Am I returned to the Query Criteria page or the Query Results page on successful lookup of events from a policy?
A. For real-time events, the query is automatically run when you lookup access rules or signatures and the results of the query are displayed in the realtime event viewer of CS-MARS. However, for historical events, only the query criteria fields are populated from the data derived from Security Manager and the query must be submitted to view matching events. The time to be used to filter logged historical events is set to the last 10 minutes from the present time.
Related Questions
- When I search for a parcel and get to the Search Results page, over 40,000 records have been returned and the criteria I used to search doesn seem to have been taken into account. Whats happening?
- Is there any limit to the number of keywords that are populated in the Query page of CS-MARS when I perform events lookup from an access rule that supports hashcodes?
- Am I returned to the Query Criteria page or the Query Results page on successful lookup of events from a policy?
