Threat Event Logs
Threat Mitigator creates a threat event log entry when performing mitigation actions.
You can do the following from the Threat Event Logs screen:
View the threat event logs
Export the logs to a .csv file.
Perform rollback to restore files, registry keys, and other changes performed during mitigation
To query the Threat Event logs:
Logs > Threat Event Logs
Select a time period for the query:
By default, the All days option time period appears in the selection.
By default, the date and time of the most recent logs appear in the To and From fields. Accept the default settings or specify the beginning and ending dates by clicking the calendar icon next to each field.
Click More search criteria to refine the query scope. Select from the following criteria:
Additional search criteria |
Search Criteria |
Description |
IP address range |
A range of IP addresses for endpoints |
Host name |
The endpoint’s host name
|
Threat event |
Includes the following threat-related events logged by Threat Mitigator or Threat Management Agent:
|
Data source |
Entities or tasks that generate threat event information, including:
|
Mitigation status |
Threat events grouped by the following status groups:
|
Click Search. A Query Result table appears.
To view threat event details, click a link under the Mitigation Status column. For details, see Mitigation Status.
To undo mitigation tasks, select one or several endpoints and then click Rollback.
To export the query results, click Export to CSV.
See also: