Webroot Logs

Overview

Evidence: Webroot Logs Description: Collect Webroot Logs Category: Applications Platform: windows Short Name: wbrtls Is Parsed: No Sent to Investigation Hub: No Collect File(s): Yes

Background

Webroot SecureAnywhere is a cloud-based antivirus solution that maintains a local log file (WRLog.log) and database files containing threat intelligence, scan results, and cloud-based analysis data.

Data Collected

This collector gathers structured data about webroot logs.

Collection Method

This collector gathers Webroot's main log file and associated database files from the WRData directory in ProgramData, which contain local security event data.

Forensic Value

Webroot logs provide insights into cloud-based threat detections, behavioral analysis, and security events. The database files contain threat classification and system monitoring data valuable for investigations.