Skip to main content Link Menu Expand (external link) Document Search Copy Copied

Behavior Filters

Table of contents
  1. Page Layout
  2. Adding a Behavior Filter

Page Layout

This page displays a table listing currently configured behavior filters on the interface. Behavior filters allow you to set parameters to filter out results from behavior timeline events. This allows you to lower the risk score of a particular timeline hit if certain criteria are met, or to filter out certain hits completely. To the left is a toggle that allows you to disable or enable the behavior filter. To the right are two action buttons. The left button allows you to edit the filter. The right button deletes the filter.

Adding a Behavior Filter

Behavior filters can be added from the Behavior Timeline page. To do so, expand any event on the timeline. This will display all the attributes associated with the event. To the right of each row is a “…” symbol. Clicking this will open up a menu with three options: Search, Suppress Alert, and Add to Entity List. To create a behavior filter, select “Suppress Alert.”

This opens a window to create a behavior filter for this behavior model. The name is autofilled with the attribute and value that was selected, but this can be changed. Optionally, a description can also be added.

There are two options for actions. The first is “Mask Risks Only.” This allows you to select specific risks to suppress when the search criteria is matched, lowering the risk score when the conditions are met. The second action is “Discard Matching Event.” This will discard the hit from the timeline entirely so that it does not display when the search criteria is matched.

The next step is to select the Search Criteria. This will be autofilled with the key of the behavior event and the field and value of the selected attribute. These criteria can be edited and deleted, and new ones can be added as well.

The last step applies to “Match Risks Only” filter types. If this action was selected, this field is used to select which risks should be suppressed by this filter.

Once the filter is done, click “Save” to add it to the behavior filters list. It should now appear on the Behavior Filters table.

Page last updated: 2021 Oct 15