List of filters

To make searching for a specific detection easier, you can filter using multiple criteria.

Click Add filter and select the filter type from the drop-down menu or type a string (repeat when combining criteria):

•Time—Filtering by the time of occurrence.

•ESET Inspect Connector version—Filtering by the version of ESET Inspect Connector deployed on the specific computer.

•Alert count—Filtering by the number of ESET PROTECT On-Prem related alerts (outdated endpoint, etc.).

•AVG Received events / 24H—Filtering by the average number of received events during 24 hours.

•AVG Stored events / 24H—Filtering by the average number of stored events during 24 hours. This number depends on the Settings, Data Retention and Data collection setting.

•Description—Filtering by the description of the computer, taken from ESET PROTECT On-Prem.

•Endpoint version—Filtering by the version of Endpoint installed on that Computer

•FQDN—Filtering by the fully qualified domain name, is a domain name that specifies its exact location in the tree hierarchy of the Domain Name System (DNS).

•Group—Filtering by the name of the group of computers a specific computer belongs to.

•Information—Filtering by the total count of unresolved informational detections on computer.

•Information (Unique)—Filtering by count of unique unresolved informational detections on computer.

•Isolated from network—Filtering by the computer isolated from network (only connections between ESET Security products are available).

•Last Change Date—Filtering by the date, when the object was changed the last time.

•Last Change Type—Filtering by the last change of the object (for example, marked as resolved, change of the priority).

•Last Changed By—Filtering by the user which was the last one to change the object.

•Last Connected—Filtering by the permanent connection created to listen on notification about blocked hashes, requests to download some file, kill the process, etc. Refresh interval is 90 seconds.

•Last event—Filtering by the timestamp of the last event sent to the server. So the time when this event occurred on the computer, not when it was sent to ESET Inspect Server.

•Name—Filtering by the name of the computer/executable/exclusion/task/blocked hash/report.

•OS Name—Filtering by the name of the operation system (Windows, macOS, Linux).

•OS Platform—Filtering by the operating system that is running on the specific computer (32-bit or 64-bit).

•OS Version—Filtering by the version of EEA or EES deployed on the specific computer.

•Received events from today—Filtering by the number of events that occurred on the specific computer since midnight

•Resolved—Filtering by the total count of resolved detections on a computer with no regard for the severity. In case of detections view or tab, it Filtering by the status of the detection, whether it was resolved or not.

•Severity Score—Filtering by the more precise definition of severity. 1–39 > Info 40–69 > Warning 70–100 > Threat .

•Stored events from today—Filtering by the number of computer events since midnight

•Threats—Filtering by the total count of unresolved threat detections on the computer.

•Threats (Unique)—Filtering by the count of unique unresolved threat detections on computer.

•Unresolved—Filtering by the total count of unresolved detections on computer.

•Unresolved (Unique)—Filtering by the count of unique unresolved detections on computer.

•Warnings—Filtering by the total count of unresolved warning detections on computer.

•Warnings (Unique)—Filtering by the count of unique unresolved warning detections on computer.

Alerts

•Details—Filtering by the text in the details column field.

•Occurred—Filtering by the time of occurrence of the alert. Select earlier than or later than, and the desired time range.

•Problem—Filtering by the text of the problem of the alert.

•Product—Filtering by the text of the product of the alert.

•Status—Filtering by the name of the ESET PROTECT On-Prem alert status.

•Subproduct—Filtering by the text of the Subproduct of the alert.

Detections

•Actions taken—Filtering by the actions taken.

•Blocked URL—Filtering by the URL of the blocked detection if applicable.

•Category—Filtering by the category name that you can find among category tags in the Edit Rule section.

•Command Line—Filtering by the detections by the command line filename.

•Compromised—Filtering by the compromised computers.

•Computer—Filtering by the computer name. Select equal/unequal to include/exclude specific name. In Scripts tab, Filtering by the name of the computer, where the detection triggered.

•Detection Info—Filtering by the detection of specific information (rule name in case of rule detection, malware info in case of Antivirus detections, etc.).

•Detection Type—Filtering by the type of the detection (Firewall, HIPS, Filtered Websites, Antivirus, Rule, Blocked ).

