In 3.6.1, I used to pass on the source URL of threats to our network guys to additionally block. So if for example we had a psyme hit I would pass on the URL that was shown in the drill down of Antivirus\detection\detections\threat detected report.
Under 4.0 although I can set my reports easily enough to pull out data for threats detected and drill down to see the standard event log info for each event the threat source URL always seems to be blank.
Any suggestions or ideas?
There is nothing in the SQL to account for this as this just sets what events and times etc, the data just doesnt seem to be in the event logs full stop.