Shield Guard Logs

3 minute read Last updated on March 12, 2024

Shield Guard’s Log Viewer displays a list of security events that occurred for devices in the tenant. To access the Log Viewer, select the Logs option from the Navigation pane. See the following illustration:

The list of security events appears in the Logs table. If you click on a column header, the table sorts by that column. To reverse the sort order, click on the column header again.

The Rows per page dropdown menu controls the number of logs that appear on a single page. If the number of existing logs exceeds the number of rows per page , you can view additional pages of logs by clicking on the angle brackets (< or >) to the right of the rows per page.

The Logs table contains the following information:

Column Description
View log details.
Importance The severity of the event (high or low).
Type The type of event (Device/Policy).
Event A description of the event.
Date The date and time that the event occurred.

About Log Events

Shield Guard generates an event log for any of the following occurrences:

  • When a Shield Guard security assessment detects a change in a device’s security status, for example from Not Assessed to Secure. That is, not all assessments generate a log. Note that Shield Guard performs security assessments based on the security policy’s frequency settings.

  • Certain updates to a policy, or to users and/or devices in a policy, including the following:

    • A Shield Guard policy is created, or a setting is modified.

    • The Shield Guard agent is removed from a device in the policy.

    • A device is added to, or removed from, a tenant.

    • A device is added to, or removed from, a Shield Guard policy.

    • A device in a tenant goes online or offline.

    • A user is added to, or removed from, a tenant.

Viewing Log Details

If a “down” chevron appears in a row of the Logs table, additional information is available about the log entry. To view log details, click on the chevron. The details appear and the chevron switches to “up”. To hide details, click on the Up chevron.

The following illustration shows the most recent assessment of Device 287 with a “low” importance rating, while an assessment of the same device four minutes before shows a “high” importance rating. The Log details for that assessment identify the security settings involved and indicate which Shield Guard policy values do not match the device values. Those device values were then modified by the user to match the Shield Guard policy values, so that subsequent logs rated the importance as “low”.

Filtering the Logs Table

To filter the Logs table to list only events containing a specified string, use the Search field. The following illustration shows the Logs page, filtered by the following string:

  offline device

The Search returns all logs in which both “offline” and “device” appear somewhere in the log. Note that search strings are not case-sensitive.

If you place quotation marks around your search string, the Search returns all logs in which an exact match of the search string appears somewhere in the log:

  "offline device"

In the following illustration, searching for the exact string returned no matches: