/

Log Action

Action Type: LOG

Records all detected security threats to the Monitor's internal logger while allowing the application to continue running normally.

Available for: All platforms (Mobile and Desktop)

How It Works

When the Log action is triggered, the Monitor framework:

  1. Captures complete threat details including type, confidence, and metadata
  2. Records the incident with timestamp and detection context
  3. Stores logs persistently for later analysis
  4. Continues application execution without interruption

When to Use

Recommended for:

  • Production applications that need to monitor threats without disrupting user experience
  • Building historical security data
  • Triggering alerts or notifications
  • Investigating incidents after the fact
  • Applications requiring comprehensive threat intelligence

Not recommended for:

  • Extremely sensitive applications where any threat should trigger termination
  • Real-time response scenarios where detection delays are unacceptable

Configuration

JSON Configuration

JSON
{
  "protections": [
    {
      "type": "MemoryDumpDetection",
      "action": "log",
      "intervalMs": 2000
    },
    {
      "type": "DebuggerDetection",
      "action": "log",
      "intervalMs": 1000
    }
  ]
}

Code-Based Configuration (Swift)

Swift
import ByteHideMonitor

BHMMonitor.configure { config in
    config.enableProtection(
        .memoryDumpDetection,
        action: .log,
        intervalMs: 2000
    )

    config.enableProtection(
        .debuggerDetection,
        action: .log,
        intervalMs: 1000
    )
}

Code-Based Configuration (Objective-C)

OBJC
#import <ByteHideMonitor/ByteHideMonitor.h>

[BHMMonitor configure:^(BHMMonitorConfiguration *config) {
    [config enableProtection:BHMProtectionModuleTypeMemoryDumpDetection
                      action:BHMActionTypeLog
                  intervalMs:2000];

    [config enableProtection:BHMProtectionModuleTypeDebuggerDetection
                      action:BHMActionTypeLog
                  intervalMs:1000];
}];

What Gets Logged

The Monitor logger records the following information for each threat:

  • Threat Type: Classification of the detected threat (e.g., DEBUGGER_ATTACHED, JAILBREAK_DETECTED)
  • Description: Human-readable explanation of the threat
  • Confidence Score: Numerical confidence (0.0-1.0) indicating certainty of detection
  • Timestamp: Precise moment the threat was detected
  • Module: Which protection module detected the threat
  • Metadata: Additional context (e.g., debugger name, injection method)

All logged incidents are reported to the Cloud Panel, where you can review them, set up alerts, and export data for analysis.

Interval Configuration

The intervalMs parameter controls checking frequency:

  • 500-1000ms: High-frequency monitoring for critical modules
  • 2000-3000ms: Standard monitoring with balanced overhead
  • 5000ms+: Low-frequency background monitoring

For the Log action, shorter intervals are often acceptable since logging has minimal performance impact.

Best Practices

  • Always Log in Production: Use Log action as a safety net for all modules
  • Export Regularly: Periodically export threat logs for analysis and compliance
  • Set Alerts: Configure external systems to monitor logs and trigger alerts
  • Combine with Custom Actions: Use Custom actions on high-risk modules for more aggressive responses
  • Monitor Patterns: Look for repeated threats indicating targeted attacks
  • Maintain Log Hygiene: Review and archive old logs regularly

Close Action

Terminate the application immediately on threat detection

Custom Action

Execute custom logic when threats are detected

None Action

Detection only without any response action

Previous
None
Next
Close