- *BASICS*
- The Knox Ecosystem
- Samsung Knox Portal
- Knox Licenses
- *FOR IT ADMINS*
- Knox Suite
- Knox Platform for Enterprise
- White paper
- Get started with UEMs
- Introduction
- Blackberry UEM
- Samsung Knox Manage
- Admin Guide
- Knox Service Plugin
- Knox Mobile Enrollment
- Introduction
- FAQs
- KBAs
- Release notes
- Get Started
- Features
- Register resellers
- Add an admin
- Create profiles
- Google Device Owner Support
- MDM Compatibility Matricies
- Device users
- Activity log
- Enrolling and unenrolling devices
- Configure devices
- Providing KME feedback
- Using the Knox Deployment App (KDA)
- Recovering Google FRP locked devices using KME
- Role-based access control (RBAC)
- Troubleshoot
- Knox Configure
- Mobile
- Wearables
- Shared Device
- Knox Manage
- Introduction
- Release Notes
- How-to videos
- Getting Started
- Configure
- Licenses
- Organization
- Users
- Sync user information
- Groups
- Devices
- Content
- Applications
- Profile
- Knox E-FOTA
- Certificates
- Advanced settings
- Monitor
- Kiosk devices
- Remote Support
- Active Directory
- Microsoft Exchange
- Mobile Admin
- Appendix
- Knox E-FOTA
- Introduction
- White paper
- Knox E-FOTA One Admin Guide
- Knox E-FOTA Advanced Admin Guide
- *FOR RESELLERS*
- Knox Deployment Program
- *FOR MANAGED SERVICE PROVIDERS*
- Knox MSP Program
To view the alerts of audit events, complete the following steps:
1. Navigate to History > Alert.
2. On the “Alert” page, enter a device name, select an alert type, event type, audit event, level of alert, log date, and set the period, and then click Search.
3. Click the alert you want to view.
- There are four categories of alerts:
- Failed Policies: Informs you that sent device commands or policies are not applied to devices.
- Changes in Device Status: Informs you of the device’s status change to Disconnected. In this case, you cannot control the device because the Keepalive settings are expired and the device does not communicate with the Knox Manage server.
- Security Violation: Informs you of devices on which security violations have been detected during periodical device inspection.
- Others: Informs you of the occurrence of other types of audit events.
4. On the “Audit Log Detail” area, view the detailed information about the audit event.
- The necessary actions you must take according to the alert category are as follows:
|
Alert category |
Description |
|---|---|
|
Failed Policies |
|
|
Changes in Device Status |
Click the mobile ID of the disconnected device and check the Keepalive status. Also, tell the device user to check the device’s network connection status. The violation of Keepalive is detected when the connection of the device and the server is lost longer than the time set in the Keepalive settings. |
|
Security Violation |
|
