Management Audit Logs - User Guide - 2 - Cortex XPANSE - Cortex - Security Operations

Cortex Xpanse Expander User Guide

Product
Cortex XPANSE
Version
2
Creation date
2024-08-29
Last date published
2024-11-06
Category
User Guide
Solution
Cloud
Abstract

View and export management audit logs in Cortex Xpanse.

Management audit logs display a log of all administrative user interactions within Cortex Xpanse. The logs are sorted by date and list which users interacted in what way with system objects, and associated data. Cortex Xpanse stores management audit logs for 365 days.

Note

The audit logs do not include actions performed in the Alert War Room. These actions are documented in the Alert War Room.

Xpanse enables you to monitor administrative activity through management audit log notifications. See Configure Notification Forwarding to forward your management audit logs to an email distribution list, Syslog server, or Slack channel.

To view management audit logs, navigate to SettingsManagement Audit Logs. Use the filter to narrow your results based on specific fields. You can also save your filters for later use.

To export the management audit logs as a .tsv file, click the Export to file button.

The table below describes the management audit log fields.

Field

Description

Description

Descriptive summary of the administrative action.

Host Name

Name of any relevant affected hosts.

Result

The result of the action: Success, Fail, or N/A

Severity

Severity associated with the log:

  • Critical

  • High

  • Medium

  • Low

  • Informational

Subtype

Subcategory of action.

Timestamp

Time and date of the action.

Type

Type of action logged.

User Name

Name of the user who performed the action.