Views:

Procedure

  1. Go to LogsAgentsSecurity Risks or AgentsAgent Management.
  2. In the agent tree, click the root domain icon (icon-root.jpg) to include all agents or select specific domains or agents.
  3. Click LogsBehavior Monitoring Logs or View LogsBehavior Monitoring Logs.
  4. Specify the log criteria and then click Display Logs.
  5. View logs. Logs contain the following information:
    • Date/Time unauthorized process was detected
    • Endpoint where unauthorized process was detected
    • Endpoint domain
    • Violation, which is the event monitoring rule violated by the process
    • Action performed when violation was detected
    • Event, which is the type of object accessed by the program
    • Risk level of the unauthorized program
    • Program, which is the unauthorized program
    • Operation, which is the action performed by the unauthorized program
    • Target, which is the process that was accessed
    • Infection channel from where the threat originated
  6. To save logs to a comma-separated value (CSV) file, click Export to CSV. Open the file or save it to a specific location.