Use the User/Endpoint Directory screen to perform an advanced search for targets that support the Managed Detection and Response Service.
-
Go to Directories > Users/Endpoints.
The User/Endpoint Directory screen appears.
- Click the Advanced link above the table.
-
In the Search drop-down control, select
Endpoints.
The search criteria in the second drop-down control dynamically changes based on your selection.
-
In the second drop-down control, select
Services.
A third drop-down control and a fourth drop-down control appear.
- In the third drop-down control, select Endpoint Sensor.
-
In the fourth drop-down control, select the agent status:
-
Enabled: Searches for endpoints that have the Endpoint Sensor Service enabled
-
Disabled: Searches for endpoints that have the Endpoint Sensor Service disabled
-
-
Add multiple search criteria using the Boolean operators to the
right of the filters.
-
OR: Allows you to search for multiple values for the specified criteria. All records that match either value display.
-
AND: Allows you to select a new search criteria. Only records that match the values specified for this criteria and all other selected criteria values display.
-
-
Display results by clicking one of the following:
-
Search: Displays the search results in the list but does not save the search criteria.
-
Save as New Custom Filter: Displays the search results in the list and prompts you to save the search criteria to a custom filter. The custom filter displays under the Endpoints node in the User/Endpoint Directory tree.
-
- (Optional) Use the drop-down controls below the Endpoints tab to specify the time period for the data that displays or to switch betweenTabular view and Tabular view.
-
(Optional) Click
Export to export the data as a
*.csv file or *.png image.
Note:
-
Tabular view only supports exporting data as a *.csv file.
-
Timeline view can export data as a *.csv file or a *.png image.
-