In Malwarebytes Nebula, an Event is a general term for a threat that has occurred, remediation or other action taken on a threat, and other endpoint-related activity. Similarly, queued or pending endpoint actions are referred to as Tasks. This article provides a brief overview of the Events and Tasks screens and how they are useful for endpoint management.
This screen displays a record of threats, remediation and other activities on endpoints. Use the drop-down lists to filter the entries shown.
There are several types of events, varying in severity. The Severity drop-down list has the following event types:
- Severe: A threat has been found.
- Warning: A threat has been cleaned, Suspicious Activity detected, a command has failed, or an item failed to delete from Quarantine.
- Info: A scan has finished, asset information posted, agent information posted, or an item has been deleted from Quarantine.
- Audit: An endpoint has been registered, endpoint deleted, report generated, or an exclusion has happened at the policy level.
Next to an event, click the timestamp to show details. If an event is related to a policy level exclusion, hover over the Policies item to show the policies affected. If the event is a Threat Found, click the View Report link to check out the report for the scan that identified the threat.
This screen shows on-demand activities requested on endpoints. These activities can be asset management scans, malware scans, quarantine restore, or quarantine delete. The timeframe displayed is the last 25 days.
Details regarding each activity are logged. These details may include who issued the command, which endpoint was affected, and when the command occurred. The current status of the task is also shown.
Use the drop-down menus at the top of the screen to limit the number of entries shown.
Any pending tasks that the endpoint hasn't handled within 90 days expire and are automatically removed from the Tasks list.
Return to the Malwarebytes Nebula Administrator Guide.