Google Security Operations User view lets you better understand how users within an
enterprise might be impacted by security events. By focusing on the behavior of
individual users, security administrators can search for activity indicating an
account compromise or other security concern.
To open User view, enter the username or email address of a user within your enterprise in the search field.
ClickSEARCHto pivot to User view.
Select the user from theUSERSmenu. User view is displayed.
Click the right arrow in the Detections column in the left navigation panel.
Click theicon
in the top right corner of the Google SecOps user interface to open theProcedural Filteringmenu.
The following Procedural Filtering options are available in User view:
AUTH TYPE
EVENT TYPE
LOG SOURCE
OUTCOME
PRINCIPAL LOCATION
TARGET APPLICATION
Summary of Visual elements in the view
Google Security Operations includes the following user interface elements to help you investigate
any issues that might be present within your enterprise:
Element
Description
Time slider
The time slider allows you to adjust the time period under examination. You
can adjust the slider to view between one minute and one day of
events. Available only in: Asset view, IP Address view,
Domain view, Hash view, User view, Rules Dashboard, Rules Editor.
Prevalence
Prevalence measures the number of assets within your enterprise that have
connected to a specific domain over the past seven days. Available only in:
Asset view, IP Address view, Domain view, Hash view.
Right Navigation Panel
Expand all
Expands all the collapsed items.
Collapse all
Collapses all the expanded items.
Reset
Displays the default view and includesAll(there are exceptions).
Show all
Includes all the items.
Hide all
Excludes all the items.
Include
Includes the excluded items. Hovering over the icon provides a preview in
green.
Exclude
Filters out the selected item. Hovering over the icon provides a preview in
orange.
Exclude others
FIlters out the other items except the selected item.
Left Navigation Panel
Expand all
Expands all the collapsed items.
Collapse all
Collapses all the expanded items.
Wrap text
Wraps text to the next line when it gets to the right margin, otherwise the
text is displayed on one line only.
Unwrap text
Unwrap text expands the text in one line only.
Actions
Download as CSV - Download the information in CSV format.
Search rows
Provides an option to enter a keyword to search each row.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-07 UTC."],[],[],null,["# Filter data in User view\n========================\n\nSupported in: \nGoogle secops [SIEM](/chronicle/docs/secops/google-secops-siem-toc)\n\nGoogle Security Operations User view lets you better understand how users within an\nenterprise might be impacted by security events. By focusing on the behavior of\nindividual users, security administrators can search for activity indicating an\naccount compromise or other security concern.\n\n1. To open User view, enter the username or email address of a user within your enterprise in the search field.\n\n | **Note:** If the user is present within your Google SecOps account, that user is displayed as a result.\n2. Click **SEARCH** to pivot to User view.\n\n3. Select the user from the **USERS** menu. User view is displayed.\n\n4. Click the right arrow in the Detections column in the left navigation panel.\n\n5. Click the icon\n in the top right corner of the Google SecOps user interface to open the **Procedural Filtering** menu.\n\n The following Procedural Filtering options are available in User view:\n - AUTH TYPE\n - EVENT TYPE\n - LOG SOURCE\n - OUTCOME\n - PRINCIPAL LOCATION\n - TARGET APPLICATION\n\nSummary of Visual elements in the view\n--------------------------------------\n\nGoogle Security Operations includes the following user interface elements to help you investigate\nany issues that might be present within your enterprise:\n\n**Need more help?** [Get answers from Community members and Google SecOps professionals.](https://security.googlecloudcommunity.com/google-security-operations-2)"]]
icon
in the top right corner of the Google SecOps user interface to open the Procedural Filteringmenu.