Events Report

The Events Report page provides information about all events on your devices.

Events that require you to take action are also shown on the Alerts page, where you can deal with them.

Some events cause alerts as soon as they happen. Others are promoted to alerts later (for example, if a computer is non-compliant with policy for two hours).

For information about the different types of event, see Event types.

For advice on what to do about threats, see How to deal with threats.

Malware and PUAs blocked. A simplified version of the Events log. It shows the malware and potentially unwanted applications (PUAs) that we have detected and blocked.

Configure the events report

You can use the following options to configure the report:

Search: If you want to view events for a certain user, device, or threat name (for example, "Troj/Agent-AJWL"), enter the name of the user, device, or threat in the search box.

Note In this version of Sophos Central, you cannot search events for a file name, for example, an executable file mentioned in the event.

Choose period: Use the box to select the time period for which you want to view events. If you select Custom, use the From and To fields to select the dates between which you want to view events. You can view events that occurred in the past 90 days or less.

Event type and count: The table on the left of the page displays the count for each type of event over the specified time range. It also allows you to display only certain categories or types of event. You do this by selecting or clearing the checkboxes next to the event type categories, or by expanding the categories and selecting or clearing the checkboxes next to the event types. By default, all events are displayed.

Update: Click this to display any new events reported since the page was last opened or refreshed.

Graph: The graph shows you at a glance the number of events that occurred per day.

The events list

The events list provides these event details:

  • Sev : Severity of the event
  • Date: Time and date when the event occurred
  • Event: Type of event
  • User: Source that caused the event, for example, the name of a user or system
  • User Groups: Group that the user is a member of
  • Device: Device that caused the event
  • Device Group: Group that the device is a member of

Save as Custom Report lets you save the report settings in the Saved Reports table on the Logs & Reports page.

The Export menu (on the right of the table) lets you export the current view or the report for the past 90 days as a CSV (comma separated value) or PDF file.