Querying Logs with Control Manager

Endpoint Application Control violation logs are available in Control Manager. To query these logs for details, do the following:

  1. In Control Manager, go to Logs > New Ad Hoc Query.

    The Data Scope screen appears.

  2. Select Select Product Tree.
  3. In the product tree, select the Endpoint Application Control entity or entities you want to query logs for and then click Next.

    The Data Views screen appears.

  4. Expand the list to go to Security Threat Information > Policy/Rule Violation Information > Detailed Information and then select Detail Endpoint Application Security Violation Information.

    The Query Criteria screen appears.

  5. Configure your query criteria, optionally save the query, and then click Query.

    The Ad Hoc Query Results screen displays your results.