Filter Policy Content Details

The Filters panel allows you to filter the list of displayed content in the policy details view based on the name, medium, source type, enabled/disabled status, subscription status, a resource created date, and last updated date.

This applies to the following content types:

  • Feed

  • Application Rule

  • Log Device

  • Lua Parser

  • Network Rule

  • Event Steam Analysis Rule

  • Bundle

To filter policy content details

  1. Go to netwitness_configure.png (CONFIGURE) > Policies.
  2. In the policies panel, click Content.
  3. Click Policies. The available policies are displayed.

  4. Do one of the following:

    • Click a policy name.

    • Click a row to view details about the selected policy and click View Details.

    The policy details view is displayed.

    filterdetailstab.png

  5. By default, the filters panel is hidden, click the netwitness_displayfilter.png (Filters) icon in the toolbar to expand the filters panel.

  6. To search by name:

    • Set the filter option to Contains operator from the drop-down list and start typing the name of the content rules. Type one character and a list of content rules that contain that character is displayed, as you continue to type the list is filtered to match.

    • Set the filter option to Equals operator from the drop-down list and enter the full name. The particular content type will be displayed.

  7. To filter by medium, select one or more mediums from the Medium drop-down list. The options are listed below:

    • endpoint

    • log

    • log and packet

    • packet

  8. To filter by source type, select one or more sources from the Source Type drop-down list. The options are listed below:

    • Custom

    • Live

  9. To filter by enabled/disabled status, select one or more statuses from the Enabled/Disabled Status drop-down list. The options are listed below:

    • Enabled

    • Disabled

      Note: Enabled/Disabled Status filtering is not applicable to Event Stream Analysis Rule content.

  10. To filter by subscription status, select one or more statuses from the Subscription drop-down list. The options are listed below:

    • Subscribed

    • Unsubscribed

  11. To filter by severity of the content, under the Severity field, select the drop-down values as either Low, Medium, High or Critical.

    Note: This field is applicable only for the content type 'Application Rule'.

  12. To filter by a resource created date range, under the Resource Created Date, select the start date and end date from the date fields.

    For example, to filter contents that were created between July 1 and July 30, you select July 1 as the start date and July 30 as the end date. You must enter dates in mm/dd/yyyy format or you click and pick dates from a calendar.

  13. To filter by date range, under the Last Update date, select the start date and end date from the date fields.

    For example, to filter contents that were updated between July 1 and July 30, you select July 1 as the start date and July 30 as the end date. You must enter dates in mm/dd/yyyy format or you click and pick dates from a calendar.

  14. To hide, click the netwitness_hidefilter.png icon at the top-right of the panel.

    The contents are displayed in the right panel according to the filter you selected. Click Reset to clear the existing filter results.