Filter data in Domain view

Domain view enables you to investigate whether or not specific domains are present within your enterprise and what impact they might have had on your assets.

To access Domain view in Chronicle, complete the following steps:

  1. Enter the domain (ending with a known public suffix) or URL you need to investigate in the search bar. Click SEARCH.

    Search for a domain Search for a domain from the landing page

  2. Select the domain from the DOMAINS drop-down menu.

    Domain search autodetect menu Chronicle search autodetect menu

  3. Domain view is displayed.

    Domain view Domain view

  4. Click the Filtering Icon icon in the top right corner of the Chronicle user interface. The Procedural Filtering menu opens as shown in the following figure. Procedural Filtering enables you to further filter information pertaining to an asset, including by event type, log source, network connection status, and Top Level Domain (TLD).

    Domain view filtering menu Filtering menu

    The following Procedural Filtering options are available in Domain view:

    • ASSETS
    • EVENT TYPE
    • LOG SOURCE
    • NETWORK CONNECTION STATUS
    • TLD

    Domain view filtering menu options Filter options