Action1 RMM Logs
Overview
Section titled “Overview”Evidence: Action1 RMM Logs
Description: Collect Action1 RMM Logs
Category: Applications
Platform: windows
Short Name: action1rmmlgs
Is Parsed: No
Sent to Investigation Hub: No
Collect File(s): Yes
Background
Section titled “Background”Action1 RMM is a remote monitoring and management platform that maintains logs of agent activities, remote commands, patch deployments, and system monitoring events.
Data Collected
Section titled “Data Collected”This collector gathers structured data about action1 rmm logs.
Collection Method
Section titled “Collection Method”This collector gathers Action1 log files from the Windows directory containing RMM agent activity and command execution records.
Forensic Value
Section titled “Forensic Value”Action1 logs help investigate RMM-based attacks, identify executed commands, track software deployments, and reveal potential abuse of management tools for malicious purposes.