The ATP Actions log returns information about actions taken as part of remediation efforts. These actions include:
Rejoining endpoints to the network
Submittals for sandboxing analysis
The following table lists the default fields used to list the search results.
Description of the action taken.
The name of the executed command.
The name of the device the command was sent to.
The overall success or failure of the action.
Possible values are:
Detailed information regarding the status of the action, including timestamps, results, and IDs.
The name of the user that originated or caused the event (if the event involves a user) or the user on whose behalf the event occurred.
You can create a search using queries that you create, or you can use predefined Quick Filters.
See About quick filters.
See Logging: Actions quick filters.
See Search query syntax.
The summary view lets you adjust the search time-frame, expand an action to get more information, and add, remove, and sort columns.
See Working in the Events Summary view.
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
This will clear the history and restart the chat.