North America
  • North America
  • Europe
  • United Kingdom
  • Asia & Pacific
  • Australia
  • South America
  • Africa

How to view security events by device from security dashboard

Release Time
04/04/2019
Views
155 times
Category
Endpoint Manager features
Tags


  • Open Endpoint Manager > Click 'Security Sub-Systems' > 'Security Dashboards'
     
  • The security dashboard is a list of all security-related events on managed Windows endpoints. The events in this interface are generated by the antivirus, containment and application-control modules. 
     
  • Example events you will see in the security dashboard are:
     
    • When malware is blocked, quarantined or ignored
       
    • When someone changes the trust rating of a file, or submits a false positive
       
    • When a file is run in the container
       
    • When files are added to, or removed from the client security file list
       
  • The interface also lets you change the trust rating of a file, move files in or out of quarantine, and view file details and activity.

 

To view security events by device view

  • Login to ITarian
     
  • Click 'Applications' > 'Endpoint Manager'
     
  • Click 'Security Sub-Systems' > 'Security Dashboards'
     
  • Select the 'Device View' tab

 

 

This will show the security events by particular device

 

 

DATE TIME - shows the date and time of the event occured in the specific device

DEVICE NAME - name of the device

COMPONENTS - shows in which security component type the event occured

For example:We have four types of security components

  • Antivirus
  • Containment
  • Application control
  • Autoruns control

 

ACTION - shows what kind of action occured in the endpoint

For example: some actions are malware detected,quarantined,run virtually,file updated or deleted

 

LAST ACTION - shows what kind of action occured most recently

For example :some recent actions will be deleted from quarantine,malware deleted from file,run restricted,ignored

 

# OF FILES - number of files in the event

ADDITIONAL INFO - Shows the status of the action taken on the event.

For example: The types of action are 

  • Completed
  • Progress
  • Unrecognized