Procedural Filtering enables you to further filter information pertaining to an asset, including by event type, log source, network connection status, and Top Level Domain (TLD). The Procedural Filtering menu options change depending on the Google Security Operations view and the breadth and types of security data currently displayed in the UI.
This describes how to access and use Procedural Filtering when investigating an alert using Google Security Operations for the following views:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-04-02 UTC."],[[["Procedural Filtering allows for detailed filtering of asset information by event type, log source, network connection status, and Top Level Domain (TLD)."],["The available filtering options in the Procedural Filtering menu will adapt based on the specific Google Security Operations view and the security data displayed."],["Procedural Filtering is accessible within various Google Security Operations views, including User, Rule Detections, Asset, Domain, IP Address, Hash, and Raw Log Scan."],["Procedural filtering is supported in Google SecOps."]]],[]]