Common additional filter settings for all logs and quick reports

The following table lists the most common filter settings that logs and reports use.
Most common additional settings for all logs and quick reports
Option
Description
Log or report
Event type
Includes the component or action that triggered the event that you want to view.
All
Severity
Displays the minimum severity level of the events that you want to view.
The setting filters the display to show only the specified severity level and above. For example, if you select
Major
, both the major and the critical events appear.
Application and Device Control, Compliance, Network and Host Exploit Mitigation, System
Operating system
Includes only those computers with this operating system.
Device Control, Compliance, Computer Status, Network and Host Exploit Mitigation, SONAR, Risk, Scan
Site
Includes the local site or the remote site that you want to view information about.
You can use the wildcard character question mark (?), which matches any one character, and the asterisk (*), which matches any string of characters. You can also click the dots to select from a list of known sites.
Audit, Application and Device Control, Compliance, Computer Status, Network and Host Exploit Mitigation, System
Domain
Includes the domain that you want to view information about.
This field accepts a comma-separated list as input. You can use the wildcard character question mark (?), which matches any one character, and the asterisk (*), which matches any string of characters. You can also click the dots to select from a list of known domains.
All
Group
Specifies the group that you want to view information about.
You can use the wildcard character question mark (?), which matches any one character, and the asterisk (*), which matches any string of characters. You can also click the dots to select from a list of known groups.
Because all groups are subgroups of the default parent group, when this filter searches for groups, it searches hierarchically starting with the name of the default group. Unless the name of your group starts with the same letter, you should precede the search string with an asterisk when using wildcards.
For example, if you have a group named Purchasing, and you type p* into this box, no group is found and used in the view. To find a group named Purchasing, you need to use *p* instead.
All but Audit
Server
Specifies the management server that you want to view information about.
You can use the wildcard character question mark (?), which matches any one character, and the asterisk (*), which matches any string of characters. You can also click the dots to select from a list of known servers.
All
Computer
Includes the computer that you want to view information about.
You can use the wildcard character question mark (?), which matches any one character, and the asterisk (*), which matches any string of characters. You can also use a comma-separated list as input.
Application and Device Control, Compliance, Computer Status, Network and Host Exploit Mitigation, SONAR, Risk, Scan
User
Includes the user names that you want to view information about.
All
IP address
Includes the IP address of the computer that you want to view information about. When you want to filter logs or reports by using an IP address, use the IP address that appears in the Computer Status log view.
You can use the wildcard character question mark (?), which matches any one character, and the asterisk (*), which matches any string of characters. You can also use a comma-separated list as input.
If you export the log the IP address might appear blank rather than using the x.x.x.x format. A blank IP address indicates that the risk was detected on the management server, rather than a remote computer.
Application and Device Control, Compliance, Computer Status, Network and Host Exploit Mitigation, Scan
Remote IP address
Specifies the remote host that you want to view information about.
This field supports host names only, and not IPv4 or IPv6 addresses. It does validate whether or not the host name is correct.
Compliance, Network and Host Exploit Mitigation,
Remote host
Specifies the remote host that you want to view information about.
Compliance, Network and Host Exploit Mitigation,
More information