Procedure

1. Go to Detections → All Detections, and then click Advanced.
   The Advanced search pane opens.
2. Perform the appropriate action:
   1. To create a new advanced search filter, begin adding search criteria as described in the following steps.
   2. To edit an existing advanced search filter, use the New search drop down in this pane to choose an existing saved search filter.
      The criteria for the saved search is displayed in the advanced search pane. You can edit or remove existing criteria and add new criteria to the saved search.
3. To add a search criteria, select a filter and a filter operator from the filter drop-down menu.
   For example, you can select the URL filter and then select either the Contains or Does Not Contain filter operator.
   To see the list of filters that you can add, along with supported filter operators, see List of Advanced Search Filters.
4. Do one of the following:
   • Click on New Value and type a value in the text box and then click Enter (for Domain, URL, Server IP, File SHA1, and Policy name filters).
   • Click on the drop-down box and choose an action from the menu (for Detected by and Threat indicator filters).

   Note You can add multiple entries for each criteria. You can remove an entry by clicking on the "x" box for that entry.

5. (Optional) Click the plus icon () to include other criteria sets in the search filter.
6. (Optional) Click on the delete icon () beside a search criteria to remove it from the current search filter.
7. Click Apply.
   The All Detections screen updates and displays data filtered by the search criteria.
8. To save the search, do one of the following:
   1. To save a new search, click on Save as, then type a search name and description and click Save.
      The new saved search is added to the list of saved searches.
   2. To save an existing search that you have modified, click Save.
9. Select basic search criteria (Risk level, Action, User Name, or Period) that you would like to additionally apply to the current search results.
   Basic search criteria are not saved to advanced search filters, but can be added to the current search results.
10. (Optional) Clear the current search by clicking on Clear all.
    Applied basic and advanced search filters are cleared from the current results. Results from the default basic filters display.
11. (Optional) Delete a saved search by selecting the search in the New search drop down and click on the delete icon ().
12. (Optional) Click the close icon () beside the saved searches drop-down list to close the advanced search feature.