Automation audit log - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Documentation

Product
Cortex XDR
Creation date
2024-03-06
Last date published
2024-10-01
Category
Administrator Guide
Abstract

Includes the list of fields included in the automation audit log for Cortex XDR.

The Automation Audit Log shows all the records of all the automation rule executions, included successful, failed and paused actions.

Right-click on a record and select View triggering alert to view the details of the alert in the Alerts table. Only If the record is an Endpoint Response action, you can select View in Action Center, to view details of the action in the Action Center.

The Automation Audit Log fields includes the following information.

Field

Description

Timestamp

The date and time of the last time the automation rule was triggered.

Action

The action that was triggered.

Trigger Status

The status of the action— Success, fail, or pause.

Description

Details of the trigger status.

Triggering Alert ID

The ID of the alert that was triggered by the automation rule.

Automation Rule ID

The ID of the automation rule.

Automation Rule Version

The version number that is updated every time the rule's conditions or actions are modified.