Skip to main content

Alert Filters

Learn how to use filters and search to find specific alerts quickly.

Quick Filters

The alert list provides quick filter buttons:

By Status

  • All - Show everything
  • New - Unacknowledged alerts
  • Acknowledged - Being investigated
  • Resolved - Closed alerts

By Severity

  • Critical - Highest priority
  • High - Urgent attention needed
  • Medium - Standard priority
  • Low - Informational

By Time

  • Today - Last 24 hours
  • This Week - Last 7 days
  • This Month - Last 30 days
  • Custom - Select date range

Advanced Filters

Click Filters to access advanced options:

User Filters

FilterDescriptionExample
UserSpecific useruser:john@company.com
TeamUsers in teamteam:engineering
DepartmentBy departmentdepartment:sales

Policy Filters

FilterDescriptionExample
PolicySpecific policypolicy:ssn-detection
CategoryPolicy categorycategory:pii
ActionBlock/Warn/Logaction:blocked

Platform Filters

FilterDescriptionExample
PlatformAI serviceplatform:chatgpt
DeviceBrowser/OSdevice:chrome

Content Filters

FilterDescriptionExample
ContainsText in contentcontains:"api key"
PatternRegex matchpattern:\d{3}-\d{2}

Search Syntax

The search bar supports advanced queries:

credit card

Finds alerts containing "credit" or "card"

Exact Phrase

"credit card number"

Finds exact phrase match

user:john@company.com severity:high

Search specific fields

Boolean Operators

(credit card) AND blocked

Combine conditions with AND, OR, NOT

Date Ranges

created:>2024-01-01 created:<2024-02-01

Filter by date range

Filter Combinations

Combine filters for precise results:

Example: Critical SSN alerts this week

severity:critical policy:ssn-detection created:>-7d

Example: Unresolved alerts for a user

status:new status:acknowledged user:jane@company.com

Example: Blocked ChatGPT alerts

action:blocked platform:chatgpt

Saved Filters

Save frequently used filter combinations:

Creating Saved Filters

  1. Apply your desired filters
  2. Click Save Filter
  3. Enter a name (e.g., "Critical PII - This Week")
  4. Click Save

Using Saved Filters

  1. Click the saved filters dropdown
  2. Select your filter
  3. Filters apply immediately

Managing Saved Filters

  • Edit - Modify filter criteria
  • Rename - Change the name
  • Delete - Remove saved filter
  • Share - Make available to team

Sorting

Sort the alert list by:

ColumnDescription
CreatedWhen alert was generated
SeverityCritical → Low
StatusNew → Resolved
UserAlphabetical
PolicyAlphabetical

Click column header to sort. Click again to reverse.

Pagination

Navigate large result sets:

  • Items per page: 10, 25, 50, 100
  • Page navigation: Previous, Next, Go to page
  • Total count: Shows matching alerts

Exporting Filtered Results

Export your filtered view:

  1. Apply desired filters
  2. Click Export
  3. Choose format:
    • CSV - For spreadsheets
    • JSON - For integration
    • PDF - For reports
  4. Export includes all matching alerts (not just current page)

URL Parameters

Filters are reflected in the URL:

/dashboard/alerts?status=new&severity=critical&period=7d

Benefits:

  • Bookmark specific views
  • Share filtered links with team
  • Create dashboard shortcuts

Best Practices

Daily Triage

status:new severity:critical,high

Start each day reviewing new urgent alerts

Weekly Review

status:resolved created:>-7d

Review resolved alerts for patterns

User Investigation

user:suspect@company.com action:blocked

Research a specific user's violations

Policy Tuning

policy:custom-rule-123 status:dismissed

Find false positives for policy adjustment

Filter Reference

Status Values

  • new - Not yet acknowledged
  • acknowledged - Admin is reviewing
  • resolved - Closed
  • dismissed - Marked as non-issue

Severity Values

  • critical
  • high
  • medium
  • low

Action Values

  • blocked - Prevented the action
  • warned - User warned but allowed
  • logged - Recorded silently

Time Shortcuts

  • -1h - Last hour
  • -24h - Last day
  • -7d - Last week
  • -30d - Last month
  • -90d - Last quarter