Create a Post
Showing results for 
Search instead for 
Did you mean: 

Endpoint Logging - Events

I am currently trying to see what events are affecting endpoints and i see there is a huge amount of "Scan Stop" events affecting the few users i have. This actually makes looking for important events a tedious task as the field Event Type is not filterable so i cannot take it out. DO you have any idea how i can sort this? I know there was a way to look in the generic fields and filter for "string" but i am unsure. 

As you can see the filtering is not enabled for this Column. 

Any ideas ? Or this is the known limitation that you can only use a few of the fields to process and sort logs?!

1 Reply

Try using SmartLog and filtering results using the input below.

Blade:Anti-Malware  NOT "Scan Start" NOT "Scan Stop" NOT Update.

That should just give you any threats found by the Anti-Malware Blade.