Viewing Suspicious Connection Logs
- Go to Logs > Agents > Security Risks or Agents > Agent Management.
- In the agent tree, click the root domain icon () to include all agents or select specific domains or agents.
- Click View Logs > Suspicious Connection Logs or Logs > Suspicious Connection Logs.
- Specify the log criteria and then click Display Logs.
View logs. Logs contain the following information:
The time the detection occurred
The endpoint on which the detection occurred
The domain of the endpoint on which the detection occurred
The process that initiated the transmission (path\application_name)
Local IP and Port
The IP address and port number of the source endpoint
Remote IP and Port
The IP address and port number of the destination endpoint
The result of the action taken
The C&C list source that identified the C&C server
The direction of the transmission
- To save logs to a comma-separated value (CSV) file, click Export to All to CSV. Open the file or save it to a specific location.