This content has been marked as final. Show 1 reply
Well, I think that I figured part of it out -- I was using the criteria that the Threat Detected "contains" the name (or part of a name) and then the query takes forever.
If I use "Equals" then the query runs as expected.
But since I specify the timeframe for the check, that should still make even a "contains" query not scan the whole *30GB* of data in the database! Or do I have to put the time limit as the *first* criteria and then the threat name second?????