North America
  • North America
  • Europe
  • United Kingdom
  • Asia & Pacific
  • Australia
  • South America
  • Africa

How to export security logs from Endpoint Manager

Release Time
12/27/2018
Views
36 times
Category
Security Sub-System
Tags


  • Click 'Security Sub-Systems' > 'Security Dashboards'
     
  • The security dashboard is a list of all security-related events on managed Windows endpoints.
     
  • Security events can be generated by the antivirus, containment and application-control modules.
     
  • For example, a security event is created when:
    • Malware is detected
    • Files are blocked, moved to quarantine, or ignored
    • Files are restored/removed from quarantine 
    • Files get rated as trusted or submitted as a false positive
    • Files are run in the container
    • ...and more
       
  • Each log shows the name of the file responsible for the event, the action that caused the event, the severity of the event, the devices affected, and more.
     
  • 'Security Dashboards' has two tabs:
    • Event View - shows all logged events in chronological order
    • File View - all events concerning a particular file are grouped together
       
  • You can export both the event and file views to .csv file
     
  • You can download and view the exported file in 'Dashboard' > 'Reports'

 

Step-by-step process

  • Login to ITarian
  • Click 'Applications' > 'Endpoint Manager'
  • Click 'Security Sub-Systems' > Security Dashboards
  • Select the 'Event View' tab to view all records in chronological order
    OR
  • Select the 'File View' tab to view all events concerning a particular file grouped together
  • Click ‘Export’ > 'Export to CSV' to generate your report:

  • You will see a confirmation message at top-right:
     

Download the report

  • Click 'Dashboard' > 'Reports'
  • Select the file you generated earlier
  • Click the 'Download' button:

  • An example report is shown below: