Webroot Logs
Overview
Section titled “Overview”Evidence: Webroot Logs
Description: Collect Webroot Logs
Category: Applications
Platform: windows
Short Name: wbrtls
Is Parsed: No
Sent to Investigation Hub: No
Collect File(s): Yes
Background
Section titled “Background”Webroot SecureAnywhere is a cloud-based antivirus solution that maintains a local log file (WRLog.log) and database files containing threat intelligence, scan results, and cloud-based analysis data.
Data Collected
Section titled “Data Collected”This collector gathers structured data about webroot logs.
Collection Method
Section titled “Collection Method”This collector gathers Webroot’s main log file and associated database files from the WRData directory in ProgramData, which contain local security event data.
Forensic Value
Section titled “Forensic Value”Webroot logs provide insights into cloud-based threat detections, behavioral analysis, and security events. The database files contain threat classification and system monitoring data valuable for investigations.