The Events page in OneView displays a record of threats, endpoints requiring remediation, and activities performed in the console. Use the drop-down lists to filter the entries shown. Event data is stored and displayed for up to 30 days prior across all endpoints. To navigate to the Events page, go to Investigate > Events.
There are different types of events, each varying in severity. Use the Severity drop-down list to filter for specific events based on the different event types:
Severity | Description | Event type |
Severe | A threat was found on an endpoint. |
|
Warning | A threat was cleaned, Suspicious Activity detected, a command failed, or an item failed to delete from the Quarantine. |
|
Info | A scan finished on an endpoint, asset or agent information was posted to the console, or an item was deleted from the Quarantine. |
|
Audit | An endpoint was registered in the console, an endpoint was deleted from the console, a report was generated, an exclusion was edited, a policy was edited, or a user was added or deleted. |
|
Next to an event, click the timestamp to show details. If an event is related to a policy-level exclusion, hover over the Policies item to show the policies affected. If the event is a Threat Found, click the View Report link to check out the report for the scan identifying the threat.