This page consists of a table listing all defined filters. To the left, the facet search can be used to find a filter based on one of its fields.
Field type that is being matched
Value of field that is being matched
Information or incident/issue tags on the filter
Brief description of filter if defined on "Alert Filters" page
Time since last update
To add a new filter, there must be at least one match defined. The match fields are the top two boxes: type and value. The type allows you to select from 8 different fields to match: IP address, subnet, host, domain, alert ID, field, label, or MD5. The value indicates the exact value you are trying to match from that field.
Incidents and tags can also be attached to the filter. These are predefined and will appear alongside matches when they are found. A description of the filter can also optionally be added.