•Executable—Filtering by the name of the executable found in the detection details or in the Executable column. Choose equal/unequal to include/exclude specific name.

•First Seen (LiveGrid®)—Filtering when an executable was first seen on any computer connected to LiveGrid®.

•Full name—Filtering by the users full name, if available from Active Directory.

•Integrity Level—Filtering by the level of integrity.

•Job Position—Filtering by the users job position, if available from Active Directory.

•Last Change Date—Filtering by the date, when the object was changed the last time.

•Last Change Type—Filtering by the last change of the object (for example, marked as resolved, change of the priority).

•Last Changed By—Filtering by the user which was the last one to change the object.

•MITRE ATT&CK™ TECHNIQUES—Filtering by the ID of the MITRE ATT&CK™ TECHNIQUE.

•Note—Filtering by the Note.

•Time Occured—Filtering by the time of occurrence. Select earlier than or later than, and the desired time range.

•Parent Process ID—Filtering by the ID of the parent process that created this child process.

•Parent Process Name—Filtering by the name of the parent process that created this child process.

•Parent Process SHA-1—Filtering by the hash of the parent process.

•Parent Process Signature Type—Filtering by the parent process's file signature type (Trusted/Valid/None/Invalid/Unknown).

•Parent Process Signer Name—Filtering by the parent process's file signer name.

•Popularity (LiveGrid®)—Filtering by how many computers reported an executable to LiveGrid®.

•Process ID—Filtering by the Process ID found in detection details or in Process Name (ID) column. You can choose whether it is bigger and equal or smaller and equal to the one you are looking for, Known—if the ID is known, Unknown—if the ID is unknown (for example, executable blocked by hash).

•Process Name—Filtering by the Process Name that you can find in the details of the Detection or in the column Process Name (ID). You can choose whether it is equal or unequal to the one you are looking for.

•Reputation (LiveGrid®)—Filtering by the number from 1 to 9, indicating how safe the file is. 1–2 Red is malicious, 3–7 Yellow is suspicious, 8–9 Green is safe

•Rule Actions—Filtering by the rule actions.

•Rule Name—Filtering by the name of the rule (Default or Customized).

•Scanner—Filtering by the type of Endpoint scanner that prevented the potential threat.

•Severity Score—Filtering by the more precise definition of severity. 1–39 > Info 40–69 > Warning 70–100 > Threat .

•SHA-1—Filtering by the hash of the executable.

•Signature Type—Filtering by the signature type (Trusted/Valid/None/Invalid/Unknown).

•Signer Name —Filtering by the signer of the file.

•Task Name—Filtering by the task name from Tasks tab.

•Threat Name—Filtering by the threat name, that can be found in this list http://www.virusradar.com/en/threat_encyclopaedia

•Time Triggered—Filtering by the time of triggering. Select earlier than or later than or equal, and the desired time.

•URI—Filtering by the URI which caused this detection to trigger.

•User Department—Filtering by users department, if available from Active Directory.

•User Description—Filtering by users description, if available from Active Directory.

•Username—Filtering by the user account that was logged on the computer at the time of detection trigger.

•Author—Name of the currently logged user at the creation or edition.

•Progress—Filtering by the progress of the task.

•Results—Filtering by the results is based on the object type.

Incidents

•Assignee—Filtering by the name of the Assignee.

•Author—Name of the currently logged user at the creation or edition.

•Computers—Filtering by the number of computers that the reporter created the report for.

•Creation Time—Filtering by the time of creation of the report.

•Description—Filtering by the description of the computer, taken from ESET PROTECT On-Prem. In Incidents Filtering by the description provided by the reporter.

•Detections—Filtering by the number of detections triggered by this task. In Incidents Filtering by the number of detections that the report contains.

•Executables—Filtering by the number of executables that the report contains.

•Last Update—Filtering by the time of the last update of the report.

•Name—Filtering by the name of the computer/executable/exclusion/task/blocked hash/report.

•Processes—Filtering by the number of processes that the report contains.

Executables

•Blocked—Filtering by whether the executable's hash was blocked or not.

