Filter data in Domain view
Domain view enables you to investigate whether or not specific domains are present within your enterprise and what impact they might have had on your assets.
To access Domain view in Chronicle, complete the following steps:
Enter the domain (ending with a known public suffix) or URL you need to investigate in the search bar. Click SEARCH.
Search for a domain from the landing page
Select the domain from the DOMAINS drop-down menu.
Chronicle search autodetect menu
Domain view is displayed.
Domain view
Click the icon in the top right corner of the Chronicle user interface. The Procedural Filtering menu opens as shown in the following figure. Procedural Filtering enables you to further filter information pertaining to an asset, including by event type, log source, network connection status, and Top Level Domain (TLD).
Filtering menu
The following Procedural Filtering options are available in Domain view:
- ASSETS
- EVENT TYPE
- LOG SOURCE
- NETWORK CONNECTION STATUS
- TLD
Filter options