Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=events-report

Events

The Events page provides information about all events on your devices.

Go to Reports > General Logs > Events.

Events that require you to take action are also shown on the Alerts page, where you can deal with them.

Some events cause alerts as soon as they happen. Others are promoted to alerts later (for example, if a computer is non-compliant with policy for two hours).

After you have taken an action or ignored the alert, it is no longer displayed on the Alerts page, but the event remains in the Events list.

For advice on what to do about threats, see How to deal with threats.

We report an outbreak if a device experiences 100 detections in 24 hours. We do this to avoid overwhelming you with similar or repeated detections. You must investigate and resolve these events. See Deal with outbreaks.

Malware and PUAs blocked. A simplified version of the Events log. It shows the malware and potentially unwanted applications (PUAs) that we have detected and blocked.

Configure the events report

Note

Only the administrator who creates a report can see it. Your partner or Enterprise administrators can't see or create this report.

A list of saved reports is shown at the top of the Reports page.

You can use the following options to configure the report:

Search: If you want to view events for a certain user, device, or threat name (for example, "Troj/Agent-AJWL"), enter the name of the user, device, or threat in the search box.

Restriction

In this version of Sophos Central, you cannot search events for a file name, for example, an executable file mentioned in the event.

Choose period: Use the box to select the time period for which you want to view events. If you select Custom, use the From and To fields to select the dates between which you want to view events. You can view events that occurred in the past 90 days or less.

Event type and count: The table on the left of the page displays the count for each type of event over the specified time range. It also allows you to display only certain categories or types of event. You do this by selecting or clearing the checkboxes next to the event type categories, or by expanding the categories and selecting or clearing the checkboxes next to the event types. By default, all events are displayed.

Update: Click this to display any new events reported since the page was last opened or refreshed.

Graph: The graph shows you at a glance the number of events that occurred per day.

The events list

The events list provides these event details:

  • Sev : Severity of the event
  • Date: Time and date when the event occurred
  • Event: Type of event
  • User: Source that caused the event, for example, the name of a user or system
  • User Groups: Group that the user is a member of
  • Device: Device that caused the event
  • Device Group: Group that the device is a member of

Save as Custom Report lets you save the report settings in the Saved Reports table on the Logs & Reports page.

The Export menu (on the right of the table) lets you export the current view or the report for the past 90 days as a CSV (comma separated value) or PDF file.

You can find help on the event types here: