Threat Remediation: Viewing Logs

Document created by user.Yo2IBgvWqr Employee on Jun 21, 2018Last modified by user.Yo2IBgvWqr Employee on Jul 19, 2018
Version 16Show Document
  • View in full screen mode

The Logs tab displays the actions taken against individual incidents, whether automatic and manual, in date order. By default only the last five actions are displayed, but this can be increased to all actions taken in the last 30 days. From the log list you can:

  • Search for a specific log.
  • Export the logs.
  • Filter the display (e.g. by message status).

 

Viewing Logs

 

To view Logs:

  1. Log on to the Administration Console.
  2. Click on the Administration menu item. A menu drop down is displayed.
  3. Click on the Services | Threat Remediation menu item. The Threat Remediation home page is displayed.
  4. Click on the Logs tab. Alternatively, click on the View all Logs link on the bottom right corner. Logs are displayed in date order, and display the following information:

 

ColumnDescription
Incident IDThe unique code assigned to the incident. View the "Incident IDs" section of the Targeted Threat Protection: Remediation Overview page for more information.
ToDisplays the email address of the message's recipients.
FromDisplays the email address of the message's sender.
ActionIndicates the type of action taken on an incident:
  • Remove: The message was deemed a threat and was manually removed from the user's mailbox.
  • Restore: The message was falsely identified as malicious, and was restored to the user's mailbox.
  • Identify: The message was deemed a threat, and the relevant action was automatically applied.
Action DateThe date and time an action was taken on an incident
Message StatusThe message's status at the time of the "Action Date".

 

Viewing a Log File's Associated Incident

 

To search for an incident from the Logs queue, or to narrow the results:

  1. View IncidentClick on the down arrow next to All and select one of the following options:
    • Incident ID: Search for an incident by the known ID number.
    • To: Search for the incident by the recipient's email address.
    • From: Search for the incident by the sender's email address.
  2. Enter any known message / data identifiers in the Search field.
  3. Click on the magnifying glass icon or press the Enter key. The search results display.
  4. Click on the three dot icon to the right of the log, and click on the View Incident menu item. The corresponding incident is displayed.

 

Filtering Log Files

 

Filtering the QueueTo filter the Logs queue, you can select from the following options:

  1. Date Range: Select a time period from the drop down menu. Optionally click on Custom Range to display a date / time picker. Click on the Done button to update your results.
  2. Filters: All incident types display by default. Select one of the following:
    • Notify Only: Displays incidents where the Administrator is notified but no action has been taken.
    • Automatic: Displays incidents that have been automatically removed, with the administrator notified.
    • Manual: Displays incidents that the administrator has manually performed an action on.
    • Restore: Displays incidents confirmed as safe and restored to the user's mailbox.
  3. Show: By default, 50 incidents display in the queue per page. Select between 50 to 300 incidents per page.
  4. Custom Settings: Click on the Settings icon in the top right corner to display a pop out panel. Select the boxes of any columns you want to view and click the Apply button. Your custom selections display.

 

Exporting Log Data

 

To export the Logs queue to a .CSV file:

  1. Click on the Export Data button. An Export Logs Data panel slides into view.
  2. Select the boxes of any data columns you want to include in the download file.
  3. Click on the Download button. The file is downloaded to your machine's desktop.

 

See Also...

 

Attachments

    Outcomes