Showing results for 
Search instead for 
Did you mean: 

Filtering question

I would like to use a wildcard search in a filter.  Is this possible?

I would like to filter on object name with *ZeroAccess*

and get back




Thank you!

2 Replies
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: Filtering question

Hi cpedrick

The wildcard functionality has been requested by other customers and PM are aware that it would be a useful feature. But until that is available there is another option which should help you and that is "String Normalization"

If you search in the Help menu for that you will see a section under View Filters. There is a lot of detailed information and this is from the introduction;

The string normalization feature allows you to set up a string value that can be associated with alias values, to import a .csv file of string normalization values, or to export a file of . This enables you to filter on the string and its aliases when needed. In the case of the John Doe user name string, you would define a string normalization file where the primary string is John Doe and its aliases are, for example, DoeJohn, JDoe,, and JohnD. You could then enter John Doe in the User_Nickname filter field, select the string normalization filter icon (1-StringNormFilterIcon), and click on Run Query (1-runqueryIcon). The resulting view would show all events associated with John Doe and his aliases, enabling you to check for login inconsistencies where source IPs match but user names do not. This feature can also assist you in meeting regulations requiring that you report privileged user activity (e.g., PCI).


McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 3 of 3

Re: Filtering question

You can also use dynamic watchlists to create filters using regex/wildcard syntax that are saved, automatically updated based on a user defined schedule, and once created, available from the filters in the global filter list.