In the Search bar, you can search using a key:phrase. For example: AlertName:SUSPICIOUS PHISHING EMAIL
You can also search according to Case or Entities. Switching between the two changes the list of Filters that appears below.
You can also search according to a specific time frame.

Let’s look at some specific examples of searching by Cases:

• Query by caseids:19872,19868 to return specific case data.
  You can click on each ID to reach the Case Details screen.
• Query by Ports:663,770 will return all the alerts that have port 80 and 443 involved.
  
• Query by Entity:10.210.1.13 will return all the cases with IP address 10.210.1.13 as an entity.
  
• Query by AlertName:IRC Connections will return all the cases with matching alert name.
  

Let’s look at some specific examples of searching by Entities:

• Search by Entities allows us free-text search. For example, a free-text search for “Chronicle” returns all the entities that have the word Chronicle in them.
  The result contains the following information about the entity: Risk, Location, Environment, and Case count. Clicking on the individual entity takes us to the Entity Details page where we can see more information.
  

You can also use the Filters that appear on the left pane of the Search page to further refine your Search results.