SEP Collector - LogType = AlertsQuery
Created: 23 Feb 2012 | 2 comments
Does anyone know what the 'AlertsQuery' log type is from the SEP event collector?
We have virus events that show up in the SSIM but we can not find them in our SEPM console. I was wondering if there was something unique about these events. I believe they come from the 'V_ALERTS' table in the SEPM database.
Thanks!
Discussion Filed Under:
Comments
Hi, As per my analysis, for
Hi,
As per my analysis, for all the Virus & Expanded threat detections you will be getting AlertsQuery as the log type.
I'll get you with more details on this.
Regards,
Avkash K
Hi, Below are the LogTypes
Hi,
Below are the LogTypes availbale & their source from SEPM DB.
The AgentBehavior Logs are captured from the V_AGENT_BEHAVIOR_LOG view.
The AgentPacket Logs are captured from the V_AGENT_PACKET_LOG view.
The AgentSecurity Logs are captured from the V_AGENT_SECURITY_LOG view.
The AgentTraffic Logs are captured from the V_AGENT_TRAFFIC_LOG view.
The AgentSystem Logs are captured from the V_AGENT_SYSTEM_LOG view.
The EnforcerClient Logs are captured from the V_ENFORCER_CLIENT_LOG view.
The EnforcerSystem Logs are captured from the V_ENFORCER_SYSTEM_LOG view.
The EnforcerTraffic Logs are captured from the V_ENFORCER_TRAFFIC_LOG view.
The ServerAdmin Logs are captured from the V_SERVER_ADMIN_LOG view.
The ServerSystem Logs are captured from the V__SERVER_SYSTEM_LOG view.
The LanDeviceDetected Logs are captured from the V_LAN_DEVICE_DETECTED view.
The ServerClient Logs are captured from the V_SERVER_CLIENT_LOG view.
The ServerEnforcer Logs are captured from the V_SERVER_ENFORCER_LOG view.
The ServerPolicy Logs are captured from the V_SERVER_POLICY_LOG view.
The Alerts Logs are captured from the V_ALERTS view.
Hope this helps you!!
Regards,
Avkash K
Would you like to reply?
Login or Register to post your comment.