Threat Event Logs

Threat Event Logs

Threat Mitigator creates a threat event log entry when performing mitigation actions.

You can do the following from the Threat Event Logs screen:

  1. Select a time period for the query:

  2. Click the More search criteria link to refine the query scope. Select from the following criteria:

    Additional search criteria

    Search Criteria

    Description

    IP address or range

    The endpoint’s IP address

    Host name

    The endpoint’s host name

    • Host names may not display properly due to encoding language conflicts, which can be resolved by configuring host name encoding in the Log Settings screen. For details, see Log Settings.

    Threat event

    Potential or known threat detections

    Data source

    The entity that has the capability of reporting threat events to Threat Mitigator, such as Threat Discovery Appliance, endpoint security risk logs (from OfficeScan), Threat Management Services, or the On-demand Scan program launched on an endpoint

    Mitigation status

    Threat events grouped by the following status groups:

    • All: Includes every mitigation status.

    • Mitigation in progress: The mitigation task is running.

    • No mitigation: The mitigation task was not performed because of a mitigation exception.

    • Cleaned threats: All or selected threats have been cleaned.

    • Scanned endpoint: On-demand Scan has been completed. Either no threat was found or the user chooses to ignore all detected threats.

    • Assessed endpoint: The agent detected threats in the endpoint during assessment but did not run cleanup because you have chosen to run cleanup manually.

    • Unsuccessful: The mitigation task was not completed or encountered problems.

    • Rollback successful: A mitigation task was rolled back successfully.

    • Rollback unsuccessful: A mitigation task was not rolled back.

    • For mitigation status details, see Mitigation Status.

  3. Click Search. A Query Result table appears.

  4. Click Rollback to undo a mitigation task.

  5. To export the query results, click Export to CSV.

See also: