Enable security auditing event IDs - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Documentation

Product
Cortex XDR
Creation date
2024-03-06
Last date published
2024-12-30
Category
Administrator Guide

You can enable security auditing events using GPO or set them up on a local server. Active Directory Certificate Services (ADCS) events require additional setup.

Note

We recommend you configure security auditing using Group Policy Object (GPO). Using GPO simplifies audit management and ensures that auditing settings are uniformly applied across your network, reducing the risk of misconfigurations on individual machines.