Event Tabs
12 TabsSpecialized tabs for viewing different event categories.
Tab Overview
| Tab | Events | Source |
|---|---|---|
| Dashboard | Overview, status, graphs | All |
| Process | Process/thread create/exit | Kernel |
| Network | TCP, UDP, DNS, ICMP, ARP | WFP + NDIS |
| Registry | Key/value operations | Kernel |
| File | File operations, PE writes | Kernel |
| Image | DLL/EXE loading | Kernel |
| Injection | Remote threads, handles | Kernel |
| Hypervisor | Cross-process writes | Hypervisor |
| USB | Device plug/unplug | Kernel |
| ETW | ETW provider events | Usermode |
| Alerts | IPS rule matches | All |
| Rules | Rule management | N/A |
Common Features
All event tabs share these features:
- • Filter bar — Filter events by various criteria
- • Search — Full-text search across event data
- • Column sorting — Click headers to sort
- • Event details — Click row for full details
- • Export — Export current view to CSV
- • Clear — Clear events from view
- • Pause — Pause event streaming
- • Auto-scroll — Toggle auto-scroll to latest
Filtering
Each tab has context-specific filters:
Process Tab
- • PID filter
- • Process name
- • Event type (create/exit)
Network Tab
- • Protocol (TCP/UDP/DNS)
- • IP address
- • Port number
- • Direction
Registry Tab
- • Key path
- • Operation type
- • Process name
File Tab
- • File path
- • PE only toggle
- • Operation type
Event Details
Click any event row to see full details in a side panel:
- • All event fields
- • Timestamp with milliseconds
- • Related events (same process/connection)
- • Copy to clipboard
- • Create rule from event