Filtering the Detection List Page
You can filter the Detection List page to concentrate on the detection rules you most want to see. You can filter out the rules you don't want to see to more easily find the rules you're interested in.
Multiple filters can be active at any time.
The difference between filters and quick filters
You can create filters two ways, by:
Adding a filter
Creating a quick filter
Adding a filter lets you select a wider variety of subjects to filter on, including category, data source, date range, description, detection observables, keyword, MITRE ATT&CK®, and rule name. Adding a filter also lets you create exclusion filters. For more information, see the Exclusion filter section below.
Creating a quick filter is faster, but you can only use it to filter on the following fields:
Rule name
Description
MITRE ATT&CK®
Category
Data source
Date range
Detection observables
Quick filters only filter on the contents of the field for a specific rule. For example, if you created a quick filter through a rule on the field Category with the contents Network Security,
For example, creating a quick filter on the Category field only lets you filter on the contents of that field for that specific rule. If the rule has the category Network Security, you can only create a quick filter of Category: Network Security. If you want to filter on Category: Email Security, you would have to create a filter or create a quick filter using a rule that has the category Email Security.
You can use a combination of filters and quick filters.
Exclusion filters
You can also create filters that exclude the values that you choose, so everything is displayed except for the chosen values. For example, if you select a date range of one month and then negate that condition, the data from earlier than one month are displayed.
Filter operators
When you add filters, you have the choice to use an And or Or operator. The operator is applied to all the filters you add.
Operator | Definition |
|---|---|
And | Data has to fulfill all filters to be displayed. |
Or | Data only has to fulfill one filter to be displayed. |
To create and apply a Detection List filter
In Barracuda XDR Dashboard, click Administration > Detection List.
Click Add Filter.
In Field, select an option.
In Value, select an option.
Optionally, if you want to exclude the values you chose in the Field and Value fields, enable the Negate this condition check box.
Click Apply Changes.
Repeat steps 2-6 until you have added all the filters you want.
Optionally, in the Filters area, click one of the following filter operators:
And
Or
To create a quick filter
In Barracuda XDR Dashboard, click Administration > Detection List.
Click the row of the rule you want to create a rule from.
Click the quick filter
icon in any field row.
To edit a filter
In Barracuda XDR Dashboard, click Administration > Detection List.
Click the filter you want to edit.
In Field, select an option.
In Value, select an option.
Optionally, if you want to exclude the values you chose in the Field and Value fields, enable the Negate this condition check box.
Click Apply Changes.
To remove a filter
In Barracuda XDR Dashboard, click Administration > Detection List.
Click the filter you want to remove.
Click Remove
.
To remove all filters
In Barracuda XDR Dashboard, click Administration > Detection List.
Click Clear All.