Threat Event Logs

Logs > Threat Event Logs

Threat Mitigator creates a threat event log entry when performing mitigation actions.

You can do the following from the Threat Event Logs screen:

View the threat event logs

Export the logs to a .CSV file.

Perform rollback to restore files, registry keys, and other changes performed by a mitigation action

A brief description of the options on this screen is available below.

Time period—select to view by period of time

Range—select to view by date range

IP address—specify endpoint IP address

Host name—specify endpoint host name

Threat event—potential or known threat detections

Data source—indicates the entity that has the capability of reporting threat events to Threat Mitigator, such as Threat Discovery Appliance, Endpoint security risk logs (from OfficeScan), Threat Management Services, or the On-demand Scan program launched on an endpoint

Mitigation Status—select to view events by status MORE >>>

All—Includes every mitigation status.
Mitigation in progress—The mitigation task is running.
No mitigation—The mitigation task was not performed because of a mitigation exception.
Cleaned threats—All or selected threats have been cleaned.
Scanned endpoint—On-demand Scan has been completed. Either no threat was found or the user chooses to ignore all detected threats.
Assessed endpoint—The agent detected threats in the endpoint during assessment but did not run cleanup because you have chosen to run cleanup manually.
Unsuccessful—The mitigation task was not completed or encountered problems.
Rollback successful—A mitigation task was rolled back successfully.
Rollback unsuccessful—A mitigation task was not rolled back.

For more information, refer to Mitigation Status.

Logs per page—number of logs shown on page

Export to CSV—click to export logs to a CSV file

Rollback—click this option to roll back the mitigation action

Threat Event Logs

See also: