Columns and Filtering

You may sort the results by clicking on specific column headers to toggle between ascending, descending and no sort.

Any column which has sorting on it displays an up arrow or a down arrow in the center of the column header indicating ascending or descending, respectively. No arrow indicates that column is not sorted. When you click on a column header to set a sort it removes any previous sorting from all other columns. You can sort multiple columns at the same time by holding down the shift key while selecting a sort. You can reorder the columns by clicking on the column header and dragging and dropping them to the left or right.

Right clicking on a column header brings up a context menu providing you with more sorting options.

• Sort Ascending: Sorts the results in ascending order. A small arrow pointing up displays in the column header.
• Sort Descending: Sorts the results in descending order. A small arrow pointing down displays in the column header.
• Choose Columns: Allows you to choose which columns to display. Put a check (by left-clicking) next to each column that you want displayed.
• Filter: Allows filtering by column. See below for details.
  

Filtering by column provides the ability to restrict the Results View to only display information that matches the specified, custom criteria. Multiple filters can be applied at once and the column filters are independent of any filters applied via the filter button in the Filters group, though in many cases the same filter can be applied by either method. To open the filter for any column, click on the filter icon on the column header. When a column is being filtered, the filter icon appears filled.

Types of columns

The available columnsare below:

• Date/Time (First): A filter which restricts based the first time that a result was found using the selected date/time criteria. The timestamp, local to the endpoint, of the start of the search during which the result was found. By default, this is the timestamp for the first time the match was found. The "Display the timestamp of the first time the match was found" checkbox in Personal Settings can be cleared to display the timestamp for the most recent search where the match was found.
• Date/Time (Most Recent): A filter which restricts based on the most recent time that a result was found using the selected date/time criteria.
• Source Endpoint: A filter which restricts based upon the display name of the endpoint which ran the search. The display name of the endpoint which ran the search. When a remote machine is searched it displays as the Endpoint (where the result was found) and the machine which initiated the search displays as the Source Endpoint.
  
  Note: The Endpoint and the Source Endpoint can be different when a remote machine is searched.
  
  
• Endpoint: A filter which restricts based upon the display name of the endpoint on which the result was found. The display name of the endpoint on which the result was found.
• Owner: A filter which restricts based on object owner information, when this information is available.
• Search User: A filter which restricts by selecting specific user name information already collected for existing objects. The user account context under which the search was executed. For User scheduled tasks, this is the user name with which the user logged onto the system. For System scheduled tasks this is SYSTEM for Windows and ROOT for Mac OS.
• Data Type: A filter which restricts based upon the data type. (SSN, CCN, phone number, etc.). An icon representing the type of the result with a tool tip detailing the type. For example, this column displays an icon of the Social Security Number AnyFind type as displayed in the endpoint user interface with a tool tip of "Social Security Number" that displays when you hover over the icon with the mouse.
• Sensitive Data Type Name: A filter which restricts based upon specific sensitive data type names. These are the names assigned to a Keyword, Regex, Dictionary, Sensitive Data Definition, or Search API in the Sensitive Data Types page of the Admin tab.
• Match: A filter which restricts by match information available in a results set. The specific match information itself. For example, the exact social security number or credit card number as found during the search.
• Match Quantity: A filter which restricts based on the match quantity information available in a results set. The number of instances of the match in the selected location.
• Location: A filter which restricts by the location information available in a results set. The full path or other location in which the match was found. This column displays enough information to be able to get back to the source of the result from the machine from which it was found. For example, the file path is relative to the endpoint that ran the search; an email location contains message folder names, timestamps, and subjects. A database location includes table and column information and a website location includes the full URL.
• Location Type: A filter which restricts by the type of location found as part of a results set. The type of location of the result. For example, PDF File, E-Mail Message or Firefox Browser Data. The location types are displayed as produced by the endpoint performing the search or as normalized by the Map Data function.
• Action: A filter which restricts based upon a selected action that has been performed on one or more items in a results set. An icon representing the most recent action performed on the result. This action may have been initiated on the endpoint or via the Console. If no action was taken, a red circle with a line through it is displayed. The other possible actions are Ignore, Quarantine, Recycle, Redact, Encrypt and Shred. Hovering over the icon with the mouse reveals a tooltip with the action name.
• Assignee: A filter which restricts based upon a specific user to whom the location has been assigned. The user or role that is assigned to the location.
• Workflow Status: A filter which restricts based upon the current workflow state of the location. The workflow status of the result. The possible values for this column are:
  • Assigned
  • In Progress
  • Pending Ignore
  • Pending Quarantine
  • Pending Shred
  • Resolved
  • Unassigned
• Classifications: A filter which restricts based upon the classification level that has been assigned to the location. The classification that has been assigned to the result. The possible values are defined in the workflow rules. To display all the rows without a classification, set “Show rows with value that” to “Is Empty."

