[KB8536] Use filters in ESET Inspect and ESET Inspect On-Prem

Issue

  • Filter objects in ESET Inspect and ESET Inspect On-Prem using multiple criteria

Solution

  1. Open the view of the objects you want to filter: Click the expand icon () at the bottom left of the page to expand the navigation panel. If needed, click More. Click the view you want to open.

  2. At the top right of the view, click Add filter.

  3. Select the filter from the drop-down menu. You can start typing the filter name to narrow the options. See the list of available filters for each object below.

  4. If needed, define the filter criteria.

Available filters

Dashboard
  • Time—Filter by the time of occurrence
Computers
  • ESET Inspect Connector version—Filter by the version of ESET Inspect Connector deployed on the specific computer
  • Alert count—Filter by the number of ESET PROTECT On-Prem related alerts
  • AVG Received events/24H—Filter by the average number of received events during 24 hours
  • AVG Stored events/24H—Filter by the average number of stored events during 24 hours; the number depends on the Settings, Data Retention and Data collection settings
  • Description—Filter by the description of the computer, taken from ESET PROTECT On-Prem
  • Endpoint version—Filter by the version of Endpoint installed on that computer
  • FQDN—Filter by the fully qualified domain name, which is a domain name that specifies its exact location in the tree hierarchy of the Domain Name System (DNS)
  • Group—Filter by the name of the group of computers a specific computer belongs to
  • Information—Filter by the total count of unresolved informational detections on the computer
  • Isolated from network—Filter by the computer isolated from the network (only connections between ESET Security products are available)
  • Last Change Date—Filter by the date when the object was last changed
  • Last Change Type—Filter by the last change of the object
  • Last Changed By—Filter by the user who was the last one to change the object
  • Last Connected—Filter by the permanent connection created to listen for notifications about blocked hashes, requests to download a file or kill a process; the refresh interval is 90 seconds
  • Last event—Filter by the timestamp of the last event sent to the server; the time when this event occurred on the computer, not when it was sent to the ESET Inspect Server
  • Name—Filter by the computer, executable, exclusion, task, blocked hash or report name
  • OS Name—Filter by the name of the operating system ("Windows", "macOS" or "Linux")
  • OS Platform—Filter by the operating system that is running on the specific computer: 32-bit or 64-bit
  • OS Version—Filter by the version of EEA or EES deployed on the specific computer
  • Received events from today—Filter by the number of events that occurred on the specific computer since midnight
  • Resolved—Filter by the total count of resolved detections on a computer without regard for the severity
  • Stored events from today—Filter by the number of computer events since midnight
  • Supports blocking by SHA-256—Filter by the capability to block detections based on a SHA-256 hash value
  • Threats—Filter by the total count of unresolved threat detections on the computer
  • Unresolved—Filter by the total count of unresolved detections on the computer
  • Warnings—Filter by the total count of unresolved warning detections on the computer
Alerts
  • Details—Filter by the text in the Details column
  • Occurred—Filter by the time of occurrence of the alert; Select earlier than or later than, and the desired time range
  • Problem—Filter by the text of the problem of the alert
  • Product—Filter by the text of the product of the alert
  • Status—Filter by the name of the ESET PROTECT On-Prem alert status
  • Subproduct—Filter by the text of the Subproduct
Detections
  • Actions taken—Filter by the actions taken
  • Blocked URL—Filter by the URL of the blocked detection, if applicable
  • Category—Filter by the category name that you can find among category tags in the Edit Rule section
  • Command Line—Filter by the detections by the command line filename
  • Compromised—Filter by the compromised computers
  • Computer—Filter by the computer name: equal, unequal to include or exclude specific names; in the Scripts tab, Filter by the computer name where the detection triggered
  • Detection Info—Filter by the detection of specific information: rule name in a rule detection, malware info in Antivirus detections, and so on
  • Detection Type—Filter by the type of detection
  • Executable—Filter by the name of the executable found in the detection details or in the Executable column
  • First Seen (LiveGrid®)—Filter when an executable was first seen on any computer connected to LiveGrid®
  • Integrity Level—Filter by the level of integrity
  • Last Change Date—Filter by the date when the object was last changed
  • Last Change Type—Filter by the last change of the object
  • Last Changed By—Filter by the last user to change the object
  • MITRE ATT&CK™ TECHNIQUES—Filter by the ID of the MITRE ATT&CK™ TECHNIQUE
  • Note—Filter by the Note
  • Time Occurred—Filter by the time of occurrence: earlier than or later than, and the desired time range
