Viewing Behavior Monitoring Logs
- Go to Logs > Agents > Security Risks or Agents > Agent Management.
- In the agent tree, click the root domain icon () to include all agents or select specific domains or agents.
- Click Logs > Behavior Monitoring Logs or View Logs > Behavior Monitoring Logs.
- Specify the log criteria and then click Display Logs.
- View logs. Logs contain the following information:
Date/Time unauthorized process was detected
Endpoint where unauthorized process was detected
Violation, which is the event monitoring rule violated by the process
Action performed when violation was detected
Event, which is the type of object accessed by the program
Risk level of the unauthorized program
Program, which is the unauthorized program
Operation, which is the action performed by the unauthorized program
Target, which is the process that was accessed
Infection channel from where the threat originated
- To save logs to a comma-separated value (CSV) file, click Export to CSV. Open the file or save it to a specific location.