How do I read and filter events in Log Central?

[SantiagoHarris]

Hi,
The Log Central tool looks very powerful, but I’m not sure how to use it effectively. How can I quickly see what the Antivirus, HIPS, Firewall or EDR have done in the last hours or days?

[mrwebfeeder]

Hi and welcome!
Log Central is your single pane of glass for all GetOverX Shield events. To use it effectively:

1. Open Log Central from the Tools section.
   
2. Use the Module filter (if available) to focus on a single component at a time: Antivirus, Firewall, HIPS, Sandbox, EDR, etc.
   
3. Adjust the time range to “Last hour”, “Today”, “Last 7 days”, depending on what you’re investigating.
   
4. Look at key fields such as:
   • Module / Source (who generated the event)
     
   • Action (allowed, blocked, quarantined, killed, etc.)
     
   • Object (file, process, IP, domain)
     
   • Details / Reason (why the action was taken)
     

This is especially useful to:

• Reconstruct what happened during a suspicious incident.
  
• Verify that your protection modules are working as expected.
  
• Identify repeated patterns (e.g., a specific process constantly blocked by HIPS).