This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Threat detection Log sample

Hello,

I have a log sample from Sophos Data Control module. I need such a sample from the threat detection module. Can someone post such a log sample please?

2014-11-21 16:39:04 INFO: InsertedAt=2014-11-21 21:38:59; EventID=4129451; EventTime=2014-11-21 21:39:00; EventTypeID=7; EventType=Data control; Name=; ReportingName=Virtualization images; UserName=MYDOMAIN\username; ActionID=4; Action=Alert only; ScanTypeID=; ScanType=; SubTypeID=; SubType=; ComputerName=MYMACHINE; ComputerDomain=MYDOMAIN; ComputerIPAddress=10.10.10.10

Thank you,

Doron

This thread was automatically locked due to age.

0 QC over 10 years ago

Hello Doron,
took me a few minutes to figure out you are talking about the Log Writer. :Next time - please ... smileyhappy:
I was a little bit confused by your use of the term module. Which data source did you use and what exactly are you interested in? Did you use the default configuration and nothing has been reported in the DefaultThreats.log?
Christian
:54910
Cancel
Vote Up 0 Vote Down

Cancel
0 exa-doron over 10 years ago

Christian,
Thank you for your quick reply.
I found what I was looking for. It was a Viruses/spyware event type:
2014-10-24 15:09:04 INFO: InsertedAt=2014-10-24 22:07:33; EventID=123456; EventTime=2014-10-24 22:07:15; EventTypeID=1; EventType=Viruses/spyware; Name=Troj/Regin-Fam; ReportingName=Troj/Regin-Fam; UserName=MYMACHINE\doron; ActionID=116; Action=Blocked; ScanTypeID=201; ScanType=On access; SubTypeID=0; SubType=Other type; ComputerName=MYMACHINE; ComputerDomain=MYDOMAIN; ComputerIPAddress=10.10.10.10
Doron
:54916
Cancel
Vote Up 0 Vote Down

Cancel