You can add filters to your IBM
QRadar Incident Forensics queries to limit
the number or type of documents that you see in the search results page.
Procedure
-
On the Forensics tab, click the Query Filters
icon.
The data is separated into groups by filter type.
-
In the Search Filters window, for each filter type, choose whether to
include the documents in the search results by clicking Include or
Exclude.
-
To find an item in a filter group, follow these steps:
-
In the Filter Type column, expand a filter group.
-
In the Search window, select the criteria and click
Find.
When you search for a record in the Webcategory filter group, all matching
category fields are displayed. For example, when you search for Webcategory
equal
chat, Chat, and related categories, such as
Instant Messaging, Webmail/Unified Messaging,
Search Engines/Web catalogs/Portals, and Cloud are
displayed.