Apply and save filters

Supported in:

Filters let you narrow your case search in the queue to precisely target the cases you want to analyze.

You can add each filter using either an AND or OR condition.
Each filter can also include an IS or IS_NOT condition.

The following filters are available:

  • Time Frame
  • Alert names
  • Analysts - (note that you can also choose to include analysts who are part of a role. For example, you can choose just Tier2, and if Alex Smith (who is part of a Tier2) is assigned a case, this appears in the filtered display.)
  • Environments
  • Priorities
  • Products
  • Stages
  • Tags
  • Playbook Status

For example, you can create a filter to display cases that are high priority but not in the Investigation stage from the last 24 hours.

  1. Click filtericon Open Filter.
  2. Complete the required information as follows:
    • Time Frame: Last 24 hours.
    • Priorities IS High.
    • And
    • Stages IS_NOT Investigation.
    applyandsavefilters
  3. To save the filter for future use, click Save Filter and give it a name. The filter is saved under the downward arrow in the Case queue header for future use. You can edit and delete filters from this saved filter list.
  4. Click Apply to apply the filter to the case queue.

Need more help? Get answers from Community members and Google SecOps professionals.