In Nebula, an Event is a general term for a threat that has occurred, remediation or other action taken on a threat, and other endpoint-related activity. You can audit endpoint and threat activity by going to the Investigate > Activity Log > Events page. Event data is stored and displayed for up to 30 days prior across all endpoints. Use this page to audit endpoint and threat activity.
Event types by severity
There are different types of events, each varying in severity. Use the Severity drop-down list to filter for specific events based on the different event types:
| Severity | Event type |
|---|---|
| Severe |
|
| Warning |
|
| Info |
|
| Audit |
|
Next to an event, click the timestamp to show more details. If the event is a Threat Found, click the View Report link to check out the report for the scan that identified the threat.
Event sources
Each event originates from a specific source, the point or entity where it came from. Knowing the source is key to understanding the event's cause and context. Use the Sources column in the Events Activity log to identify and filter by the source.
| Event Source | Description |
|---|---|
| EDR | Activities related to Endpoint Detection and Response, such as Suspicious Activity Closed. |
| ThreatDown Support | Actions taken by ThreatDown Support through remote assistance or a backend change done by engineering to support an upcoming feature. |
| Managed Machines | Activities occuring on machines or resulting from such actions, such as Endpoint Agent Installed, Patch Applied, or Endpoint Removed Due to Inactivity. |
| Scan Threat | Events happening from manual and scheduled scans. |
| Licensing System | Changes to the account's license, such as upgrading bundles, or adding a module. |
| Unknown | Unable to determine the event source. |
| Web Console | Actions originating from the console, such as creating a policy, or exclusion. |