Documentation forThreat Monitor

View event logs

In Threat Monitor, click Event Logs to view events in real time as they occur in your environment.

As logs stream into the table, the most recent events are listed first. Each log is parsed and lists any relevant data, including geolocation coordinates, reputation data, and host name resolution.

  1. Click a log to view the associated event details.

    Each log event details summary includes data that can be useful for correlating with other events, IP addresses, ports, etc.

  2. To group and view high-level facets of the current data set, click Analyze Results.

  1. To refine your results to group and view a specific subset of data, click the Add to Search Criteria icon next to any record detail in the table.

    The search syntax updates and auto-submits the form.

  2. To drill down even further, select a record to either filter out , or filter on data from the main events table to view very specific event logs and details. You can also click any column heading to show or hide the icons in each column row.
  3. To adjust the data set to a specific time frame, drag the mouse over the histogram.

  4. To export the results (up to 500 records) to Microsoft Excel, click the Excel icon .
  5. To find unmatched events, navigate to Admin > Failed Events.
  6. To see all possible field names which can be used during an event query, navigate to Admin > Event Fields.