Monitor Administrative Actions
To monitor the progress of administrator-initiated activities that may take time to complete (especially when run in bulk), you can use the Actions Tracker in Traps management service.
The Actions Tracker tracks the following activities:
- Agent upgrades
- Agent uninstalls
- Agent scans
- Halted agent scans
- Data retrieval (both security event data and tech support files)
- Quarantined file restoration
Administrative actions that typically complete immediately—such as updating the status of a security event or deleting an endpoint—are not tracked in the Actions Tracker.
In addition, the Actions Tracker only displays the status of actions initiated within the last 37 days (30 days + a 7-day grace period). After 37 days, Traps management service clears any information about the administrative action from the Actions Tracker.
Should the action fail to complete, the Actions Tracker displays details to help you understand the reason for the failure.
For bulk operations initiated prior to the September 2018 Traps management service release (but within the 37-day tracking period), the Actions Tracker displays those actions independently as single actions.
- From Traps management service, select Actions
Tracker.For each action, the Actions Tracker displays the following information:
- Type—Type of action.
- Created By—The user and service that initiated the action. Or for policy-initiated actions, the Actions Tracker indicates the action was created by Agent Policy.
- Target—Endpoint host name (if only one) or endpoint count for bulk operations.
- Status—Status of the action (pending, in progress, succeeded, or failed).
- Creation Time—Time the action was initiated.
- Additional Information—Summary of the progress or additional details.
- To view additional details for an event, select name
of the event Type.The additional details view displays information about the operation including the progress and details about each endpoint on which the action was performed. Depending on the event type, the additional details view can also provide links to relevant information for the action. For example, for a data retrieval event, you can download the data (when available) and view additional information about the security event for which the data was retrieved.
Retrieve Logs from an Endpoint
Retrieve Logs from an Endpoint From the details view of an endpoint, you can initiate a request to retrieve all logs from an endpoint. You ...
Features Introduced in 2019
Introducing new features in the Traps management service by month during 2019. ...
Assess Security Events
Assess Security Events Traps management service ranks all events in order of severity so you can quickly see the most important events when you log ...
Features Introduced in 2018
Introducing new features in the Traps management service by month during 2018. ...
Scan an Endpoint for Malware
Scan an Endpoint for Malware In addition to blocking the execution of malware, Traps can scan your Windows endpoints and attached removable drives for dormant ...
Administrative Roles Role-based access control (RBAC) enables you to use preconfigured roles to assign access rights to administrative users. You can manage roles for all ...
Response Actions After you Assess a Security Event and determine a file or process is malicious, you can take additional action to remediate the endpoint. ...