Use Search and Advanced Search
In addition to using the filters to narrow the activity results in the Activity Search report, the Search and Advanced Search features provide further filtering of event details. For example, you can search for events with specific domains but exclude subdomains you are not interested in. Wildcards available for some fields (Domains, URLs, and File names) allow you to search for all varieties within that field. For example, using *.gif in File Name will search for all files that are .gifs.
Table of Contents
Packages and Feature Availability
Not all of the features described here are available to all Secure Access packages. Information about your current package is listed on the Admin > Licensing page. For more information, see Determine Your Current Package. If you encounter a feature here that you do not have access to, contact your sales representative for more information about your current package.
Prerequisites
- A minimum user role of Read-only. For more information, see Manage Accounts.
Search
Search the report for domains, identities, or URLs. To search and filter the report by more options, such as threat type or file name, use Advanced Search.
Wildcards
Domains
Domains can be searched in the search bar or advanced search with the wildcard * to include or exclude subdomains.
For example, example.com will search the top-level parent domain of Example, *.example.com will search for only the subdomains of Example, and *example.com will search for both the parent and subdomains of Example.
You can use wildcards to search by top-level domain.
For example, *.example will search for all top-level domains that end in .example.
URLs
The wildcard * can be used in any part of the URL path to search for URLs containing certain terms.
For example, example* will search for URLs containing "example".
File Names
File names can use the wildcard * to search for file types, in Advanced Search only. For example, *.gif will search for all files that are .gifs.
Advanced Search
- In the search bar, click Advanced to open the Advanced Search window.
- Add search parameters and click Apply.
| Search Parameter | Description |
|---|---|
| Identity | Include or exclude identity sources in search results. Secure Access opens a menu listing sources as soon as you begin typing. |
| Domain | Include or exclude one or more domains in search results. Wildcards are supported. When you add a domain, a new field appears so that you can add or exclude another domain. |
| SHA256 | Search by the hash function. |
| URL | Include or exclude specific URLs in search results. Wildcards are supported. |
| IP Address | Include or exclude events associated with specific IPv4 or IPv6 addresses on your network (either internal or public egress IP address). Supports both compressed and long-form IPv6 address formats. This does not provide the capability to search for destination IP addresses. |
| IP Address Port | Search by a firewall port number, port range (e.g. 81-222), or port group (e.g. 81,8080,222). |
| Threat | Search by threats. |
| Threat Type | Search by threat type. For more information, see Threat Category Descriptions . |
| AI Supply Chain Category | Search by the categories Prohibited Suppliers, Code Execution, or Copyleft License. For more information, see Customize the Activity Search Report. |
| AI Model Name | Search by AI model name. Wildcards are supported. |
| Block Reason | Include or exclude reasons for a blocked request. Wildcards are supported. |
| Transaction ID | Include or exclude transaction IDs. Wildcards are supported. |
| Public Application | Search by any public application. |
| Resource/Application | Search by any resource or application available in the drop-down. |
| Application Group | Search by any application group available in the drop-down. |
| File Name | Search by the name of a file. Wildcards are supported. |
| IPS Signature List Names | Search by default and custom IPS Signature List Names. For more information, see Manage IPS . |
| IPS Signatures | Search by up to twenty IPS signatures. For more information, see Manage IPS Profiles . |
| OS Type | Search by operating system from which the request originated. |
| Location | Search by the location from which the request originated. |
| Egress IP Type | Search by the egress IPv4 or IPv6 addresses: shared or reserved. Supports both compressed and long-form IPv6 address formats. |
| Egress Data Center | Search by the egress data center location from which activity originated. |
Schedule an Activity Search Report < Use Search and Advanced Search > Security Activity Report
Updated 9 days ago