- *BASICS*
- The Knox Ecosystem
- White Paper
- Samsung Knox Portal
- Knox Cloud Services
- General Knox Support
- Knox Licenses
- *FOR IT ADMINS*
- Knox Admin Portal
- Knox Suite
- Knox Platform for Enterprise
- Introduction
- How-to videos
- Before you begin
- Get started with UEMs
- Introduction
- Blackberry UEM
- Citrix Endpoint Management
- FAMOC
- IBM MaaS360
- Microsoft Intune
- MobileIron Cloud
- MobileIron Core
- Samsung Knox Manage
- SOTI MobiControl
- VMware Workspace ONE UEM
- Knox Service Plugin
- Release notes
- Migrate to Android 11
- FAQs
- Troubleshoot
- KBAs
- Knox Mobile Enrollment
- Introduction
- How-to videos
- Get started
- Features
- Register resellers
- Add an admin
- Create profiles
- Google device owner support
- MDM compatibility matrices
- Device users
- Activity log
- Enroll and unenroll devices
- Configure devices
- Provide KME feedback
- Use the Knox Deployment App (KDA)
- Recover Google FRP locked devices using KME
- Role-based access control (RBAC)
- Release notes
- FAQs
- Troubleshoot
- KBAs
- On-Premise
- Knox Configure
- Mobile
- Wearables
- Shared Device
- KBAs
- Knox Capture
- Introduction
- How it works
- How-to videos
- IT admins: Get started
- Getting started with Knox Capture
- Step 1: Launch Knox Capture
- Step 2: Create a scanning profile
- Step 3: Select apps and activities
- Step 4: Configure the scanner
- Step 5: Set keystroke output rules
- Step 6: Test apps in your configuration
- Step 7: Share your configuration
- Step 8: Deploy Knox Capture in Managed mode
- End users: Get started
- Features
- Release notes
- FAQs
- Troubleshoot
- Knox Asset Intelligence
- Knox Manage
- Introduction
- How-to videos
- Get started
- Configure
- Licenses
- Organization
- Users
- Sync user information
- Groups
- Devices
- Content
- Applications
- Profile
- Knox E-FOTA
- Certificates
- Advanced settings
- Monitor
- Kiosk devices
- Remote Support
- Active Directory
- Microsoft Exchange
- Mobile Admin
- Appendix
- Release notes
- Features
- FAQs
- KBAs
- Knox E-FOTA
- Introduction
- How-to videos
- Get started
- Features
- EMM integration
- Appendix
- Release notes
- FAQs
- KBAs
- Troubleshoot
- Legacy Knox E-FOTA products
- Samsung Care+ for Business
- *FOR RESELLERS*
- Knox Deployment Program
- *FOR MANAGED SERVICE PROVIDERS*
- Knox MSP Program
To view the alerts of audit events, complete the following steps:
1. Navigate to History > Alert.
2. On the “Alert” page, enter a device name, select an alert type, event type, audit event, level of alert, log date, and set the period, and then click Search.
3. Click the alert you want to view.
- There are four categories of alerts:
- Failed Policies: Informs you that sent device commands or policies are not applied to devices.
- Changes in Device Status: Informs you of the device’s status change to Disconnected. In this case, you cannot control the device because the Keepalive settings are expired and the device does not communicate with the Knox Manage server.
- Security Violation: Informs you of devices on which security violations have been detected during periodical device inspection.
- Others: Informs you of the occurrence of other types of audit events.
4. On the “Audit Log Detail” area, view the detailed information about the audit event.
- The necessary actions you must take according to the alert category are as follows:
|
Alert category |
Description |
|---|---|
|
Failed Policies |
|
|
Changes in Device Status |
Click the mobile ID of the disconnected device and check the Keepalive status. Also, tell the device user to check the device’s network connection status. The violation of Keepalive is detected when the connection of the device and the server is lost longer than the time set in the Keepalive settings. |
|
Security Violation |
|
