Filter and Search Threats

You can filter and search the Threats page with built-in filters (Basic mode) or, in many Threats pages, by querying with the Threat Command Query Language (Query mode).

From each mode, you can easily switch to the other:
temporary placeholder

Filter the Threats page with Basic Mode

You can filter Threats to display only those that match selected filter criteria.

To filter the Threats page with Basic Mode:

  1. From the main menu, select Threat Command > Threats.
    If the Search bar displays a temporary placeholder, you are in Basic Mode. Otherwise, click Switch to Basic.
    Note: If you are in Query Mode, you may need to click temporary placeholder in the Search bar before you can click Switch to Basic.
  2. Filter the displayed threats list using the filter buttons.

Only matched threats are displayed.

Filter the Threats page with Query Mode

You can use the Query Language (IQL) to display only threats that match query criteria. This option is available for threat pages with this icon in the top bar temporary placeholder.

You can search and filter using complex search queries, similar to those used in other popular tools such as Splunk and Jira, combining various data fields and logical operators to obtain nearly any desired result.

The original filters are still available in Basic Mode or you can use Query Mode to achieve results that are not available with the current filters. For example, in Query Mode you can apply several filters with a logical OR relationship between them, while with the current filtering options, there is a built-in AND relationship between different filters. You can easily select between using the query language, “Query Mode” or the existing filters, “Basic Mode.”

The intuitive query interface supports automatic suggestions and completions, making it very easy to use without needing to remember exact field names or operators.

Queries can consist of the following elements:

  • Field - A word that represents a field in the Query Language. In most cases, fields correspond to filter names.
  • Operator - A word or symbol that compares the value of the field with the value. Only results whose value matches are returned.
  • Value - A value that is used to test if it matches.
  • Keyword - A word or phrase that joins clauses or alters the logic of clauses or operators.

To filter using the Query Language in Query Mode:

  1. From the main menu, select Threat Command > Threats > Phishing.
    If the Search bar displays a temporary placeholder or an temporary placeholder, you are in Query Mode. Otherwise, click Switch to Query.
  2. Click anywhere in the Search bar.
    The list of available fields is displayed.
  3. Create a query by selecting or typing a combination of fields, operators, values, and keywords.
    You can use the arrow and enter keys to easily select from the options in the dropdown.
    Query creation is not case sensitive.
  4. Press Enter
    The Threats page is filtered according to your search query.
    To cancel a query, click temporary placeholder in the Search bar.

For more information on filtering with the Query Language, see Filter and search alerts.