Dossiers have the same navigational features and filters. Those that are available in all dossiers are discussed in the following sections.
Date/time range and parameter filters are available at the top of the page. Below the filters are charts and the timeline. Next on the page are Polygraphs (if applicable). The remaining portion of the page contains individual tables.
Date/Time Range and Filters
You can use the following controls at the top of the page to define all data displayed in this dossier.
The Date Range (clock) icon provides preset ranges for data that you want to display:
- Last hour
- Last 2 hours
- Last 7 days
You can click the dates/times adjacent to the Date Range icon to select the start and end date/time manually.
For example, if you select Last 7 days from the Date Range drop-down at 3 PM on March 21 2019, this reports the following date/time range: Mar 14, 2019 12 AM to Mar 21, 2019 12 AM. Note the end time is 12 AM, but if you want to view all the events for today, change the end time to 3 PM.
Only information found during scans of the specified date range is reported. For example, if 9 days ago a container image is removed from a container repository in the registry and the specified date range is 7 days, this container image is not display.
All of the dossier's displayed data is relative to the selected date range. For example, if the date range is Last 7 days, the maximum machine Up Time that could be displayed is 7 days, even if it has been up much longer.
Note that all times are local.
You can add filters to narrow the displayed data.
- Click the text area adjacent to the Add filter icon and select a filter from the drop-down.
- Select an operator.
- Enter the specific text you want the filter to include.
You can add multiple filters that are ANDed together to produce a single result, for example, a filter that returns all hostnames that start with corp but are not in the api-server Kubernetes Cluster.
You can use the * wildcard to match strings.
Click X to remove a filter.
Another method to add a filter is to click the funnel icon adjacent to an entry inside a table. This adds that entry as a filter at the top of the page.
The timeline displays events that match the date/time filter and any specified optional parameter filters set at the top of the page. If the timeline does not display any events, consider increasing the date range.
You can also apply additional filters to only the timeline. For example, to optionally filter events by severity, click one or more severity tiles. If you select only the Critical tile, the timeline lists critical events only. A selected tile or button has a blue background.
The following icons are available for the tables.
|Download in CSV format||Click the Download in CSV format icon to get a comma-separated file of the table contents.|
|Select display columns||Click the Select display columns icon to hide or show the set of columns that are displayed in the table.|
|Full screen||Click the Full screen icon to show the table on the entire screen.|
|Refresh data||Click the Refresh data icon to refresh the table data.|
You can also use a table's search bar to search for an entry within that table.
Click an entry's link in any table to open a new view with details about that entry. For example, click a File Hash entry to display all examples of that hash observed across your environment. Similarly, click an application name to display additional information about that process.