-
Go to one of the following:
-
Logs > Agents > Security Risks
-
Agents > Agent Management
-
- In the agent tree, click the root domain icon () to include all agents or select specific domains or agents.
-
Go to the Suspicious Connection Log Criteria
screen:
-
From the Security Risk Logs screen, click View Logs > Suspicious Connection Logs.
-
From the Agent Management screen, click Logs > Suspicious Connection Logs.
-
- Specify the log criteria and then click Display Logs.
-
View logs. Logs contain the following information:
Item
Description
Date/Time
The time the detection occurred
Endpoint
The endpoint on which the detection occurred
Domain
The domain of the endpoint on which the detection occurred
Process
The process through which the contact was attempted (path\application_name)
Local IP and Port
The IP address and port number of the source endpoint
Remote IP and Port
The IP address and port number of the destination endpoint
Result
The result of the action taken
List Source
The C&C list source that identified the C&C server
Traffic Direction
The direction of the transmission
- To save logs to a comma-separated value (CSV) file, click Export to All to CSV. Open the file or save it to a specific location.
Views: