Application Logs
(OBJ 4.9)
Application logs example
Generic log example:
/CAP/Security+/Visual%20Aids/Pasted%20image%2020250725171037.png)
- You will typically see Date, Time, Event ID, Description, User who performed the action, the action taken, and the details
- All of these actions happened within about a minute or two in the same day
- Sequential
- On the sixth line we can see a Blocked action, this was done by jsmith and it was inside of the docx file called 'Q3-Financials.docx', in there there was a Macro detected, it was detected and blocked
- The next line is a security alert saying there's potentially malicious macro inside of your file, inform user of this action to decide what to do
- Next the file is Quarantine so it can no longer infect our system or other people's systems
- Finally and Admin alert is generated to let an administrator known that it detected and blocked for 'Q3-Financials.docx'