Threat Event Logs
Threat Mitigator creates a threat event log entry when performing mitigation actions.
You can do the following from the Threat Event Logs screen:
View the threat event logs
Export the logs to a .csv file.
Perform rollback to restore files, registry keys, and other changes performed by a mitigation action
To query the Threat Event logs:
Logs > Threat Event Logs
Select a time period for the query:
By default, the All days option time period appears in the selection.
By default, the date and time of the most recent logs appear in the To and From fields. Accept the default settings or specify the beginning and ending dates by clicking the calendar icon next to each field.
Click the More search criteria link to refine the query scope. Select from the following criteria:
Additional search criteria |
Search Criteria |
Description |
IP address or range |
The endpoint’s IP address |
Host name |
The endpoint’s host name
|
Threat event |
Potential or known threat detections |
Data source |
The entity that has the capability of reporting threat events to Threat Mitigator, such as Threat Discovery Appliance, endpoint security risk logs (from OfficeScan), Threat Management Services, or the On-demand Scan program launched on an endpoint |
Mitigation status |
Threat events grouped by the following status groups:
|
Click Search. A Query Result table appears.
Click Rollback to undo a mitigation task.
To export the query results, click Export to CSV.
See also: