Procedural Filtering enables you to further filter information pertaining to an asset, including by event type, log source, network connection status, and Top Level Domain (TLD). The Procedural Filtering menu options change depending on the Google Security Operations view and the breadth and types of security data currently displayed in the UI.
This describes how to access and use Procedural Filtering when investigating an alert using Google SecOps for the following views:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[[["\u003cp\u003eProcedural Filtering allows for detailed filtering of asset information by event type, log source, network connection status, and Top Level Domain (TLD).\u003c/p\u003e\n"],["\u003cp\u003eThe available filtering options in the Procedural Filtering menu will adapt based on the specific Google Security Operations view and the security data displayed.\u003c/p\u003e\n"],["\u003cp\u003eProcedural Filtering is accessible within various Google Security Operations views, including User, Rule Detections, Asset, Domain, IP Address, Hash, and Raw Log Scan.\u003c/p\u003e\n"],["\u003cp\u003eProcedural filtering is supported in Google SecOps.\u003c/p\u003e\n"]]],[],null,["# Overview of procedural filtering\n================================\n\nSupported in: \nGoogle secops [SIEM](/chronicle/docs/secops/google-secops-siem-toc)\n\nProcedural Filtering enables you to further filter information pertaining to an asset, including by event type, log source, network connection status, and Top Level Domain (TLD). The Procedural Filtering menu options change depending on the Google Security Operations view and the breadth and types of security data currently displayed in the UI.\n\nThis describes how to access and use Procedural Filtering when investigating an alert using Google SecOps for the following views:\n\n- [User view](/chronicle/docs/investigation/filter-data-user-view)\n- [Rule Detections view](/chronicle/docs/investigation/filter-data-rule-detections)\n- [Asset view](/chronicle/docs/investigation/filter-data-asset-view)\n- [Domain view](/chronicle/docs/investigation/filter-data-domain-view)\n- [IP Address view](/chronicle/docs/investigation/filter-data-ipaddress-view)\n- [Hash view](/chronicle/docs/investigation/filter-data-hash-view)\n- [Raw Log Scan view](/chronicle/docs/investigation/filter-data-raw-log-scan-view)\n\n**Need more help?** [Get answers from Community members and Google SecOps professionals.](https://security.googlecloudcommunity.com/google-security-operations-2)"]]
