How do I export the Suspicious Event Summary?

Before you begin

The Suspicious Event Summary on the Threats Dashboard lists information about threat-related events in your network. To export the event data to a CSV file, click the Export To CSV link above the summary table.

If your system has more than 100,000 threat-related event records, the management console cannot generate the CSV file directly. Instead, you are prompted to export the records directly from the Log Database.

To do this:

Steps

  1. Connect to the Microsoft SQL Server machine that hosts the Log Database.
  2. Open SQL Server Management Studio and log on to the SQL Server instance that hosts your Log Database.
  3. In the Object Explorer, under Databases, select the catalog database (wslogdb70, by default).
  4. Click New Query at the top of the window.
  5. When the query window displays, enter:
    select * from amt_UI_log_details
  6. Click Execute.

    A Results pane will display the data in a table format.

  7. In the Results pane, right-click and select Save Results As to output the results to a file.