•Company Name—Filtering by the company that produced the executable (for example, "Microsoft Corporation" or "Standard Micro-systems Corporation, Inc.).

•DNS events—Filtering by the total number of DNS events, that the specific executable triggered.

•Events / 24h—Filtering by the total amount of events within 24 hours.

•Executable Drops—Filtering by the number of dropped executables made by this executable.

•Executed on Computers—Filtering by the number of computers on which the file was executed.

•Executions—Filtering by how many times this EXE file was executed on all computers.

•File Description—Filtering by the full description of the file, for example, "Keyboard Driver for AT-Style Keyboards".

•File Modifications—Filtering by how many files were modified (written to, deleted, renamed).

•File Version—Filtering by the version number of the file for example, "3.10" or "5.00.RC2".

•First Executed—Filtering when was executable first executed on this computer.

•First Seen—Filtering when an executable was first seen on any computer.

•First Seen (LiveGrid®)—Filtering when an executable was first seen on any computer connected to LiveGrid®.

•HTTP Events—Filtering by the total number of HTTP events, that the specific executable triggered.

•Information—Filtering by the total count of unresolved informational detections on computer.

•Information (Unique)—Filtering by count of unique unresolved informational detections on computer.

•Internal Name—Filtering by the internal name of the file, if one exists, for example, an executable name if the file is a dynamic-link library. If the file has no internal name, this string is the original filename, without extension.

•Last Change Date—Filtering by the date, when the object was changed the last time.

•Last Change Type—Filtering by the last change of the object (for example, marked as resolved, change of the priority).

•Last Changed By—Filtering by the user which was the last one to change the object.

•Last Executed—Filtering by when was executable executed last time on any computer.

•Last Processed on (ESET LiveGuard)—Filtering by when was executable processed last time in ESET LiveGuard.

•Name—Filtering by the name of the computer/executable/exclusion/task/blocked hash/report.

•Nearmiss Report—Filtering if the detection is triggered due to malware, but we cannot hundred percent guarantee it is malware.

•Network Connections—Filtering by the number of network connections this file makes.

•Note—Filtering by the Note.

•Original File Name—Filtering by the original name of the file, not including the path. This information enables an application to determine whether a user has renamed a file. The format of the name depends on the file system for which the file was created.

•Packer Name—Filtering by the name of packer if an executable is packed.

•Popularity (LiveGrid®)—Filtering by how many computers reported an executable to LiveGrid®.

•Product Name—Filtering by the name of the product with which the file is distributed.

•Product Version—Filtering by the version of the product with which the file is distributed, for example, "3.10" or "5.00.RC2".

•Registry Modifications—Filtering by how many registry entries were modified.

•Reputation (LiveGrid®)—Filtering by the number from 1 to 9, indicating how safe the file is. 1–2 Red is malicious, 3–7 Yellow is suspicious, 8–9 Green is safe

•Resolved—Filtering whether the detection is marked as Resolved . This status can be changed via buttons at the bottom of the window.

•Safe—Filtering if the executable was marked as safe.

•Seen on Computers—Filtering by the number of computers the file was discovered.

•Sent Bytes—Filtering by the total number of bytes sent by this file, from all computers, all processes.

•SFX Name—Filtering by the self-extracting archive type if an executable is packed.

•SHA-1—Filtering by the hash of the executable.

•Signature CN #1—macOS only; same as the Windows product name column.

•Signature CN #2—macOS only; same as the Windows file version column.

•Signature CN #3—macOS only; same as the Windows product version column.

•Signature CN #4—macOS only; same as the Windows internal name column.

•Signature CN #5—macOS only; same as the Windows original filename.

•Signature Id—macOS only; same as the Windows company name column.

•Signature Type—Filtering by the signature type (Trusted/Valid/None/Invalid/Unknown).

•Signer Name —Filtering by the signer of the file.

•State (ESET LiveGuard)—Filtering by the executable's present station in the analysis workflow.

•Status (ESET LiveGuard)—Filtering by the result of the behavioral analysis or the absence of a result (Unknown/Clean/Suspicious/Highly suspicious/Malicious).

•Threats—Filtering by the total count of unresolved threat detections on the computer.

•Threats (Unique)—Filtering by the count of unique unresolved threat detections on computer.

•Unresolved—Filtering by the total count of unresolved detections on computer.

•Unresolved (Unique)—Filtering by the count of unique unresolved detections on computer.

•User Id—macOS only; same as the Windows file description column.

•Warnings—Filtering by the total count of unresolved warning detections on computer.

•Warnings (Unique)—Filtering by the count of unique unresolved warning detections on computer.

•Whitelist Type—Filtering by the information if an executable is whitelisted.

Scripts

•Command Line—Filtering by the detections by the command line filename.

•Command Line Length—Filtering by the length of the command line command (Count of characters).

•Computer—Filtering by the computer name. Select equal/unequal to include/exclude specific name. In Scripts tab, Filtering by the name of the computer, where the detection triggered.

•Ended—Filtering by the time, when the process was terminated, caused by this process.

•First Child Module Name—Filtering by the child process name.

•First HTTP Request—Filtering by the source HTTP address, if the script access the network.

•Full name—Filtering by the users full name, if available from Active Directory.

•Integrity Level—Filtering by the level of integrity.

•Job Position—Filtering by the users job position, if available from Active Directory.

•Last Change Date—Filtering by the date, when the object was changed the last time.

•Last Change Type—Filtering by the last change of the object (for example, marked as resolved, change of the priority).

•Last Changed By—Filtering by the user which was the last one to change the object.

•Note—Filtering by the Note.

•Parent Module Name—Filtering by the parent process name.

•Resolved Detections—Filtering by the total count of resolved detections on the specific computer with no regard to severity.

•Safe—Filtering by the safe state.

•Started—Filter by the time, when the process was executed, caused by this process

•Unresolved Detections (Unique)—Filtering by the total count of unique unresolved detections on the specific computer.

•User Department—Filtering by users department, if available from Active Directory.

•User Description—Filtering by users description, if available from Active Directory.

•Username—Filtering by the user account that was logged on the computer at the time of detection trigger.

Notifications

•Status—Filtering by the status of the notifications (Active/Accepted/Rejected/Resolved/Don't show)

•Timestamp—Set the period (date and time).

•Time—Filtering by the time of occurrence.

Rules

•Author—Name of the currently logged user at the creation or edition.

•Category—Filtering by the category name that you can find among category tags in the Edit Rule section.

•Enabled—Filtering by the rule/exclusion. Enabled or disabled.

•Hit Count—Filtering by the count of detections that were excluded by this exclusion.

•Last Change Date—Filtering by the date, when the object was changed the last time.

•Last Change Type—Filtering by the last change of the object (for example, marked as resolved, change of the priority).

•Last Changed By—Filtering by the user which was the last one to change the object.

•MITRE ATT&CK™ TECHNIQUES—Filtering by the rule contains an ID of the MITRE ATT&CK™ TECHNIQUE.

•OS Name—Filtering by the name of the operation system (Windows, macOS, Linux).

•Rule Actions—Filtering by the rule actions.

•Rule Body—Filtering by the rule body.

•Rule Name—Filtering by the name of the rule (Default or Customized).

•Severity Score—Filtering by the more precise definition of severity. 1–39 > Info 40–69 > Warning 70–100 > Threat .

•Valid—Filtering by the rule with the wrong syntax, it gets an invalid tag.

Exclusions

•Author—Name of the currently logged user at the creation or edition.

•Enabled—Filtering by the rule/exclusion. Enabled or disabled.

•Hit Count—Filtering by the count of detections that were excluded by this exclusion.

•Last Change Date—Filtering by the date, when the object was changed the last time.

•Last Change Type—Filtering by the last change of the object (for example, marked as resolved, change of the priority).

•Last Changed By—Filtering by the user which was the last one to change the object.

•Name—Filtering by the name of the computer/executable/exclusion/task/blocked hash/report.

•Note—Filtering by the Note.

•Rule Name—Filtering by the name of the rule (Default or Customized).

Blocked Hashes

•Cleaned—Filtering by the file was clean, when the hash was added.