From the All Columns list, select the column by which you want to group events, and
then click Add.
The columns you select appear in the Group By These Columns list.
4. Repeat Step 3 for each column by which you want to group events.
Each column you select to group by creates a subgroup underneath the last "group"
you created.
Search value... Returns...
*all events
http* all events that begin with “http”
*http all events that end in “http”
*http* all events that contain “http”
Table 31: Sample search values for regular expressions