Whether we need to match protocols, or IP addresses, or host names… it seems the only way to enter these items is one at a time in the Filter Criteria (for advanced filters). Is there is a way we can find criteria without having to open several line items? Maybe via regex, or mass import with a csv?
How can I achieve importing several/hundreds of user agents into advanced filters within my Extrahop deployment?
Off the top of my head…
Try building a Record Query, exporting it as a bundle, then edit Query manually, save and re-import bundle.
Hopefully someone has a better idea.
A better approach would probably be to create an
Application for the transactions that match these patterns. That would be more efficient on the EXA for searching for those records, and it would be easier to combine with other filters.
If you are not familiar with Applications in ExtraHop, here is some reference material.
The concept in action:
The detail on how to create applications in the docs:
Option 1: https://docs.extrahop.com/current/applications-create-through-web-ui/