Traps Endpoint Security Manager Administrator's Guide
    : View the Security Event History on an Endpoint
    Focus
    Focus
    1. Home
    2. Traps
    3. Traps Endpoint Security Manager Administrator's Guide
    4. Monitoring
    5. Monitor Security Events
    6. View the Security Event History on an Endpoint

    Traps Endpoint Security Manager Administrator's Guide

    View the Security Event History on an Endpoint

    Table of Contents

    View the Security Event History on an Endpoint

    When a user launches a process on the endpoint, Traps injects code into the process and activates a protection module known as an Exploit Protection Module (EPM) into the process. The endpoint security policy rules determine which EPMs are injected into each process. During the injection, the process name appears on the console in red. After the injection completes successfully, the console logs the security event on the Events tab.
    Each security event on the Events tab displays the date and time of the event, name of the affected process, and EPM that was injected into the process. Typically, the mode indicates whether or not Traps terminated the process or only notified the user about the event.
    1. Launch the Traps Console:
      • From the Windows tray, right-click the Traps icon
        and select Console, or double-click the icon.
      • Run CyveraConsole.exe from the Traps installation folder.
      The Traps Console launches.
    2. View the security events:
      1. Select AdvancedEvents to display the security events on the endpoint.
      2. Use the up and down arrows to scroll through the list of events.

    © 2024 Palo Alto Networks, Inc. All rights reserved.