Skip to main content

Events page in Nebula

Updated: 

In Nebula, an Event is a general term for a threat that has occurred, remediation or other action taken on a threat, and other endpoint-related activity. The Events page displays a record of threats, remediation and other activities on endpoints. Use the drop-down lists to filter the entries shown. Event data is stored and displayed for up to 30 days prior across all endpoints. Use this page to audit endpoint and threat activity.

There are several types of events, varying in severity. The Severity drop-down list has the following event types:

Severity Description Event type
Severe A threat was found on an endpoint.
  • Threat Found
Warning A threat was cleaned, Suspicious Activity detected, a command failed, or an item failed to delete from the Quarantine.
  • Command Failed
  • Command Timeout
  • Patch Applied (Failed)
  • Suspicious Activity Detected
  • Scheduled Threat Scan Failed
  • Threat Cleaned
Info A scan finished on an endpoint, asset or agent information was posted to the console, or an item was deleted from the Quarantine.
  • Deleted from Quarantine
  • Patch Applied (Success)
  • Scheduled Hyper Scan Success
  • Scheduled Software Updated
  • Scheduled Threat Scan Success
  • Software Updated
  • Suspicious Activity Closed
  • Threat Scan Success
  • Vulnerabilities Resolved
Audit An endpoint was registered in the console, an endpoint was deleted from the console, a report was generated, an exclusion was edited, a policy was edited, or a user was added or deleted.
  • An Endpoint was Moved to Another Group
  • Endpoint Agent Installed
  • Endpoint Agent Removed
  • Endpoint Agent Uninstalled
  • Endpoint Removed Due to Inactivity
  • Exclusion Created
  • Exclusion Disabled
  • Exclusion Updated
  • Global Exclusions Disabled
  • Global Exclusions Enabled
  • New Active Response Shell Session
  • On-Demand Report Deleted
  • Policy Created
  • Policy Updated
  • Scheduled Report Emailed
  • Scheduled Report Generated
  • Syslog Communication Endpoint Added
  • User Permission Changed
  • Uninstall Protection Configured
  • Uninstall Protection Password Revealed
  • User Created by SSO Just-In-Time (JIT) Provisioning

Next to an event, click the timestamp to show details. If an event is related to a policy level exclusion, hover over the Policies item to show the policies affected. If the event is a Threat Found, click the View Report link to check out the report for the scan that identified the threat. 

Still have questions?

Support is available via chat, phone or by creating a ticket. You can also use our virtual assistant for guided assistance.

Learn more