Monitor Administrative Actions
To monitor the progress of administrator-initiated activities that may take time to complete (especially when run in bulk), you can use the Actions Tracker in Traps management service.
The Actions Tracker tracks the following activities:
- Agent upgrades
- Agent uninstalls
- Agent scans
- Halted agent scans
- Data retrieval (both security event data and tech support files)
- File retrieval (Windows endpoints only, up to 20 files reported as part of the security event)
- Quarantined file restoration
Administrative actions that typically complete immediately—such as updating the status of a security event or deleting an endpoint—are not tracked in the Actions Tracker.
In addition, the Actions Tracker only displays the status of actions initiated within the last 37 days (30 days + a 7-day grace period). After 37 days, Traps management service clears any information about the administrative action from the Actions Tracker.
Should the action fail to complete, the Actions Tracker displays details to help you understand the reason for the failure.
For bulk operations initiated prior to the September 2018 Traps management service release (but within the 37-day tracking period), the Actions Tracker displays those actions independently as single actions.
- From Traps management service, select.MonitorActions TrackerFor each action, the Actions Tracker displays the following information:
- Type—Type of action.
- Created By—The user and service that initiated the action. Or for policy-initiated actions, the Actions Tracker indicates the action was created byAgent Policy.
- Target—Endpoint host name (if only one) or endpoint count for bulk operations.
- Status—Status of the action (pending, in progress, succeeded, or failed).
- Creation Time—Time the action was initiated.
- Additional Information—Summary of the progress or additional details.
- To view additional details for an event, select name of the eventType.The additional details view displays information about the operation including the progress and details about each endpoint on which the action was performed. Depending on the event type, the additional details view can also provide links to relevant information for the action. For example, for a data retrieval event, you can download the data (when available) and view additional information about the security event for which the data was retrieved.
Features Introduced in 2019
Introducing new features in the Traps management service by month during 2019. ...
Retrieve Logs from an Endpoint
Retrieve Logs from an Endpoint From the details view of an endpoint, you can initiate a request to retrieve all logs from an endpoint. You ...
Scan an Endpoint for Malware
Scan an Endpoint for Malware In addition to blocking the execution of malware, Traps can scan your Windows endpoints and attached removable drives for dormant ...
After you assess a security event and determine a file or process is malicious, you can take additional response actions to remediate the endpoint. ...
Assess Security Events
Assess Security Events Traps management service ranks all events in order of severity so you can quickly see the most important events when you log ...
Features Introduced in 2018
Introducing new features in the Traps management service by month during 2018. ...
Retrieve Files from an Endpoint
Retrieve Files from an Endpoint This capability is supported on Windows endpoints with Traps 6.1 and later releases. If during investigation you want to retrieve ...
Export Logs from the Traps Management Service
Export Logs from Traps Management Service To archive or save endpoint and server logs for future use, you can export logs from Traps management service ...