Hi,
Thank you for posting in Symantec community.
Network Threat Protection logs collect information about intrusion prevention. They also contain information about the connections that were made through the firewall (traffic), the registry keys, files, and DLLs that are accessed. They contain information about the data packets that pass through the computers. The operational changes that were made to computers are also logged in these logs. This information may include when services start and stop or when someone configures software. Among the other types of information that may be available are items such as the time and the event type and the action taken. It can also include the direction, host name, IP address, and the protocol that was used for the traffic involved. If it applies to the event, the information can also include the severity level.
Reference: About Network Threat Protection reports and logs
http://www.symantec.com/docs/TECH95542
About log types
http://www.symantec.com/docs/HOWTO27271
About the different types of Symantec Endpoint Protection Manager Reports
http://www.symantec.com/docs/TECH95538