Visualization of offenses

Filter the Offenses table in the QRadar Analyst Workflow to display the specific offenses you want to investigate.

About this task

As you apply filters, the offenses table displays only the offenses that meet your filter criteria. The graphs displayed on the page also change to reflect only the offenses in your filtered list.

Tip: You can copy and paste the URL from your browser to share the offenses page, including all filters and configuration options.

Procedure

To apply a filter, click any of the following categories to see filtering options for that category:
- Magnitude
- Severity
- Assigned To
- Status
- Start Time
- Offense Type
- Log Source Name
- Log Source Type
- Destination Network
- Local Destination Addresses
- Source Addresses
- Rules
- Follow Up
- Protected
To include only offenses with specific attributes, select that attribute in the filters list. To exclude offenses with specific attributes, click the icon next to the attribute, and click Apply IS NOT Filter.

Tip: You can right-click on a Status, Type, Source IP, or Destination IP in the offenses table and quickly apply an IS or IS NOT filter to the offenses.
To sort the offenses table in ascending or descending order by an attribute, click the appropriate table heading.
To clear individual filters, click the X on the filter indicator. To clear all filters, click Clear filters.
To configure the number of offenses displayed in the table, click the Items per page drop-down at the bottom of the table.
To sort the offenses table in ascending or descending order by an attribute, click the appropriate table heading.