  • Parent Process ID—Filter by the ID of the parent process that created this child process
  • Parent Process Name—Filter by the name of the parent process that created this child process
  • Parent Process SHA-1—Filter by the hash of the parent process
  • Parent Process SHA-256—Filter by the hash of the parent process
  • Parent Process Signature Type—Filter by the parent process's file signature type
  • Parent Process Signer Name—Filter by the parent process's file signer name
  • Popularity (LiveGrid®)—Filter by how many computers reported an executable to LiveGrid®
  • Process ID—Filter by the Process ID found in the detection details or in the Process Name (ID) column. You can choose whether the Process ID is equal to, greater than, less than, or not equal to the one you are looking for. Alternatively, select "Known" or "Unknown" to display detections with a known or unknown Process ID, respectively
  • Process Name—Filter by the Process Name that you can find in the Detection details or the Process Name (ID) column; you can choose whether it is equal to or unequal to the one you are looking for
  • Reputation (LiveGrid®)—Filter by the number from 1 to 9, indicating how safe the file is: 1–2 red = malicious, 3–7 yellow = suspicious and 8–9 green = safe
  • Resolved—Filter by the total count of resolved detections on a computer with no regard for the severity; in the detections view, it filters by the detection status, whether it was resolved or not
  • Rule Actions—Filter by the rule actions
  • Rule Name—Filter by the name of the rule (Default or Customized)
  • Scanner—Filter by the type of Endpoint scanner that prevented the potential threat
  • Severity Score—Filter by the more precise definition of severity: 1–39 > Info, 40–69 > Warning, 70–100 > Threat
  • SHA-1—Filter by the executable's hash
  • SHA-256—Filter by the hash of the executable
  • Signature Type—Filter by the signature type
  • Signer Name —Filter by the signer of the file
  • Task Name—Filter by the task name from the Tasks tab
  • Threat Name—Filter by the threat name; view currently trending threats
  • Time Triggered—Filter by the time of triggering: earlier than, later than or equal and the desired time
  • URI—Filter by the URI that caused this detection to trigger
  • User Department—Filter by the user's department, if available from the Active Directory
  • User Description—Filter by the user's description, if available from the Active Directory
  • Username—Filter by the user account that was logged on the computer at the time of the detection trigger
Search
  • Author—Name of the currently logged user at the creation or edition
  • Progress—Filter by the progress of the task
  • Results—Filter by the results based on the object type
Incidents
  • Assignee—Filter by the name of the Assignee
  • Author—Name of the currently logged user at the creation or edition
  • Computers—Filter by the number of computers that the reporter created the report for
  • Creation Time—Filter by the time of creation of the report
  • Description—Filter by the description of the computer, taken from ESET PROTECT On-Prem; in Incidents, Filter by the description provided by the reporter
  • Detections—Filter by the number of detections triggered by this task; in Incidents, Filter by the number of detections the report contains
  • Executables—Filter by the number of executables that the report contains
  • Last Update—Filter by the time of the last update of the report
  • Name—Filter by the name of the computer, executable, exclusion, task, blocked hash or report
  • Processes—Filter by the number of processes that the report contains
  • Status Reason—Filter by the status reason of the incident
Executables
  • Blocked—Filter by whether the executable's hash was blocked or not
  • Company Name—Filter by the company that produced the executable (for example, "Microsoft Corporation" or "Standard Micro-systems Corporation, Inc.)
  • DNS events—Filter by the total number of DNS events that the specific executable triggered
  • Events/24h—Filter by the total number of events within 24 hours
  • Executable Drops—Filter by the number of dropped executables made by this executable
  • Executed on Computers—Filter by the number of computers on which the file was executed
  • Executions—Filter by how many times this .exe file was executed on all computers
  • File Description—Filter by the full description of the file (for example, "Keyboard Driver for AT-Style Keyboards")
  • File Modifications—Filter by how many files were modified
  • File Version—Filter by the file's version number
  • First Executed—Filter by the date when the executable was first executed on this computer
  • First Seen—Filter when an executable was first seen on any computer
  • First Seen (LiveGrid®)—Filter when an executable was first seen on any computer connected to LiveGrid®
  • HTTP Events—Filter by the total number of HTTP events that the specific executable triggered
  • Information—Filter by the total count of unresolved informational detections on the computer
  • Internal Name—Filter by the internal name of the file, if one exists
  • Last Change Date—Filter by the date when the object was changed the last time
