• 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
How do I read and filter events in Log Central?
#1
Hi,
The Log Central tool looks very powerful, but I’m not sure how to use it effectively. How can I quickly see what the Antivirus, HIPS, Firewall or EDR have done in the last hours or days?
  Reply
#2
Hi and welcome!
Log Central is your single pane of glass for all GetOverX Shield events. To use it effectively:
  1. Open Log Central from the Tools section.
  2. Use the Module filter (if available) to focus on a single component at a time: Antivirus, Firewall, HIPS, Sandbox, EDR, etc.
  3. Adjust the time range to “Last hour”, “Today”, “Last 7 days”, depending on what you’re investigating.
  4. Look at key fields such as:
    • Module / Source (who generated the event)
    • Action (allowed, blocked, quarantined, killed, etc.)
    • Object (file, process, IP, domain)
    • Details / Reason (why the action was taken)
This is especially useful to:
  • Reconstruct what happened during a suspicious incident.
  • Verify that your protection modules are working as expected.
  • Identify repeated patterns (e.g., a specific process constantly blocked by HIPS).
  Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)