Long Arrow Right External Link angle-right Search Times Spinner angle-left

How to Use Multiple Parameters in a Single Search Field in the Unified Audit

View in Browser

Currently available on the Beta portal

To assist you in creating the most concise search results possible, ThreatLocker has added the ability to specify multiple parameters within a single search field in the Unified Audit. Utilizing the pipe symbol "|", you can combine the exact parameters you wish to include, exclude, or use a combination of both. All textboxes in the Unified Audit page will support the use of the "|" symbol.

undefined

The Policy Name, Path, Process, Hostname, Username, Certificate, Hash, and Serial Number textboxes all accept the | to input multiple parameters. You can combine | with wildcards "*" and/or "!".

For example, if you wanted to see only items that matched your policy for Quickbooks and your policy for Turbotax, in the Policy Name text box you could input all or part of the policy names separated by a | (e.g. quick*|turbo*).

undefined

If you wanted to see everything but items that match Tamper Protection and Defender, you could insert !*tamper*|!*defender* in the Policy Name box.

undefined

You can input !*tamper*|*defender* to see items that do not match tamper but do match defender. Combine the exact specifics you need to hone in on the exact results you need to review.  

undefined

To review the activity of just a few users, input the usernames into the Username box, separated by a |.  

undefined