Filter data in User view
Chronicle User view lets you better understand how users within an enterprise might be impacted by security events. By focusing on the behavior of individual users, security administrators can search for activity indicating an account compromise or other security concern.
To open User view, enter the username or email address of a user within your enterprise in the search field.
Click SEARCH to pivot to User view.
Select the user from the USERS menu. User view is displayed.
Click the right arrow in the Detections column in the left navigation panel.
Click the
icon
in the top right corner of the Chronicle user interface to open the Procedural Filtering menu.The following Procedural Filtering options are available in User view:
- AUTH TYPE
- EVENT TYPE
- LOG SOURCE
- OUTCOME
- PRINCIPAL LOCATION
- TARGET APPLICATION
Summary of Visual elements in the view
Chronicle includes the following user interface elements to help you investigate any issues that might be present within your enterprise:
| Element | Description |
|---|---|
| Time slider | The time slider allows you to adjust the time period under examination. You can adjust the slider to view between one minute and one day of events. Available only in: Enterprise Insights, Asset view, IP Address view, Domain view, Hash view, User view, Rules Dashboard, Rules Editor. |
| Prevalence | Prevalence measures the number of assets within your enterprise that have connected to a specific domain over the past seven days. Available only in: Asset view, IP Address view, Domain view, Hash view. |
| Right Navigation Panel | |
| Expand all | Expands all the collapsed items. |
| Collapse all | Collapses all the expanded items. |
| Reset | Displays the default view and includes All (there are exceptions). |
| Show all | Includes all the items. |
| Hide all | Excludes all the items. |
| Include | Includes the excluded items. Hovering over the icon provides a preview in green. |
| Exclude | Filters out the selected item. Hovering over the icon provides a preview in orange. |
| Exclude others | FIlters out the other items except the selected item. |
| Left Navigation Panel | |
| Expand all | Expands all the collapsed items. |
| Collapse all | Collapses all the expanded items. |
| Wrap text | Wraps text to the next line when it gets to the right margin, otherwise the text is displayed on one line only. |
| Unwrap text | Unwrap text expands the text in one line only. |
| Actions | Download as CSV - Download the information in CSV format. |
| Search rows | Provides an option to enter a keyword to search each row. |