Filters & Search¶
Parapet Security provides powerful filtering and search to help you find exactly the alerts you need.
Quick Filters¶
Quick filters appear above the alert table:
┌─────────────────────────────────────────────────────────────────┐
│ 🔍 Search alerts... │
├─────────────────────────────────────────────────────────────────┤
│ Severity: [All ▼] Category: [All ▼] Status: [All ▼] │
│ Date Range: [Last 7 days ▼] │
├─────────────────────────────────────────────────────────────────┤
│ Showing 156 alerts [Clear Filters] │
└─────────────────────────────────────────────────────────────────┘
Filter Types¶
Severity Filter¶
Filter by alert severity:
| Option | Shows |
|---|---|
| All | All severities |
| Critical | Critical only |
| High | High only |
| Medium | Medium only |
| Low | Low only |
| Critical + High | Both critical and high |
Category Filter¶
Filter by threat category:
| Category | Description |
|---|---|
| All | All categories |
| Malware | Viruses, ransomware, trojans |
| Authentication | Login failures, brute force |
| Data Exfiltration | Data leaving your network |
| Network | Network anomalies, scans |
| Endpoint | Process, file system events |
| Policy | Policy violations |
Triage Status Filter¶
Filter by AI triage status:
| Status | Description |
|---|---|
| All | All statuses |
| Pending | Waiting for AI triage |
| Triaged | AI analysis complete |
Notification Status Filter¶
Filter by notification status:
| Status | Description |
|---|---|
| All | All statuses |
| Below Threshold | Didn't trigger notification |
| Sent | Notification delivered |
| Queued | Waiting to send |
Date Range Filter¶
Filter by when alerts were received:
| Option | Range |
|---|---|
| Last hour | Past 60 minutes |
| Last 24 hours | Past day |
| Last 7 days | Past week |
| Last 30 days | Past month |
| Custom range | Pick specific dates |
Search¶
The search box searches across:
- Alert title
- Description
- Affected entities (hosts, users, IPs)
- MITRE mappings
- Raw payload content
Search Syntax¶
| Syntax | Example | Matches |
|---|---|---|
| Plain text | brute force | Alerts containing "brute force" |
| Exact phrase | "failed login" | Exact phrase match |
| AND | ssh AND root | Alerts with both terms |
| OR | ssh OR rdp | Alerts with either term |
| NOT | ssh NOT test | SSH alerts excluding test |
Search Examples¶
| Query | Finds |
|---|---|
192.168.1.100 | Alerts involving this IP |
user:jsmith | Alerts for user jsmith |
host:web-server | Alerts for web-server |
T1110 | MITRE technique T1110 |
powershell -enc | Encoded PowerShell |
Combining Filters¶
All filters work together with AND logic:
Example
- Severity: High
- Category: Authentication
- Date Range: Last 7 days
- Search: root
Shows high-severity authentication alerts from the last week mentioning "root".
Saving Filter Presets¶
Save frequently used filter combinations:
- Set your filters
- Click Save Preset
- Give it a name (e.g., "Critical malware this week")
- Access from the Presets dropdown
Preset Examples¶
| Preset Name | Filters |
|---|---|
| Critical Now | Critical + Last hour |
| High Auth | High + Authentication |
| Review Pending | Triaged + Unreviewed |
| False Positives | Dismissed alerts |
Exporting Filtered Results¶
Export your filtered alerts:
- Apply your filters
- Click Export
- Choose format:
- CSV - For spreadsheets
- JSON - For programmatic use
- Choose scope:
- Current page - Just visible alerts
- All matching - All filtered results
Filter URLs¶
Filters are reflected in the URL, making them shareable:
Share this URL with teammates to show them the same filtered view.
Tips for Effective Filtering¶
Finding Specific Incidents¶
- Start with a broad date range
- Add severity filter for urgency
- Use search for specific indicators
Daily Review Workflow¶
- Filter: Last 24 hours + High/Critical
- Review and act on matches
- Filter: Medium + Unreviewed
- Triage the backlog
Incident Investigation¶
- Search for the IP/host/user involved
- Expand date range to see history
- Check related alerts
- Export timeline for documentation
Reducing Noise¶
- Identify frequently dismissed alerts
- Note the patterns (source, rule, etc.)
- Adjust SIEM rules or notification thresholds
Keyboard Shortcuts¶
| Shortcut | Action |
|---|---|
/ | Focus search box |
Esc | Clear search |
c | Clear all filters |
s | Open severity filter |
d | Open date range filter |
Next Steps¶
- Configure Notifications - Alert on what matters
- Understand Alert Details - Dive deep into alerts
- Troubleshoot Issues - If filtering isn't working