Viewing Suspicious Connection Logs

Procedure

1. Go to one of the following:
   • Logs → Agents → Security Risks
   • Agents → Agent Management
2. In the agent tree, click the root domain icon () to include all agents or select specific domains or agents.
3. Go to the Suspicious Connection Log Criteria screen:
   • From the Security Risk Logs screen, click View Logs → Suspicious Connection Logs.
   • From the Agent Management screen, click Logs → Suspicious Connection Logs.
4. Specify the log criteria and then click Display Logs.
5. View logs. Logs contain the following information:

   Item	Description
   Date/Time	The time the detection occurred
   Endpoint	The endpoint on which the detection occurred
   Domain	The domain of the endpoint on which the detection occurred
   Process	The process through which the contact was attempted (path\application_name)
   Local IP and Port	The IP address and port number of the source endpoint
   Remote IP and Port	The IP address and port number of the destination endpoint
   Result	The result of the action taken
   List Source	The C&C list source that identified the C&C server
   Traffic Direction	The direction of the transmission

6. To save logs to a comma-separated value (CSV) file, click Export to All to CSV. Open the file or save it to a specific location.