View the Security Event History on an Endpoint

When a user launches a process on the endpoint, Traps injects code into the process and activates a protection module known as an Exploit Protection Module (EPM) into the process. The endpoint security policy rules determine which EPMs are injected into each process. During the injection, the process name appears on the console in red. After the injection completes successfully, the console logs the security event on the Events tab.
Each security event on the Events tab displays the date and time of the event, name of the affected process, and EPM that was injected into the process. Typically, the mode indicates whether or not Traps terminated the process or only notified the user about the event.
  1. Launch the Traps Console:
    • From the Windows tray, right-click the Traps icon icon-traps.png and select Console, or double-click the icon.
    • Run CyveraConsole.exe from the Traps installation folder.
    The Traps Console launches.
  2. View the security events:
    1. Select AdvancedEvents to display the security events on the endpoint.
    2. Use the up and down arrows to scroll through the list of events.

Related Documentation