About the security log – HP t5740 Thin Client User Manual

About the Security log

The Security log records potentially threatening activity that is directed towards your endpoint, such as
port scanning, virus attacks, or denial-of-service attacks. The Security log is probably the most important
log in the agent.

The Security log records attacks in the following categories:

Critical attack

Major attack

Minor attack

Information

The Security log records the following information about each activity:

Time

The exact date and time that the event was logged

Security Type

Type of security alert, such as a DoS attack, executable file, Ping of Death, or virus attack

Severity

The severity of the attack (either Critical, Major, Minor, or Information)

Direction

Direction that the traffic was traveling in (incoming, outgoing, or unknown)—Most attacks are
incoming, that is, they originate in another endpoint. Other attacks, like Trojan horses, are
programs that have been downloaded to your endpoint and therefore are already present; they
are considered outgoing. Still other attacks are unknown in direction; they include Active
Response or application executable changed.

Protocol

Type of protocol—UDP, TCP, and ICMP

Remote Host

IP address of the remote endpoint (only appears in Local View - this is the default)

Remote MAC

MAC address of the remote endpoint. If outside the subnet, it is the MAC address of the router.
(only appears in Local View - this is the default)

Local Host

IP address of the local endpoint (only appears in Local View - this is the default)

Local MAC

MAC address of the local endpoint (only appears in Local View - this is the default)

Application Name

Name of the application associated with the attack

User Name

User or endpoint that sent or received the traffic

Domain

Domain of the user

Occurrences

Number of occurrences of the attack method

Begin Time

Time the attack began

End Time

Time the attack ended

16

Chapter 5 Monitoring and logging