Viewing Suspicious Connection Logs

  1. Go to one of the following:
    • Logs > Agents > Security Risks

    • Agents > Agent Management

  2. In the agent tree, click the root domain icon () to include all agents or select specific domains or agents.
  3. Go to the Suspicious Connection Log Criteria screen:
    • From the Security Risk Logs screen, click View Logs > Suspicious Connection Logs.

    • From the Agent Management screen, click Logs > Suspicious Connection Logs.

  4. Specify the log criteria and then click Display Logs.
  5. View logs. Logs contain the following information:

    Item

    Description

    Date/Time

    The time the detection occurred

    Endpoint

    The endpoint on which the detection occurred

    Domain

    The domain of the endpoint on which the detection occurred

    Process

    The process through which the contact was attempted (path\application_name)

    Local IP and Port

    The IP address and port number of the source endpoint

    Remote IP and Port

    The IP address and port number of the destination endpoint

    Result

    The result of the action taken

    List Source

    The C&C list source that identified the C&C server

    Traffic Direction

    The direction of the transmission

  6. To save logs to a comma-separated value (CSV) file, click Export to All to CSV. Open the file or save it to a specific location.