Procedural Filtering enables you to further filter information pertaining to an asset, including by event type, log source, network connection status, and Top Level Domain (TLD). The Procedural Filtering menu options change depending on the Google Security Operations view and the breadth and types of security data currently displayed in the UI.
This describes how to access and use Procedural Filtering when investigating an alert using Google SecOps for the following views:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-24 UTC."],[[["\u003cp\u003eProcedural Filtering allows for detailed filtering of asset information by event type, log source, network connection status, and Top Level Domain (TLD).\u003c/p\u003e\n"],["\u003cp\u003eThe available filtering options in the Procedural Filtering menu will adapt based on the specific Google Security Operations view and the security data displayed.\u003c/p\u003e\n"],["\u003cp\u003eProcedural Filtering is accessible within various Google Security Operations views, including User, Rule Detections, Asset, Domain, IP Address, Hash, and Raw Log Scan.\u003c/p\u003e\n"],["\u003cp\u003eProcedural filtering is supported in Google SecOps.\u003c/p\u003e\n"]]],[],null,[]]