When you are collecting events from your agents, you will from time to time need to find specific events. There are multiple places where these events can be viewed.
The first place to view events is under Dashboards > Events. This is a list of recent events; recent meaning within the past 24 hours.
If you click on the event ID, you will be taken to the most recent events for that specific ID.
From this screen, if you click on 'view', you will be directed to a page for the one specific event
To exit this screen, click on the 'X' in the right hand corner until you are back to the Recent Events screen
________________________________________________________________________________________________________________
If you would like to search for an event, you can do so in Reporting > Events Search. In this screen you will have the option to search by Rule ID, or by Agent. You can specify the dates and can also search by event type such as WAF or FIM events. Enter the search parameters and then click 'search'
To save the search results, click on 'export results' in the top right. You will then have the option to save the results as a .json or as a .pdf.
NOTE: SaaS HUB users do not have access to .json and should only save as .pdf
If you save as PDF, the file can be accessed from Reporting > Report History. All .json saves will need to be retrieved from the CLI.