Role Availability | Read-Only | Investigator | Analyst | Manager |
The [No Value] option is a special value available for some filters. Use this value when you want to filter items that do not have the filter property defined or do not match the other defined property values in the filter. You can use the No Value option with other filter criteria and apply this value to an individual filter. (For example, you can use this filter for filtering
In the Data Source filter, the equivalent of No Value is [LevelBlue Generic Data Source]. If you select this option, it means you are searching for events that do not have a specific data source. See The LevelBlue Generic Data Source for more information.
In the Packet Payload filter, the equivalent of No Value is [No Parsable Value]. The Packet Payload field stores the Base64 encoded payload associated with the network-based intrusion detection system (NIDS) events. Due to the size limit of the underlying technology, the maximum length USM Anywhere can parse is 32766 B. When the payload exceeds this limit, USM Anywhere stores the data in this field unparsed. The No Parsable Value option includes two types of events: events with no data and events with data exceeding 32766 B. Both events are not parsable. Therefore, sometimes you may see events with payload data when you select the No Parsable Value option in the Packet Payload filter, similar to the following screenshot.