You can filter the Security Overview to concentrate on the alarms, alerts, and tickets you most want to see. You can filter out the data you don't want to see to more easily find the data you're interested in.
Multiple filters can be active at any time.
Filters are active until you remove them, even if you navigate to another page. When you return to the Security Overview, the filter will still be in place.
The difference between filters and quick filters
You can create filters two ways by:
- Adding a filter
- Creating a quick filter
Adding a filter lets you select a wider variety of subjects to filter on, including account, closure code, date range, destination IP address, impact, keyword, source country, source IP address, status, subject, ticket category, and ticket type. Adding a filter also lets you create exclusion filters. For more information, see the Exclusion filter section below.
Creating a quick filter is faster, but you can only use it to filter on the top 10 of the following:
- Alarms
- Alerts
- Source Countries
- Source IPs
- Destination IPs
You can use a combination of filters and quick filters.
The Date Range filter
For detailed information on the Date Range filter, see Changing the Date Range Displayed on the Security Overview.
Exclusion filters
You can also create filters that exclude the values that you choose, so everything is displayed except for the chosen values. For example, if you select a date range of one month and then negate that condition so that all data from earlier than one month are displayed.
Filter operators
When you add filters, you have the choice to use an And or Or operator. The operator is applied to all the filters you add.
| Operator | Definition |
|---|---|
| And | Data has to fulfill all filters to be displayed. |
| Or | Data only has to fulfill one filter to be displayed. |
To create and apply a Security Overview filter
- In Barracuda XDR Dashboard, click Intelligence > Security Overview .
- Click Add Filter.
- In Field, select an option.
- In Value, select an option.
- Optionally, if you want to exclude the values you chose in the Field and Value fields, enable the Negate this condition check box.
- Click Apply Changes.
- Repeat steps 2-6 until you have added all the filters you want.
- Optionally, in the Filters area, click one of the following filter operators:
- And
- Or
To create a quick filter by a top alarm, alert, source country, source IP, or destination IP
- In Barracuda XDR Dashboard, click Intelligence > Security Overview.
- Click a row in one of the following:
- Top Alarms
- Top Alerts
- Top Source Country
- Top Source IP
- Top Destination IP
To edit a filter
- In Barracuda XDR Dashboard, click Intelligence > Security Overview.
- Click the filter you want to edit.
- In Field, select an option.
- In Value, select an option.
- Optionally, if you want to exclude the values you chose in the Field and Value fields, enable the Negate this condition check box.
- Click Apply Changes.
To remove a filter
- In Barracuda XDR Dashboard, click Intelligence > Security Overview.
- Click the filter you want to remove.
- Click Remove.
To remove all filters
This procedure does not remove the default Date Range: 1 Month filter. To remove this filter, follow the To remove a filter procedure above.
- In Barracuda XDR Dashboard, click Intelligence >Security Overview.
- Click Clear All.