Symantec Advanced Threat Protection (ATP) collects information about the activities that occur in your environment. It stores this information in the form of events, which are comprised of various fields that contain information about each event. These events are stored in logs.
In ATP, you can search the following logs for events based on queries that you create, or by using predefined Quick Filters:
You can view the status of the asynchronous actions that are taken on entities through ATP Manager as well as actions taken through the API.
The events in these logs pertain to the state of your ATP software, the hardware in your environment, and actions that were initiated by your users or by ATP itself. Searching these logs can help you troubleshoot system health issues.