The data available in the Investigation tab is available for the last 14 days.
- If the current Time Range is less than 14 days, the Investigation page displays data from the same Time Range (from the last hour to the last 14 days).
- If the current Time Range is more than 14 days of data, the Investigation tab displays data from the last 14 days.
- If no Time Range filter is set, the data displayed will be for the last 14 days.
To refine the data presented in the Investigation:
Set the filters. The filters in the Investigation tab work the same way as in the Dashboard. However, the filters that you set in the Dashboard are not always applied to the data in Investigation. If you navigated to Investigation by way of a Search, the search parameters and dashboard filters are applied to the data presented in Investigation. If you navigated to the Investigation page independently of a search, the Dashboard filters are not applied to the data in the Investigation page.
Search. To locate specific information in Investigation, enter the query parameters in Search.
You can also click on a specific ASN Organization, User Agent, or IP to search for that specific entity, add the entity to your search, or allow or deny the entity.
- The Analyzer tab gives you an detailed view of the data generated in your search.
- The Forensics tab presents the Activities Timeline table of raw data relevant to the search parameters.
If you are still having trouble finding what you are looking for, click Let us help you at the bottom of the Investigation page, and fill in the pop-up form. The date range cannot be changed in the pop-up form.
If you enter at least one Block ID in the Investigation Search Bar, and click GO, the Clear Block ID button appears. Clicking the Clear Block ID opens a pop-up.
- In the pop-up you can select the Block ID (or portion of) that you wish to clear, and for how long to clear it. Confirm that you are sure that you want to clear the selected Block ID.
- Click Cancel in the confirmation pane to return to the selection pane. The Block ID is cleared after you click Confirm
Note that a Block ID can only be released within 24h of the initial block.
You can manage the raw data presented in the Activity Timeline. To access the list of all the fields, click the pencil on the left of the Activity Timeline table.
You can download 14 days worth of data from the Activity Timeline as a CSV file of up to 60K rows of data.
There are two ways:
- filter by search query (activity timeline search), e.g
Risk Score: 90
- filter by filtering on blocked traffic
Updated 9 months ago