Skip to content

Server Lockdown Events


If you use Sophos XDR Sensor, this feature isn't available.

The Lockdown Events tab in a server's details page lets you see "events" in which Server Lockdown blocked unauthorized activity on the server.

Examples of such events are: a user trying to run an unauthorized program on the server, an unknown updater trying to update files, or a user trying to modify files with a program that isn't authorized for the purpose.

Go to Devices > Servers and click on the server you want to view details for. Click Lockdown Events to view the events associated with the server.

The tab is displayed only for servers that you have locked down.

To see the report, click Update Report. This creates a report on events in the previous twenty-four hours.

The list shows:

  • The event type.
  • When each event happened.
  • The Parent. This is the program, script or parent process that was active.
  • The Target. This is the file or program that was the target of the activity.