top of page

Working Log

image.png

The Working Log grid is a powerful and versatile tool that allows you to perform searches, filters, sorts, and groupings in real time on the entire log archive from the last 30 days.

To search through the logs, for example for a specific machine, simply type the initial of the machine name in the PC column of the first row (filter row), or use the Filter function by clicking the funnel-shaped icon in the column header (Excel style).

The Date Time column, when using the funnel function, displays a practical calendar with integrated features.

Columns Description:

​

Area: Log membership. Logins are highlighted starting with “Login: …”

  • User Access: Physical login of the user

  • Lock/Unlock: User login after a desktop or screen saver lock

  • Remote Access: Remote Desktop access

  • Cache Access: User access via cache verification (e.g., on a domain-disconnected notebook)

  • TeamViewer: Access via TeamViewer remote connection

  • VNC: Access via VNC remote connection

  • NoMachine: Access via NoMachine remote connection

  • Dameware: Access via Dameware remote connection

  • SpaskTop: Access via SpaskTop remote connection

  • Iperius: Access via Iperius remote connection

​

  • ID: Accessing the machine via Iperius remote connection

  • Date/Time: Date and time the event was created

  • Type: Type of log

  • Origin: Application or service from which the event originates

  • Category: Log category

  • PC: Machine where the event was generated

  • User: User linked to the generation of the event

  • Message: Original full message of the event

  • Login: If a “key” icon appears, it means the event was generated by an interactive access (obsolete)

  • Admin: The detected user is one of the administrators listed in the administrators list

  • Admin Name: The name indicated in the administrators list

​

Correlation ID: A unique identifier used to track and correlate requests across multiple systems and services. It is particularly useful in complex environments where a single operation may involve multiple components or services.

Here’s what it is used for:

​

  • Request Tracing: Helps track the path of a request through various services, making debugging and performance analysis easier.

  • Troubleshooting: In case of errors or problems, the Correlation ID allows you to quickly identify all components involved in a transaction.

  • Monitoring and Logging: Aggregates logs related to a specific request, improving visibility and understanding of the workflow.

​

In addition, logins are highlighted with different colors:

  • GREEN: User access according to the different types specified in the Area field

  • RED: User logout

  • YELLOW: User access with credentials different from the original ones

  • BLUE: Access via Remote Desktop software

  • ORANGE: Password-related events (changes, resets, etc.)

  • WHITE: Events of minor importance

​​​

By clicking the [Info] button, a drop-down menu appears, providing quick access to a range of analysis and diagnostic tools useful for technical monitoring of workstations.

Below is a description of the available items:

​

​​

image.png

  • Software Inventory: Displays the complete list of programs installed on the workstation, useful for checking for authorized or suspicious software.

  • System Updates: Collects the history of installed Windows updates (patches, KBs, etc.), useful for assessing the system’s update level.

  • Session List: Shows user sessions recorded on the machine, including login, logout, and  screen  lock/unlock events.

  • Scheduled Actions: Lists all scheduled tasks (Task Scheduler) on the machine, including potentially anomalous or undocumented ones.

  • Share List: Lists all folders shared by the machine on the network, with their paths and permissions.

  • IP Test: Performs a direct ping to the workstation, useful for quickly checking its reachability and online/offline status.

  • Network FlowChart: Generates a visual diagram of the machine’s position in the local network, showing active relationships and communications.

  • IP List: Displays all detected IP addresses associated with the machine. IPs with valid logins are  highlighted in green, while unauthorized login attempts are highlighted in red.                                Includes AI integration for quick or advanced analysis (if the Advanced AI license is available).

  • Full Test: Performs extensive diagnostics on the selected machine, including service status, reachability, updates, logs, and other key parameters.

​​​​​​​​​

​​

AI Analysis

​

The new AI Analysis button is available in the log grids (subject to a dedicated license).

This feature allows you to send up to 100 displayed events to the AI, which analyzes them to        automatically highlight critical or suspicious logs, providing a contextual and readable assessment, even for less  experienced users.

The goal is to deliver advanced interpretative support, improving the understanding of security logs and speeding up the identification of potentially risky actions.

If more than 100 logs are selected, the system will display a warning and only the first 100 will be considered.

The generated report can be printed and exported.

​

image.png
bottom of page