Apex Central log types correspond to specific data views used in reports. You can use the following data views to create custom report templates for your log query results.
|
Log Type |
Data View |
Description |
|---|---|---|
|
System Events: |
||
|
Virus/Malware detections |
Detailed Virus/Malware Information |
Provides specific information about the virus/malware detections on your network, such as the managed product that detected the viruses/malware, the name of the virus/malware, and the infected endpoint For more information, see Detailed Virus/Malware Information. |
|
Spyware/Grayware detections |
Detailed Spyware/Grayware Information |
Provides specific information about the spyware/grayware detections on your network, such as the managed product that detected the spyware/grayware, the name of the spyware/grayware, and the name of the infected endpoint For more information, see Detailed Spyware/Grayware Information. |
|
Suspicious File detections |
Detailed Suspicious File Information |
Provides specific information about suspicious files detected on your network For more information, see Detailed Suspicious File Information. |
|
Behavior Monitoring violations |
Detailed Behavior Monitoring Information |
Provides specific information about Behavior Monitoring events on your network For more information, see Detailed Behavior Monitoring Information. |
|
Integrity Monitoring violations |
Integrity Monitoring Information |
Use to monitor specific changes to an endpoint, such as installed software, running services, processes, files, directories, listening ports, registry keys, and registry values For more information, see Integrity Monitoring Information. |
|
Application Control violations |
Detailed Application Control Violation Information |
Provides specific information about application control violations on your network, such as the violated Security Agent policy and criteria For more information, see Detailed Application Control Violation Information. |
|
Device Control violations |
Device Access Control Information |
Provides specific information about Device Access Control events on your network For more information, see Device Access Control Information. |
|
Endpoint Security Compliance |
Detailed Endpoint Security Compliance Information |
Provides specific information about endpoint security compliance on your network For more information, see Detailed Endpoint Security Compliance Information. |
|
Endpoint Security violations |
Detailed Endpoint Security Violation Information |
Provides specific information about endpoint security violations on your network For more information, see Detailed Endpoint Security Violation Information. |
|
Predictive Machine Learning detections |
Detailed Predictive Machine Learning Information |
Provides specific information about advanced unknown threats detected by Predictive Machine Learning For more information, see Detailed Predictive Machine Learning Information. |
|
Virtual Analyzer detections |
Detailed Virtual Analyzer Detection Information |
Provides specific information about advanced unknown threats detected by Virtual Analyzer For more information, see Virtual Analyzer Detection Information. |
|
Virtual Analyzer Suspicious Objects |
Detailed Virtual Analyzer Suspicious Object Impact Information |
Provides detailed information about the impact of Virtual Analyzer suspicious objects For more information, see Detailed Virtual Analyzer Suspicious Object Impact Information. |
|
Attack Discovery detections |
Attack Discovery Detection Information |
Provides general information about threats detected by Attack Discovery For more information, see Attack Discovery Detection Information. |
|
Network Events: |
||
|
Spam Connection |
Spam Connection Information |
Provides specific information about the source of spam on your network, such as the managed product that detected the spam, the specific action taken by the managed product, and the total number of spam detected For more information, see Spam Connection Information. |
|
Content Violation |
Detailed Content Violation Information |
Provides specific information about the email messages with content violations, such as the managed product that detected the content violation, the sender(s) and recipients(s) of the email message, the name of the content violation policy, and the total number of violations detected For more information, see Detailed Content Violation Information. |
|
Email Messages with Advanced Threats |
Email Messages with Advanced Threats |
Provides specific information about email messages with advanced threats, such as anomalous behavior, false or misleading data, suspicious and malicious behavior patterns, and strings that indicate system compromise but require further investigation to confirm For more information, see Email Messages with Advanced Threats. |
|
Web Reputation |
Detailed Web Reputation Information |
Provides compliance information about application activity detected by Web Reputation Services For more information, see Detailed Web Reputation Information. |
|
Web Violation |
Detailed Web Violation Information |
Provides specific information about web violations on your network For more information, see Detailed Web Violation Information. |
|
Firewall Violation |
Detailed Firewall Violation Information |
Provides specific information about firewall violations on your network, such as the managed product that detected the violation, the source and destination of the transmission, and the total number of firewall violations For more information, see Detailed Firewall Violation Information. |
|
Network Content Inspection |
Network Content Inspection Information |
Provides specific information about network content violations on your network For more information, see Network Content Inspection Information. |
|
Intrusion Prevention |
Detailed Intrusion Prevention Information |
Provides specific information to help you achieve timely protection against known and zero-day attacks, defend against web application vulnerabilities, and identify malicious software accessing the network For more information, see Detailed Intrusion Prevention Information. |
|
C&C Callback |
Detailed C&C Callback Information |
Provides specific information about C&C callback events detected on your network For more information, see Detailed C&C Callback Information. |
|
Suspicious Threat |
Detailed Suspicious Threat Information |
Provides specific information about suspicious threats on your network, such as the managed product that detected the suspicious threat, specific information about the source and destination, and the total number of suspicious threats on the network For more information, see Detailed Suspicious Threat Information. |
|
Application Activity |
Detailed Application Activity |
Displays specific information about application activities that violate network security policies For more information, see Detailed Application Activity. |
|
Mitigation |
Detailed Mitigation Information |
Provides specific information about tasks carried out by mitigation servers to resolve threats on your network For more information, see Detailed Mitigation Information. |
|
Correlation |
Detailed Correlation Information |
Provides specific information about detailed threat analyses and remediation recommendations For more information, see Detailed Correlation Information. |
|
Data Protection Events: |
||
|
Data Loss Prevention |
DLP Incident Information |
Provides specific information about incidents detected by Data Loss Prevention For more information, see DLP Incident Information. |
|
Data Discovery |
Data Discovery Data Loss Prevention Detection Information |
Displays specific information about incidents detected by Data Discovery For more information, see Data Discovery Data Loss Prevention Detection Information. |
|
Log Type |
Data View |
Description |
|---|---|---|
|
Managed Product: |
||
|
Product Status |
Product Status Information |
Provides detailed information about managed products registered to the Apex Central server, such as the managed product version and build number, and the managed product server operating system For more information, see Product Status Information. |
|
Product Event |
Product Event Information |
Provides information about managed product events, such as managed products registering to Apex Central, component updates, and Activation Code deployments For more information, see Product Event Information. |
|
Product Auditing Event |
Product Auditing Event Log |
Provides information about managed product auditing events, such as managed product console access For more information, see Product Auditing Event Log. |
|
Apex Central: |
||
|
Command Tracking |
Command Tracking Information |
Provides information about commands Apex Central issued to managed products, such as the date and time Apex Central issued commands for component updates or Activation Code deployments, and the status of the commands For more information, see Command Tracking Information. |
|
Apex Central Event |
Apex Central Event Information |
Provides information about Apex Central server events, such as managed products registering to Apex Central, component updates, and Activation Code deployments For more information, see Apex Central Event Information. |
|
User Access |
User Access Information |
Provides information about Apex Central user access and the activities users perform while logged on to Apex Central For more information, see User Access Information. |
|
Product License |
Detailed Product License Information |
Provides information about the Activation Codes and licensing status of managed products or services, such as the managed product version and license expiration date For more information, see Detailed Product License Information. |