Log Query Data Views

Control Manager log types correspond to specific data views used in reports. You can use the following data views to create custom report templates for your log query results.

Table 1. Security Logs

Log Type

Data View

Description

System Events:

Virus/Malware

Detailed Virus/Malware Information

Provides specific information about the virus/malware detections on your network, such as the managed product that detected the viruses/malware, the name of the virus/malware, and the infected endpoint

For more information, see Detailed Virus/Malware Information.

Spyware/Grayware

Detailed Spyware/Grayware Information

Provides specific information about the spyware/grayware detections on your network, such as the managed product that detected the spyware/grayware, the name of the spyware/grayware, and the name of the infected endpoint

For more information, see Detailed Spyware/Grayware Information.

Suspicious File

Detailed Suspicious File Information

Provides specific information about suspicious files detected on your network

For more information, see Detailed Suspicious File Information.

Behavior Monitoring

Detailed Behavior Monitoring Information

Provides specific information about Behavior Monitoring events on your network

For more information, see Detailed Behavior Monitoring Information.

Integrity Monitoring

Integrity Monitoring Information

Use to monitor specific areas on a computer for changes, such as installed software, running services, processes, files, directories, listening ports, registry keys, and registry values

For more information, see Integrity Monitoring Information.

Endpoint Application Control violations

Detailed Endpoint Application Control Violation Information

Provides specific information about endpoint application violations on your network, such as the violated policy and rule name‚Äč

For more information, see Detailed Endpoint Application Control Violation Information.

Device Control violations

Device Access Control Information

Provides specific information about Device Access Control events on your network

For more information, see Device Access Control Information.

Endpoint Security Compliance

Detailed Endpoint Security Compliance Information

Provides specific information about endpoint security compliance on your network

For more information, see Detailed Endpoint Security Compliance Information.

Endpoint Security violations

Detailed Endpoint Security Violation Information

Provides specific information about endpoint security violations on your network

For more information, see Detailed Endpoint Security Violation Information.

Detailed Predictive Machine Learning Information

Detailed Predictive Machine Learning Information

Provides specific information about advanced unknown threats detected by Predictive Machine Learning

For more information, see Detailed Predictive Machine Learning Information.

Virtual Analyzer Detections

Detailed Virtual Analyzer Detection Information

Provides specific information about advanced unknown threats detected by Virtual Analyzer

For more information, see Virtual Analyzer Detection Information.

Network Events:

Spam Connection

Spam Connection Information

Provides specific information about the source of spam on your network

For more information, see Spam Connection Information.

Content Violation

Detailed Content Violation Information

Provides specific information about content violations on your network

For more information, see Detailed Content Violation Information.

Email Messages with Advanced Threats

Email Messages with Advanced Threats

Provides specific information about email messages with suspicious and malicious behavior patterns

For more information, see Email Messages with Advanced Threats.

Web Reputation

Detailed Web Reputation Information

Provides security threat information about policy or rule violations detected by Web Reputation Services

For more information, see Detailed Web Reputation Information.

Web Violation

Detailed Web Violation Information

Provides specific information about web violations on your network

For more information, see Detailed Web Violation Information.

Firewall Violation

Detailed Firewall Violation Information

Provides specific information about firewall violations on your network

For more information, see Detailed Firewall Violation Information.

Network Content Inspection

Network Content Inspection Information

Provides specific information about network content violations on your network

For more information, see Network Content Inspection Information.

Intrusion Prevention

Detailed Intrusion Prevention Information

Provides specific information to help you achieve timely protection against known and zero-day attacks, defend against web application vulnerabilities, and identify malicious software accessing the network

For more information, see Detailed Intrusion Prevention Information.

C&C Callback

Detailed C&C Callback Information

Provides specific information about C&C callback events detected on your network

For more information, see Detailed C&C Callback Information.

Suspicious Threat

Detailed Suspicious Threat Information

Provides specific information about suspicious threats on your network, such as the managed product that detected the suspicious threat, specific information about the source and destination, and the total number of suspicious threats on the network

For more information, see Detailed Suspicious Threat Information.

Application Activity

Detailed Application Activity

Displays specific information about application activities that violate network security policies

For more information, see Detailed Application Activity.

Mitigation

Detailed Mitigation Information

Provides specific information about tasks carried out by mitigation servers to resolve threats on your network

For more information, see Detailed Mitigation Information.

Correlation

Detailed Correlation Information

Provides specific information about detailed threat analyses and remediation recommendations

For more information, see Detailed Correlation Information.

Data Protection Events:

Data Loss Prevention

DLP Incident Information

Displays specific information about incidents detected by Data Loss Prevention

For more information, see DLP Incident Information.

Data Discovery

Data Discovery Data Loss Prevention Detection Information

Displays specific information about incidents detected by Data Discovery

For more information, see Data Discovery Data Loss Prevention Detection Information.

Table 2. Product Information

Log Type

Data View

Description

Managed Product:

Product Status

Product Status Information

Displays specific information about managed products registered to the Control Manager server

For more information, see Product Status Information.

Product Event

Product Event Information

Displays specific information about managed product events

For more information, see Product Event Information.

Product Auditing Event

Product Auditing Event Log

Displays auditing information related to managed products

For more information, see Product Auditing Event Log.

Control Manager:

Command Tracking

Command Tracking Information

Displays specific information about commands issued to managed products

For more information, see Command Tracking Information.

Control Manager Event

Control Manager Event Information

Displays specific information about Control Manager server events

For more information, see Control Manager Event Information.

User Access

User Access Information

Displays Control Manager user access and the activities users perform while logged on to Control Manager

For more information, see User Access Information.

Product License

Detailed Product License Information

Displays information about the Activation Code and information on managed products that use the Activation Code

For more information, see Detailed Product License Information.