Filter 'Alerts Displayed' Logs
You can create custom views of all logged events according to the following criteria:
- Advice: Filter events by the path at which the malware was found
- Answer: Filter events according to the user's response. For example,'Skip once'.
- Answered: Filter events by specific dates
- Description: Filter events by malware name
- Treat As: Not used
- Type: Filter events by alert category. Possible categories are antivirus alerts and execution alerts. Execution alerts are coming in a future version of XCS.
Configure Event Filters
- Open Xcitium Client Security
- Click 'More' > 'View Logs' > 'Other Logs' > 'Alerts Displayed'
- Right-click inside the log viewer module and choose 'Advanced Filter'
- Advice:
View logs that concern files at a specific path. You need to enter
the path in the field provided:
- Select 'Contains' or 'Does Not Contain' option from the drop-down.
- Contains - Show only those events which concern items at the location you specify. You can add multiple locations.
- Does Not Contain - Show events which did not concern files at the locations you specify.
- Answer: Filter logs by the action taken by the user on the detected threat. You can then filter by a specific type of action. For example, to only show events where the threat was quarantined.
- Select 'Equal' or 'Not Equal' from the drop-down.
- Equal – Show only events which feature the action you select. You can select multiple actions.
- Not Equal - Inverts your choice. For example, select 'Not Equal' + 'Quarantine' to view every event except those that were quarantined.
- Select the specific actions you want to view from:
- Unknown – Events where the user did not respond to alerts
- Disinfect – Events where the user chose to run a disinfection routine on the malware
- Delete – Events where the user chose to clean (delete) the file
- Quarantine – Events where the user chose to place the malware files in quarantine
- Skip Once - Events where the user chose to ignore the alert once
- Add To Exclusions - Events where the user chose to include the files to exclusions list
- False Positive – Not used.
- Answered:
Filter logs by date of the response. You need to enter the date in
the field provided. You can then refine your filter with other
parameters:
- Select any of the following option from the second drop-down:
- Equal – Show only events that occurred on the specified date
- Greater than - Show only events that occurred later than the specified date
- Greater than or Equal – Show only events that occurred later than or on the specified date
- Less than - Show only events that occurred before the specified date
- Less than or Equal – Show only events that occurred before than or on the specified date
- Not Equal – Show events that occurred on all dates except the specified date
- Description: Filter logs by the name of the malicious item. You need to enter the name of the malware in the field provided:
- Select 'Contains' or 'Does Not Contain' from the second drop-down:
- Contains – Show only those events which concern the malware named in the text field. You can add multiple malware names
- Does Not Contain - Show only those events which did not involve the malware named in the text field
- Type: Filter events by alert category. Possible categories are antivirus alerts and execution alerts. Execution alerts are coming in a future version of XCS.
- Select 'Equal' or 'Not Equal' from the second drop-down.
- Equal - Show only events which feature the alert type you select.
- Not Equal - Inverts your choice. For example, select 'Not Equal' + 'Execution Alert' to view all antivirus alert events.