The Events page in OneView displays a record of threats, endpoints requiring remediation, and activities performed in the console. Use the drop-down lists to filter the entries shown. Event data is stored and displayed for up to 30 days prior across all endpoints.
To navigate to the Events page:
- Log in to OneView.
- In the left navigation pane, click Investigate > Events.
There are several types of events, varying in severity. The Severity drop-down list has the following event types:
- Severe: A threat was found on an endpoint.
- Warning: A threat was cleaned, Suspicious Activity detected, a command failed, or an item failed to delete from the Quarantine.
- Info: A scan finished on an endpoint, asset information or agent information was posted to the console, or an item was deleted from the Quarantine.
- Audit: An endpoint was registered in the console, an endpoint was deleted from the console, a report was generated, an exclusion was edited, a policy was edited, or a user was added or deleted.
Next to an event, click the timestamp to show details. If an event is related to a policy level exclusion, hover over the Policies item to show the policies affected. If the event is a Threat Found, click the View Report link to check out the report for the scan that identified the threat.
Return to the Malwarebytes OneView User Guide.