Viewing Behavior Monitoring Logs

  1. Go to Logs > Agents > Security Risks or Agents > Agent Management.
  2. In the agent tree, click the root domain icon () to include all agents or select specific domains or agents.
  3. Click Logs > Behavior Monitoring Logs or View Logs > Behavior Monitoring Logs.
  4. Specify the log criteria and then click Display Logs.
  5. View logs. Logs contain the following information:
    • Date/Time unauthorized process was detected

    • Endpoint where unauthorized process was detected

    • Endpoint domain

    • Violation, which is the event monitoring rule violated by the process

    • Action performed when violation was detected

    • Event, which is the type of object accessed by the program

    • Risk level of the unauthorized program

    • Program, which is the unauthorized program

    • Operation, which is the action performed by the unauthorized program

    • Target, which is the process that was accessed

    • Infection channel from where the threat originated

  6. To save logs to a comma-separated value (CSV) file, click Export to CSV. Open the file or save it to a specific location.