It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda XDR

Filtering the Security Overview

  • Last updated on

You can filter the Security Overview  to concentrate on the alarms, alerts, and tickets you most want to see. You can filter out the data you don't want to see to more easily find the data you're interested in.

For more information on events, alarms, and alerts, see Introduction to Events, Alerts, and Alarms.

Multiple filters can be active at any time.

Filters are active until you remove them, even if you navigate to another page. When you return to the Security Overview, the filter will still be in place.

The difference between filters and quick filters

You can create filters two ways by:

  • Adding a filter

  • Creating a quick filter

Adding a filter lets you select a wider variety of subjects to filter on, including account, closure code, date range, destination IP address, impact, keyword, source country, source IP address, status, subject, ticket category, and ticket type. Adding a filter also lets you create exclusion filters. For more information, see the Exclusion filter section below.

Creating a quick filter is faster, but you can only use it to filter on the top 10 of the following:

  • Alarms

  • Alerts

  • Source Countries

  • Source IPs

  • Destination IPs

You can use a combination of filters and quick filters.

The default filter

By default, the Security Overview is filtered by a date range of one month. This filter is active whenever you open or refresh the Security Overview. This filter is not removed when you click Clear All, but you can delete it by clicking the Remove button. See To remove one filter below.

The Date Range filter

For detailed information on the Date Range filter, see Changing the Date Range Displayed on the Security Overview.

Exclusion filters

You can also create filters that exclude the values that you choose, so everything is displayed except for the chosen values. For example, if you select a date range of one month and then negate that condition so that all data from earlier than one month are displayed.

Filter operators

When you add filters, you have the choice to use an And or Or operator. The operator is applied to all the filters you add.

Operator

Definition

And

Data has to fulfill all filters to be displayed.

Or

Data only has to fulfill one filter to be displayed.

To create and apply a Security Overview  filter

SecurityOverviewAddFilter.png

  1. In Barracuda XDR Dashboard, click Intelligence > Security Overview.

  2. Click Add Filter AddFilter.png .

  3. In Field, select an option.

  4. In Value, select an option.

  5. Optionally, if you want to exclude the values you chose in the Field and Value fields, enable the Negate this condition check box.

  6. Click Apply Changes.

  7. Repeat steps 2-6 until you have added all the filters you want.

  8. Optionally, in the Filters area, click one of the following filter operators:

    • And

    • Or

To create a quick filter by a top alarm, alert, source country, source IP, or destination IP
  1. In Barracuda XDR Dashboard, click Intelligence > Security Overview.

  2. Click a row in one of the following:

    • Top Alarms

    • Top Alerts

    • Top Source Country

    • Top Source IP

    • Top Destination IP

To edit a filter
  1. In Barracuda XDR Dashboard, click Intelligence > Security Overview.

  2. Click the filter you want to edit.

  3. In Field, select an option.

  4. In Value, select an option.

  5. Optionally, if you want to exclude the values you chose in the Field and Value fields, enable the Negate this condition check box.

  6. Click Apply Changes.

To remove a filter
  1. In Barracuda XDR Dashboard, click Intelligence > Security Overview.

  2. Click the filter you want to remove.

  3. Click Remove.

To remove all filters

This procedure does not remove the default Date Range: 1 Month filter. To remove this filter, follow the To remove a filter procedure above.

  1. In Barracuda XDR Dashboard, click Intelligence >Security Overview.

  2. Click Clear All.