Investigating events

The Events graph on the QRadar Analyst Workflow offense details page displays the number of events that occurred at a given time within the last 7 active days.

1. From the offenses page, click on an offense in the offense table to open the details page.
   Tip: Use the scrubber bar at the top of the Events graph to zoom in on specific times and event spikes.
2. Click View Events to see a list of events that contributed to the offense and investigate event details.
3. To configure the number of events returned in your filter results, click the arrows in the Result Limit indicator.
4. To configure the number of events displayed in the table, click the Items per page drop-down at the bottom of the table.
5. To sort the events table in ascending or descending order by an attribute, click the appropriate table heading.
6. Click on an event to see more details about that event. You can also click on a log source, source IP, or destination IP for specific information on that source or destination.
7. Click Update events to refresh the events results.
   Tip: You can copy and paste the URL from your browser to share the events page, including all filters and configuration options.