How to export security logs from Endpoint Manager
- Click 'Security Sub-Systems' > 'Security Dashboards'
- The security dashboard is a list of all security-related events on managed Windows endpoints.
- Security events can be generated by the antivirus, containment and application-control modules.
- For example, a security event is created when:
- Malware is detected
- Files are blocked, moved to quarantine, or ignored
- Files are restored/removed from quarantine
- Files get rated as trusted or submitted as a false positive
- Files are run in the container
- ...and more
- Each log shows the name of the file responsible for the event, the action that caused the event, the severity of the event, the devices affected, and more.
- 'Security Dashboards' has two tabs:
- Event View - shows all logged events in chronological order
- File View - all events concerning a particular file are grouped together
- You can export both the event and file views to .csv file
- You can download and view the exported file in 'Dashboard' > 'Reports'
- Login to ITarian
- Click 'Applications' > 'Endpoint Manager'
- Click 'Security Sub-Systems' > Security Dashboards
- Select the 'Event View' tab to view all records in chronological order
- Select the 'File View' tab to view all events concerning a particular file grouped together
- Click ‘Export’ > 'Export to CSV' to generate your report:
- You will see a confirmation message at top-right:
Download the report
- Click 'Dashboard' > 'Reports'
- Select the file you generated earlier
- Click the 'Download' button:
- An example report is shown below: