Harmony Endpoint Logs

Harmony Endpoint Logs menu allows you to customize logs and views to effectively monitor all your systems from one location.

00:03: In this tutorial, you will learn how to view logs in Harmony Endpoint and create exclusions for specific events.

00:09: Harmony Endpoint generates logs for every security event and activity that occurs in it.

00:16: To get started, log in to the Infinity Portal and select Harmony Endpoint.

00:21: To view logs, from the left navigation panel, click "Logs" and select the required logs widget. The page shows all the logs that were generated in the last 24 hours.

00:29: To create an exclusion from a specific log, locate the event you want to exclude in the Logs table. Click the Actions menu next to that event. You can choose Create Exclusion for All Rules to apply broadly or Create Exclusion for Exclude Rule Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session. for a specific rule.

01:07: Using filters and checkboxes, you can filter the logs that you want to investigate. You can apply filters like Time, Severity, Blade, action type to quickly find relevant events. This helps you focus on what matters most.

01:18: To view more information related to a specific log, click the log to view the details on the Card.

01:25: You can create exclusions from the logs or the Exclusions Center.

01:29: Exclusions allow you to prevent specific files, folders, or processes from being flagged as malicious. This helps reduce false positives.

01:37: The Exclusions Center shows all the rule-based and global exclusions created in your account.

01:43: To create exclusions from Exclusions Center, from the left navigation panel, click "Policy" and go to "Policy and Capabilities". In the Capabilities and Exclusions pane, click Exclusions Center and click Add Exclusion. Enter a name, set the status to Enabled, and choose the exclusion type such as File, Folder, or Process. You can also specify whether the exclusion applies to all supported blades or select specific ones.

02:06: Global Exclusions refer to a centralized list of trusted items, such as files, folders, or processes, that are exempt from security scans or enforcement actions. To access Global Exclusions, go to Policy > Global Exclusions. Here you can add exclusions that apply across all policies and endpoints. Use this for trusted domains, files, or processes that should never trigger alerts anywhere in your environment.

02:26: For a deeper investigation, open the Forensics Report from the Event Details panel. It provides a timeline of activities, impacted files, and recommended actions. To download the Forensics Report, click on any security event in the Logs table. This opens the details panel on the right. Under the Forensics Report section, you’ll see links such as Forensics Alert and Download the Forensics Report. Click these to open the detailed Forensics analysis, which includes a timeline of the incident, related files, behavior paths, and recommended remediation steps.

02:55: Thank you for watching the video.

From the New Tab Catalog, select what you want to show in this tab:

Catalog Item

Description

Favorites

Select one of the Logs or View that you marked with the Favorite icon ()

Recent

Select one of the Logs or Views that you opened recently

Shared

Select a view that was shared with you

Logs

Select one of the widgets with logs collected from all Harmony Endpoint clients

Note - Though the interface shows support to export up to one million logs, you can export a maximum of 10000 entries to a .csv file.

Views

Select one of the Views with data from all available blades, services, and applications

Reports

Select one of the available reports

Note - For custom views and reports through SmartView, see the Logging and Monitoring Administration Guide.

You can open as many tabs as you want providing they show different views.

Use the toolbar on the top to open views, create new views and reports, export them to PDF and perform relevant actions.

See all collected logs in the Harmony Endpoint Logs view:

Use the time filter (1) and select the relevant options on the Statistics pane (3) to set specific criteria and customize the search results. Alternatively, you can enter your query in the search bar. For more details about the Query Language, see Query Language Overview.

Item	Description
1	Time period - Search with predefined custom time periods or define another time period for the search.
2	Query search bar - Enter your queries in this field.
3	Statistics pane - Shows statistics of the events by Blades, Severity of the event and other parameters.
4	Card - Log information and other details.
5	Results pane - Shows log entries for the most recent query.
6	Options - Hide or show a client identity in the Card, and export the log details to CSV.

The information recorded in logs can be useful in these cases:

To identify the cause of technical problems.
To monitor traffic more closely.
To make sure that all features function properly.

Note - You can forward logs to expansion (SIEM). For more information, see Event Forwarding.

Data Storage and Retention

Threat Hunting and Endpoint Data Retention is 90 days by default.
Ingestion limit is 110MB, per seat, per day.
Additional Data Retention is available for 1 year, by using the Threat Hunting Data Retention SKU/ Infinity Events SKUs.

For more information, see sk182394.

Static Signatures (YARA) Logs

Anti-Malware Mode	Static Signatures (YARA) Mode	Action	Outcome
Detect	Detect	YARA detects the malicious file	Harmony Endpoint logs the action as Anti-Malware A component of the Endpoint Security client that protects against known and unknown viruses, worms, Trojan horses, adware, and keystroke loggers. Detect.
Detect	Prevent	YARA blocks the malicious file	Harmony Endpoint logs the action as Anti-Malware Prevent even though the Anti-Malware is in Detect mode.
Prevent	Detect	YARA detects the malicious file	Harmony Endpoint logs the action as Anti-Malware Detect even though the Anti-Malware is in Prevent mode.
Prevent	Prevent	YARA blocks the malicious file	Harmony Endpoint logs the action as Anti-Malware Prevent.
Off	Off	No protection	No logs as Anti-Malware protection is disabled.