Set up primary and secondary filters for Security Analyst Workspace

  • Release version: Xanadu
  • Updated August 1, 2024
  • 1 minute to read

    • The Security Analyst Workspace base system includes a set of primary filters for narrowing down the list of security incidents for analysis (for security incidents assigned to you, all open incidents, and so forth) and a set of quick (or secondary) filters for narrowing down the list even further (by new incidents, open incidents, only critical incidents, and so forth).

    Before you begin

    You can use the Classic environment to define additional primary and secondary filters.

    As you define filters to be used in the Security Analyst Workspace, you can assign tags to indicate whether they can be used as primary or secondary filters. Primary filters are shown at the top of the security incident list.

    Primary filter

    Click Edit next to the Quick Filters option to select secondary (or quick) filters.

    Secondary or quick filter selection

    Role required: admin or sn_sec_cmn.write

    Procedure

    1. Navigate to All > System Definition > Filters.
    2. Click New and complete the following steps.
      1. Enter a Title.
      2. Select Security Incident [sn_si_incident] from the Table choice list.
      3. Add your filter conditions.
        For example, the Open Incidents with Priority = Critical filter, uses these conditions.
        Filter conditions
      4. Click Submit.
    3. If the Tags column is not visible on the filter list, click the gear icon and personalize the view to add it.
    4. Locate the filter you created and add one of the following tags to indicate how the filter should appear in the Security Analyst Workspace.
      • SN_SI_Primary: If this tag is selected, the filter can be selected from the primary filter slushbucket in the Security Analyst Workspace.
      • SN_SI_Primary_OOB: If this tag is selected, the filter appears in the Selected side of the primary filter slushbucket by default.
      • SN_SI_Secondary: If this tag is selected, the filter can be selected from the secondary (quick) filter slushbucket.
      • SN_SI_Secondary_OOB: If this tag is selected, the filter appears in the Selected side of the primary filter slushbucket by default.