Getting Started with Security Events
Introduction
The WithSecure™ Security Events API provides access to real-time security event data from your protected endpoints. Security events are generated by various product features when they detect, block, or report security-related activities.
This guide provides an overview of the types of security events you can expect to receive from different product features in the WithSecure™ Elements platform.
For detailed API documentation, see the Security Events API Reference.
Security events
The following table shows the different product features and the types of security events they generate:
| Product features | Event types |
|---|---|
| Real-time protect | Malware / spyware detected, certain action was taken |
| DeepGuard | Malware / suspicious application / riskware / rare application / ransomware blocked System / another process configuration attempt blocked Network access for an application was blocked |
| On-demand scanning (scheduled or manually triggered) | Malware / spyware detected, certain action was taken |
| AMSI (antimalware scan interface) | Malware / spyware blocked |
| Firewall | Firewall blocked a connection |
| Browsing protection | Harmful / suspicious page blocked based on reputation score |
| Connection control | Network connection blocked |
| Web content control | Page belonging to certain category blocked |
| Web traffic scanning | Web page / binary blocked |
| Application control | Application / module / installer start operation blocked Application start operation reported File access blocked File access reported App control rule is misconfigured |
| DataGuard | Access to file blocked / Access to file reported |
| Device control | Device blocked Read / write access to mass storage device blocked Binary execution from mass storage device blocked |
| Integrity checker (Linux) | File modification reported |
| Tamper protection | File / registry / service modification attempt blocked Uninstallation operation was blocked |
| Server Share Protection | Prevented malicious modification on the server |
Understanding Security Events
Each security event contains detailed information about:
- Event type - The specific security action that occurred
- Timestamp - When the event was detected
- Source information - Which endpoint generated the event
- Event details - Specific context about the security incident
Next Steps
- Explore the API: Review the Security Events API Reference for complete endpoint documentation
- Set up monitoring: Configure your systems to consume security events via the API
- Implement filtering: Use API parameters to filter events based on your specific needs
- Create integrations: Build custom integrations with your SIEM or security tools
Related Resources
- Elements API Getting Started - Learn how to authenticate and make API calls
- Security Events API Reference - Complete API documentation
- Elements API Reference - Main Elements API documentation