What are searches?

You'd like to know what searches are, how do you do them and what do they mean

The search function in the CyberEasy dashboard allows you to find specific events that may otherwise be buried under thousands or millions of other events. 

Searching helps with things like Threat Hunting or forensic investigation. For instance, if an event happened in the past and you'd like to get further information. An example might be that an employee has gone rogue and you'd like to see what they've done on the system before they were dismissed.

The search function can take free text or specific queries defined as field=value. For instance if you're looking for only alerts you can type "is_alert=true" in the search field. The field name is "is_alert" and the value is "true".