Threat Event Logs

Select a time period for the query:

Click the More search criteria link to refine the query scope. Select from the following criteria:

Additional search criteria

Search Criteria	Description
IP address or range	The endpoint’s IP address
Host name	The endpoint’s host name Host names may not display properly due to encoding language conflicts, which can be resolved by configuring host name encoding in the Log Settings screen. For details, see Log Settings.
Threat event	Potential or known threat detections
Data source	The entity that has the capability of reporting threat events to Threat Mitigator, such as Threat Discovery Appliance, endpoint security risk logs (from OfficeScan), Threat Management Services, or the On-demand Scan program launched on an endpoint
Mitigation status	Threat events grouped by the following status groups: All: Includes every mitigation status. Mitigation in progress: The mitigation task is running. No mitigation: The mitigation task was not performed because of a mitigation exception. Cleaned threats: All or selected threats have been cleaned. Scanned endpoint: On-demand Scan has been completed. Either no threat was found or the user chooses to ignore all detected threats. Assessed endpoint: The agent detected threats in the endpoint during assessment but did not run cleanup because you have chosen to run cleanup manually. Unsuccessful: The mitigation task was not completed or encountered problems. Rollback successful: A mitigation task was rolled back successfully. Rollback unsuccessful: A mitigation task was not rolled back. For mitigation status details, see Mitigation Status.

Click Search. A Query Result table appears.

Click Rollback to undo a mitigation task.

To export the query results, click Export to CSV.