I need a solution
I'm fairly new to the product and while trying to learn my way around I've hit a snag. When searching through the DLP Network incidents, I need to be able to search fro individual events based on their event ID number. What is the best way to do this?
I assumed it would be to create a custom filter to search for only the desired ID, however I am not familiar with the correct syntax to add a custom filter. Is there documentation or an article that can guide one through this process?
Another question that I had been wondering was how does one search for archived incidents as well?
Your help would be greatly appreciated, thank you!