View and export management audit logs in Cortex Xpanse.
Management audit logs display a log of all administrative user interactions within Cortex Xpanse. The logs are sorted by date and list which users interacted in what way with system objects, and associated data. Cortex Xpanse stores management audit logs for 365 days.
Note
The audit logs do not include actions performed in the Alert War Room. These actions are documented in the Alert War Room.
Xpanse enables you to monitor administrative activity through management audit log notifications. See Configure Notification Forwarding to forward your management audit logs to an email distribution list, Syslog server, or Slack channel.
To view management audit logs, navigate to → . Use the filter to narrow your results based on specific fields. You can also save your filters for later use.
To export the management audit logs as a .tsv file, click the Export to file button.
The table below describes the management audit log fields.
Field | Description |
|---|---|
Description | Descriptive summary of the administrative action. |
Host Name | Name of any relevant affected hosts. |
Result | The result of the action: Success, Fail, or N/A |
Severity | Severity associated with the log:
|
Subtype | Subcategory of action. |
Timestamp | Time and date of the action. |
Type | Type of action logged. |
User Name | Name of the user who performed the action. |