  • Last Change Type—Filter by the last change of the object
  • Last Changed By—Filter by the last user to change the object
  • Last blocked by current user—Filter by the current user who last blocked the object
  • Last marked as safe by current user—Filter by the current user who last marked the object as safe
  • Last Executed—Filter by when an executable was last executed on any computer
  • Last Processed on (ESET LiveGuard)—Filter by when an executable was last processed in ESET LiveGuard
  • Name—Filter by the name of the computer, executable, exclusion, task, blocked hash or report name
  • Nearmiss Report—Filter if the detection is triggered due to suspected malware
  • Network Connections—Filter by the number of network connections this file makes
  • Original File Name—Filter by the original file name, not including the path, which enables an app to determine whether a user has renamed a file
  • Packer Name—Filter by the name of the packer, if an executable is packed
  • Popularity (LiveGrid®)—Filter by how many computers reported an executable to LiveGrid®
  • Product Name—Filter by the name of the product with which the file is distributed
  • Product Version—Filter by the version of the product with which the file is distributed
  • Registry Modifications—Filter by how many registry entries were modified
  • Reputation (LiveGrid®)—Filter by the number from 1 to 9, indicating how safe the file is: 1–2 red = malicious, 3–7 yellow = suspicious and 8–9 green = safe
  • Resolved—Filter whether the detection is marked as Resolved
  • Safe—Filter on executables marked as safe
  • Seen on Computers—Filter by the number of computers where the file was discovered
  • Sent Bytes—Filter by the total number of bytes sent by this file from all computers and all processes
  • Sent on (ESET LiveGuard)—Filter by the date when the executable was last sent in ESET LiveGuard
  • SFX Name—Filter by the self-extracting archive type if an executable is packed
  • SHA-1—Filter by the executable's hash
  • SHA-256—Filter by the hash of the executable
  • Signature CN #1—macOS only; same as the Windows product name column
  • Signature CN #2—macOS only; same as the Windows file version column
  • Signature CN #3—macOS only; same as the Windows product version column
  • Signature CN #4—macOS only; same as the Windows internal name column
  • Signature CN #5—macOS only; same as the Windows original filename
  • Signature Id—macOS only; same as the Windows company name column
  • Signature Type—Filter by the signature type
  • Signer Name —Filter by the signer of the file
  • State (ESET LiveGuard)—Filter by the executable's present station in the analysis workflow
  • Status (ESET LiveGuard)—Filter by the result of the behavioral analysis or the absence of a result
  • Submission state (ESET LiveGuard)—Filter by the submission state
  • Threats—Filter by the total count of unresolved threat detections on the computer
  • Unresolved—Filter by the total count of unresolved detections on the computer
  • User Id—macOS only; same as the Windows file description column
  • Warnings—Filter by the total count of unresolved warning detections on the computer
  • Whitelist Type—Filter by the information if an executable is whitelisted
Scripts
  • Command Line—Filter by the detections by the command line filename
  • Command Line Length—Filter by the length of the command line (count of characters)
  • Computer—Filter by the computer name. Select equal/unequal to include/exclude specific name; in the Scripts tab, Filter by the name of the computer, where the detection triggered
  • Ended—Filter by the time when the process was terminated
  • First Child Module Name—Filter by the child process name
  • First HTTP Request—Filter by the source HTTP address, if the script accesses the network
  • Full name—Filter by the user's full name, if available from Active Directory
  • Integrity Level—Filter by the level of integrity
  • Job Position—Filter by the user's job position, if available from the Active Directory
  • Last Change Date—Filter by the date when the object was last changed
  • Last Change Type—Filter by the last change of the object
  • Last Changed By—Filter by the last user to change the object
  • Parent Module Name—Filter by the parent process name
  • Process ID—Filter by the Process ID found in the detection details or in the Process Name (ID) column. You can choose whether the Process ID is equal to, greater than, less than, or not equal to the one you are looking for. Alternatively, select "Known" or "Unknown" to display scripts with a known or unknown Process ID, respectively
  • Process Name—Filter by the Process Name that you can find in the details of the Detection or in the Process Name (ID) column
  • Resolved Detections—Filter by the total count of resolved detections on the specific computer with no regard to severity
  • Safe—Filter by the safe state
  • Script fragments— Filter by events that include captured fragments of scripts
  • Started—Filter by the time when the process was executed, caused by this process
  • Unresolved Detections (Unique)—Filter by the total count of unique unresolved detections on the specific computer
