How to access a security event details?
- In the Report section, click on any security event displayed in the table
- In the Alert email, click on "View event in Office Protect"
- In the ConnectWise or Autotask security event ticket, click on "View event in Office Protect"
What can I find in my security event details?
In the security event details, you can find:
- The security event details (timestamp, description)
- Details if the security event has been ignored:
- Ignoring date,
- Whitelist Rule name, if the event has been ignored through a rule
Below the event description section, two tabs are displayed:
- Remediation: all remediation actions available to mitigate the risks, act quickly and avoid potential damage if there is a compromise on your organization. If no remediation is available yet, a banner is displayed.
If the remediation target is a user, two information pastilles are displayed:- User's account status (Active / Blocked)
- User's roles (Regular User / Privileged Admin / Admin / Guest User)
- How to react: our recommendations to investigate the situation and take action if needed.
