Logs & Findings
The Findings page lets you view detailed event logs of AI usage and detections in your enterprise. You can filter the data by time range, attributes, and detection categories to focus on specific activity.
Filters defined on the Findings page that use supported attributes are also applied on the Visibility page. This lets you correlate specific events and detections with visualized data flows, making them more focused and actionable.
Time-series chart
At the top of the page, below the filters, a time-series chart shows activity over time. Hover over any data point to view counts for the selected time interval, grouped by the attributes chosen on the Visibility page.
Logs table
The logs table displays events with columns for each attribute in an event log.
- At the top of the table, choose how many entries to display and how many rows to show per page.
- Click the ⚙️ icon in the top-right corner to add or remove columns.
- Click a column header to sort by that attribute. An arrow icon shows the sort order (ascending or descending).
- Drag the right edge of a column header to resize columns.
- At the bottom of the table, use the pagination controls to navigate between pages.
- Hover over table cells to view additional details, such as a status summary or a breakdown by detection type.
Log details
Click a row in the logs table to view full details for an event. The row expands to show all event attributes, including those not visible in the table.
If a field (such as Guard Input or Findings) contains JSON data, it is displayed as an interactive JSON tree.
Filters
You can limit the data shown on the Findings page using filter controls.
You can filter by the following dimensions:
- Detections - Show only events that triggered detections defined in collector policies.
- Time range - Show events within a specific time window.
- Attribute values - Show events matching specific attributes, such as a particular actor, application, or other AIDR entity of interest.
Filtering criteria can combine multiple dimensions. For example: “Show me all events from the last 7 days that triggered a detection and involved a specific user.”
The filters you define can be saved and reused later.
Filters applied on the Findings page also carry over to the Visibility page, letting you correlate specific events and detections with visualized data flows.
Quick filters
You can quickly apply filters by clicking the following elements on the Findings page:
- DETECTIONS (button) - Limit the data to events that triggered a detection defined in your policies. Click ACTIVITY to remove this filter and return to the full event view.
- Date range dropdown - Select a predefined time range from the dropdown next to the search bar at the top of the page. You can also use Set custom range to define and apply your own interval.
Search bar
Use the search bar at the top of the page to create filters with specific attributes and operators. When you place your cursor in the field, a dropdown shows the available options. Select an attribute and operator, enter a value to match, and press Enter to apply the condition.
On the Findings page, you can type expressions that use OR
logic within a condition, while multiple conditions are still combined with AND
logic.
Table filters
Using the controls in the logs table, you can:
- Open a dialog to search by attribute values.
- Apply a time range filter directly from a timestamp in an event.
Filter by attributes
To open the attribute filter dialog, click the funnel icon in a column header (you may need to drag the right edge of the column to reveal it).
In the dialog, you can build and apply a conditional expression using available attributes, connected with AND
or OR
logic.
Apply time range
You can apply a time range filter directly from the log table. Hover over a timestamp in a result row or in the expanded details view, then click the ⨁ icon next to it to filter by that exact date or set it as the upper or lower limit of your range.
Filtered views
You can add multiple conditions combined with AND
logic.
Each condition is cumulative, letting you drill down into specific subsets of your data. On the Findings page, conditions can also be expressions that use OR
logic.
Applied conditions appear as pills at the top of the Findings page, below the search bar. Click a condition to show the edit link, then use it to open the filter dialog and modify the condition.
To save the current filter set, click the 💾 icon next to the filter dropdown in the top right of the Findings page. If there are unsaved changes, the icon appears yellow. After saving, it turns white.
Apply a saved filter set by selecting it from the filter dropdown.
To refresh the displayed data, click the 🔄 icon next to the filter dropdown.
Was this article helpful?