History
The History tab on the agent detail page provides a chronological log of every operation performed on the endpoint. This includes update installations, telemetry refreshes, compliance evaluations, vulnerability scans, and all other agent activities.
Event Timeline
Events are displayed in reverse chronological order (newest first). Each event shows:
| Field | Description |
|---|---|
| Timestamp | When the event occurred |
| Type | Event category icon and label |
| Status | Current state of the event |
| Summary | Brief description of what happened |
| Duration | How long the operation took |
| Reference ID | Hex-encoded identifier (e.g., EVT-04D2) |
Event Types
| Type | Icon | Description |
|---|---|---|
| Task | Play | Update installations, app installs, driver updates, log collections |
| Telemetry Refresh | Refresh | System state, software inventory, or applicability data collection |
| Security Evaluation | Shield | Vulnerability scan results |
| Compliance Evaluation | Check | Compliance framework evaluation results |
| Compliance Check | Clipboard | Individual compliance control checks |
| System Rollback | Rotate | OS build version regression detected; applicability data invalidated and refreshed |
Status Values
| Status | Color | Meaning |
|---|---|---|
| Pending | Gray | Operation queued, waiting to start |
| In Progress | Blue | Currently executing (duration counter ticks in real time) |
| Success | Green | Completed successfully |
| Partial | Yellow | Completed with some items succeeding and others failing |
| Failed | Red | Operation failed |
| Timeout | Orange | Operation exceeded the allowed time |
| Disconnected | Gray | Agent went offline during the operation |
Expanded Event Details
Click any event to expand it and see the full details. The content varies by event type:
Task Events (Update Installation)
Shows which updates were installed, with per-update results:
- KB number and update title
- Individual status (installed, failed, skipped)
- Severity level
- Duration per update
- Error details for failures
Task Events (App Installation)
Shows which applications were installed or updated:
- Application name and version
- Installation status
- Duration
Telemetry Refresh Events
Shows what data was collected, broken down by category:
- System, Software, System Applicability, App Applicability, Network, Policy
- Item counts per category
Compliance Evaluation Events
Shows framework-level results:
- Passed, failed, and manual review counts per framework
- Overall compliance score
Vulnerability Scan Events
Shows detection results:
- New vulnerabilities found
- Vulnerabilities resolved
- Detection methodology
System Rollback Events
Displayed when the platform detects that an endpoint's OS build version has decreased (for example, a Windows feature update was rolled back). The expanded view shows:
- Previous build number and version
- Current build number and version
- Count of invalidated items per data category (applicable updates, applicable applications, vulnerabilities)
Rollback events are fully automatic. When a rollback is detected, the platform invalidates stale applicability and vulnerability data and triggers a fresh scan. A yellow "System Rollback Detected" banner appears on the agent's System State tab until the refresh completes. No user action is required.
Reference IDs
Every event displays a hex-encoded reference ID in the format EVT-XXXX (for events) or TSK-XXXX (for tasks). These IDs are useful for troubleshooting with TridentStack support, as they uniquely identify the event across the entire platform.
Parent and Child Events
Some operations create a parent event with child events. For example, a system update installation task (parent) may contain individual update installation events (children) for each KB that was installed. Expanding the parent event reveals the child events nested underneath.