Discovery
Events collected through Agent and Collector Settings can be viewed in the Discovery menu.
How to search logs
Logs are stored in different indexes depending on the type of event, and logs can be searched after selecting an index.
Go to the Discovery menu, select the index you want to search the log from in the tree on the left.
Enter a query to be searched directly in the search bar or click a value to search in the log detail view to automatically create a data chip in the query input device. When typing directly into the query input method, Genian Insights' log searches use Lucene grammar. (More detailed syntax can be found in the Lucene Documentation.)
ex) If you want to search for a value with user ID 'admin' in Insights Logs
After selecting Discovery > Insights Logs, enter logUserId:"admin" in the query input device and click the
Searchbutton. Only the values with the user ID of admin are searched and the query is highlighted.
Audit records generated by the Genian Insights E server are stored in the Insights Logs index, and details by log ID are as follows.
| Log ID | Name | Content |
|---|---|---|
| 100 | Administrator Login | Login related to Administrators' login status |
| 110 | Group | Endpoints Group Creation, Modification, and Deletion Logs |
| 118 | Update | License update log |
| 120 | CLI | CLI connection related log |
| 121 | User Directory | User Directory Logs for Information, User, Department, etc. |
| 130 | Agent | Agent operation status, plug-in update related logs |
| 132 | System | Endpoints' System operation status (sleep, log on, log off. disk usage) related logs |
| 140 | Agent Action | Endpoints Threats Response Results, Process Dump Collection, File Collection, Yara Rules Scan Related Logs |
| 150 | System | Backup, index cleanup, deletion of inactive endpoints, Trendmicro linkage results, server service operation and integrity check, system upgrade related logs |
| 160 | Policy | Web Console's policy immediately applied, Endpoints Policy reception related log |
| 200 | Settings changed | Logs related to various settings change in Web Console |
| 300 | User | Logs related to user creation, deletion, Roles, and user information change in Web Console |
| 400 | Index | Index in Web ConsoleSystem Settings Related Logs |
| 500 | Collector | Logs related to Collector Settings in Web Console |
| 600 | Profile | Logs related to Collector Settings Profiles and Server Profiles in Web Console |
| 700 | Filter | Logs related to search filter |
| 750 | Threat | ThreatsSystem (Threats determination, person in charge Settings, etc..) status related logs |
| 770 | CTI | Audit log for deletion information when PE File is deleted |
| 790 | File | Logs related to file collection status in the CollectSystem menu |
| 800 | IOC DB | IOC DB update related log |
| 810 | Threat | Threats detection related logs |
| 815 | Device Tag | IOC Device Tag Settings Log |
| 820 | Notification | Display Notification Messages on Endpoints Log |
| 825 | Process Terminated | Terminating Process When Threats are Detected Log |
| 826 | Process Terminated (Manually) | Users Directly Terminating Process Log |
| 830 | File Quarantined | Delete File when Threats are detected Log |
| 831 | File Quarantined Manually | Log files directly deleted by users |
| 835 | Sample File Collected | Executable Sample Collection Log |
| 836 | Sample File Collected Manually | Logs of Manual Collection of Executable Samples |
| 837 | Collection | File Sample Collection Log |
| 838 | Collection Manually | File Sample Manual Collection Log |
| 841 | Network isolate(Manually) | Logged Network Quarantine Command Directly by Users |
| 850 | Anomaly Detection | Anomaly Detection Log |
| 870 | Anomaly | Abnormal behavior rule system and exception Policy Settings related log |
| 900 | Dashboard | Logs related to Dashboard in Web Console |
| 912 | Report | Logs related to changes in the Report menu of the Web Console |
| 999 | Miscellaneous | GenianNac log creation and deletion related logs |
Save search history and favorites
- Discovery screen After entering and searching data in the search window, click the
Favoritesbutton to display the Add Favorites screen with the search conditions displayed on the screen automatically entered. - When you click
Search Filterafter saving your favorites, you can check the list of added favorites and your recent search history (up to 50 each). Your recent browsing history is also cleared when your browser cache is cleared.