Includes the list of fields included in the automation audit log for Cortex XDR.
The Automation Audit Log shows all the records of all the automation rule executions, included successful, failed and paused actions.
Right-click on a record and select View triggering alert to view the details of the alert in the Alerts table. Only If the record is an Endpoint Response action, you can select View in Action Center, to view details of the action in the Action Center.
The Automation Audit Log fields includes the following information.
Field | Description |
---|---|
Timestamp | The date and time of the last time the automation rule was triggered. |
Action | The action that was triggered. |
Trigger Status | The status of the action— Success, fail, or pause. |
Description | Details of the trigger status. |
Triggering Alert ID | The ID of the alert that was triggered by the automation rule. |
Automation Rule ID | The ID of the automation rule. |
Automation Rule Version | The version number that is updated every time the rule's conditions or actions are modified. |