Data Loss Prevention

I'm fairly new to the product and while trying to learn my way around I've hit a snag.  When searching through the DLP Network incidents, I need to be able to search fro individual events based on their event ID number.  What is the best way to do this?  

I assumed it would be to create a custom filter to search for only the desired ID, however I am not familiar with the correct syntax to add a custom filter.  Is there documentation or an article that can guide one through this process?

Another question that I had been wondering was how does one search for archived incidents as well?  

Your help would be greatly appreciated, thank you!

hi,

 In "Advanced filters" , click "add filters", select "Incident ID" then select the operator 'Is any of" (or "Is none of") and add list of ID you wanna see (or dont wanna see) in your report then click on "Apply".

 For archived incident it depends if you are talking of "web archive" or incident tagged as archive in DLP tool. For the firt one you cant as web archive is a static view. For second one, in order to view them you must have a profile which has right to view archived incident then select "is archived" as filter and set correct value (see only archived incident or all).

 One things that you have to take care of is that in all reports you have two filters, one on "status" and one on "date" so be sure that these ones are correct too.

 Once you have set a report and you are happy with it, you can "save it" (be sure to first click on apply as "save" take only into account filters already applied).

 For more information, i think you should have a look at admin guide of your DLP version.

 Regards.

Hi Surrogate,

Attaching a snapshot for your reference.

Regards,

Thank you Stephane, I can't believe I over-looked those options, but I do appreicate you taking the time to show them to me!