  • User Department—Filter by the user's department, if available from the Active Directory
  • User Description—Filter by the user's description, if available from the Active Directory
  • Username—Filter by the user account that was logged on the computer at the time of the detection trigger
Notifications
  • Description—Filter by the description of the notification
  • Expiration date—Filter by the expiration date of the notification
  • Status—Filter by the notification status
  • Timestamp—Set the period: date and time
  • Time—Filter by the time of occurrence
Rules
  • Author—Name of the currently logged user at the creation or edition
  • Category—Filter by the category name that you can find among category tags in the Edit Rule section
  • Enabled—Filter by the rule/exclusion: Enabled or disabled
  • Hit Count—Filter by the count of detections that were excluded by this exclusion
  • Last Change Date—Filter by the date when the object was last changed
  • Last Change Type—Filter by the last change to the object
  • Last Changed By—Filter by the last user to change the object
  • MITRE ATT&CK™ TECHNIQUES—Filter by the rule that contains an ID of the MITRE ATT&CK™ TECHNIQUE
  • OS Name—Filter by the name of the operating system ("Windows", "macOS" or "Linux") 
  • Rule Actions—Filter by the rule actions
  • Rule Body—Filter by the rule body
  • Rule Name—Filter by the name of the rule
  • Rules Module Update—Filter by the latest rule updated by the rules module
  • Severity Score—Filter by the more precise definition of severity: 1–39 > Info, 40–69 > Warning, 70–100 > Threat
  • Valid—Filter by the rule with the wrong syntax and invalid tag
Exclusions
  • Author—Name of the currently logged user at the creation or edition
  • Enabled—Filter by the rule/exclusion
  • Hit Count—Filter by the count of detections that were excluded by this exclusion
  • Last Change Date—Filter by the date when the object was changed the last time
  • Last Change Type—Filter by the last change of the object (for example, marked as resolved, change of the priority)
  • Last Changed By—Filter by the last user to change the object
  • Name—Filter by the computer, executable, exclusion, task, blocked hash or report name
  • Rule Count—Filter by the number of rules
  • Rule Name—Filter by the name of the rule
  • Rules Module Update—Filter by the latest rule updated by the rules module
Blocked Hashes
  • Cleaned—Filter by when the file was cleaned
  • File Description—Filter by the full file description
  • First Seen (LiveGrid®)—Filter when an executable was first seen on any computer connected to LiveGrid®
  • Last Change Date—Filter by the date when the object was last changed
  • Last Change Type—Filter by the last change to the object
  • Last Changed By—Filter by the last user to change the object
  • Name—Filter by the computer, executable, exclusion, task, blocked hash or report name
  • Popularity (LiveGrid®)—Filter by how many computers reported an executable to LiveGrid®
  • Reputation (LiveGrid®)—Filter by the number from 1 to 9, indicating how safe the file is: 1–2 red = malicious, 3–7 yellow = suspicious and 8–9 green = safe
  • SHA-1—Filter by the executable's hash
  • SHA-256—Filter by the hash of the executable
  • Signature Type—Filter by the signature type
  • Signer Name —Filter by the file signer
Tasks
  • Author—Name of the currently logged user at the creation or edition
  • Created—Filter by the time when the task was created
  • Detections—Filter by the number of detections triggered by this task
  • From Date—Filter by the date when the task started
  • Group—Filter by the name of the group of computers a specific computer belongs to
  • Last Change Date—Filter by the date when the object was changed the last time
  • Last Change Type—Filter by the last change of the object (for example, marked as resolved, change of the priority)
  • Last Changed By—Filter by the last user to change the object
  • Name—Filter by the computer, executable, exclusion, task, blocked hash or report name
  • Progress—Filter by the started task's progress
  • Rule Name—Filter by the rule name
  • To date—Filter by the date the task ended
Event Filters
  • Author—Name of the currently logged user at the creation or edition
  • Enabled—Filter by the rule/exclusion
  • Filter Name—Filter by event filter name
  • Hit Count—Filter by the count of detections that were excluded by this exclusion
  • Last Change Date—Filter by the date when the object was last changed
  • Last Change Type—Filter by an object's last change
  • Last Changed By—Filter by the last user to change the object
  • OS Name—Filter by the name of the operating system ("Windows", "macOS" or "Linux") 
  • Rule Actions—Filter by the rule actions
  • Rules Module Update—Filter by the latest rule updated by the rules module
  • Valid—Filter by the rule with the wrong syntax and invalid tag
Audit Log
  • Action—Select one of the available actions
  • Section—Select one of the available sections
  • Timestamp—Set the period: date and time
  • User—Select the user who performed changes
Last Updated: Dec 8, 2025

Additional resources

User guides

ESET Forum

YouTube videos
ESET Support News ESET Customer Advisories ESET Status Portal ESET Technical Support

Existing customer?