Skip to main content
Version: Next

Finding Events

The Events Explorer widget is the primary way to find, review, and work with events that have been ingested into Workstation. It presents events in a table view and allows users to search, filter, and send events to other widgets for deeper analysis.

Required Permissions
Access to this capability requires the following permissions:
 View & Edit
Workstation
Views

Using the Events Explorer widget

Analysts typically use the Events Explorer widget as the starting point for event-based analysis.

A common workflow looks like this:

  1. Use the Events Explorer to locate events of interest using search or filters.
  2. Review high-level event information directly in the table.
  3. Open an event in an Object Details Viewer using the View (eye) icon, drag-and-drop, or the More (⋮) menu.
  4. Send events to other widgets (such as Maps, Link Analysis, or Collections) for additional analysis.

The Events Explorer focuses on finding and narrowing down events, while detailed inspection and investigation happens in other widgets.

Text Search

The search bar in the Events Explorer widget allows users to perform a text-based search across ingested event data. Search looks across all searchable fields on events and returns any matching results.

Common search use cases include:

  • Searching by subject or entity name.
  • Searching by event title.
  • Searching for keywords contained within event data fields.

To search by text:

  1. From an open workspace, locate an Events Explorer widget.
  2. Click the magnifying glass icon (🔍) at the top of the widget.
  3. Enter a keyword or phrase.
  4. Wait briefly while Workstation returns matching events.

Matching fields are highlighted in the results.

Applying Filters

Filters allow users to narrow results and exclude irrelevant events from the Events Explorer.

To apply filters:

  1. In an open Events Explorer widget, click the Filter By button to the right of the search bar.
  2. Apply any combination of the available filters, including:
    • Model Projects: Filters events by their source project.
    • Event Data: Filters events based on specific values in event data fields.
    • Created: Filters by when the event was ingested into Workstation.
    • Updated At: Filters by the timestamp of the last update.
    • Occurred: Filters by when the event occurred (if available).
    • Risk: Filters events by risk score.
    • Lexicons: Filters events based on lexicon matches.
  3. Apply the filters to update the event list.
tip

For more precise results, combine text search with one or more filters.

Clearing Filters

Active filters appear above the Events Explorer table as filter chips.

  • Click the X on an individual chip to remove that filter.
  • To remove all filters at once, use the widget menu.

To reset all filters:

  1. In the top-right corner of the Events Explorer widget, click the More menu (⋮).
  2. Select Reset Filters. The widget reloads and returns to its default state.

Best Practices

Search terms and filters are saved per Events Explorer widget within a workspace. Multiple widgets can maintain different views of the event stream.

It is common to use multiple Events Explorer widgets in the same workspace to monitor different event types, projects, or investigative angles.