At the bottom of the results grid is a pager which displays when there are more than 100 matches. Console has the ability to display large sets of data, however, it is not practical to display the entire data set in one view. The pager allows quick navigation between pages. Tabular data is displayed by splitting the data into pages, enabling the user to view large data sets by navigating forward and backward through the list of pages at the bottom of the grid.

The available elements of the pager are noted below:

• : Clicking the "First Page" button will return to the first page of results. This button will be disabled when viewing the first page.
• : Clicking the "Previous Page" button will step backward through the pages, one at a time. This button will be disabled when viewing the first page.
• : Clicking a specific page number will update the display to show the data on that page. The currently selected page number is highlighted in blue. A maximum of 9 page numbers will display at one time. If there are more than 9 pages of data, an ellipsis will be displayed. Clicking on the ellipsis to the right of the page numbers advances the results by 5 pages. Clicking on the ellipsis to the left will take you back 5 pages.
• : Clicking the "Next Page" button will step forward through the pages, one at a time. This button will be disabled when viewing the last page.
• : Clicking on the "Last Page" button will set the view to the last page of data. This button will be disabled when viewing the last page.
• : The "items per page" drop down allows you to select the number of rows that will display per page. The default is 500.
  

The available columns are noted below. Depending on the version of the Agent software, the information configured to be reported to the Console, and the type of result or location, some information is not available for some results. If the Console user account has not been granted access to all columns or all endpoints or tags, some information is not displayed or available in the Results Grid.

• Selected (the Checkbox): Allows you to select multiple results and perform action on all of the selected results using the ribbon or right-click menu. To select or deselect all locations, you may left click on this column header
• Date/Time: The timestamp, local to the endpoint, of the start of the search during which the result was found. By default, this is the timestamp for the first time the match was found. The "Display the timestamp of the first time the match was found" checkbox in Personal Settings can be cleared to display the timestamp for the most recent search where the match was found.
• Endpoint: The display name of the endpoint on which the result was found.
• Source Endpoint (Hidden by default): The display name of the endpoint which ran the search. The Endpoint and the Source Endpoint can be different when a remote machine is searched. When a remote machine is searched it displays as the Endpoint (where the result was found) and the machine which initiated the search displays as the Source Endpoint.
• Owner: The file system owner for locations that are files.
• Search User (Hidden by default): The user account context under which the search was executed. For User scheduled tasks, this is the user name with which the user logged onto the system. For System scheduled tasks this is SYSTEM for Windows and ROOT for Mac OS.
• Data Type: An icon representing the type of the result with a tool tip detailing the type. For example, this column displays an icon of the Social Security Number AnyFind type as displayed in the endpoint user interface with a tool tip of "Social Security Number" that is displayed when you hover over the icon with the mouse.
• Sensitive Data Type Name: The sensitive data type name assigned to a Keyword, Regular Expression, Dictionary, Sensitive Data Definition, or Search API in the Sensitive Data Types page of the Admin tab.
• Match: The specific match information itself. For example, the exact social security number or credit card number as found during the search.
• Match Quantity: The number of instances of the match in the selected location.
• Location: The full path or other location in which the match was found. This column displays enough information to be able to get back to the source of the result from the machine from which it was found. For example, the file path is relative to the endpoint that ran the search; an email location contains message folder names, timestamps, and subjects; a database location includes table and column information; and a website location includes the full URL.
• Location Type: The type of location of the result. For example, PDF File, email Message or Firefox Browser Data. The location types are displayed as produced by the endpoint performing the search or as normalized by the Map Data function.
• Action: An icon representing the most recent action performed on the result. This action may have been initiated on the endpoint or via the Console. If no action was taken, a red circle with a line through it is displayed. The other possible actions are Ignore, Quarantine, Recycle, Redact, Encrypt and Shred. Hovering over the icon with the mouse reveals a tooltip with the action name.
• Assignee: The user or role that is assigned to the location.
• Workflow Status: The workflow status of the result. The possible values for this column are:
  • Assigned
  • In Progress
  • Pending Ignore
  • Pending Quarantine
  • Pending Shred
  • Resolved
  • Unassigned
• Classifications: The classification that has been assigned to the result. The possible values are defined in the workflow rules. To display all the rows without a classification, set “Show rows with value that” to “Is Empty".

Double clicking on a result in the Results Grid displays the Result Details.