Monitor Datasets and Dataset Views Activity - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Administrator Guide

Product
Cortex XSIAM
Creation date
2024-07-16
Last date published
2024-11-12
Category
Administrator Guide
Abstract

Learn more about the monitored Cortex XSIAM datasets and dataset views activities.

Cortex XSIAM logs entries for events related to datasets and dataset views monitored activities. Cortex XSIAM stores the logs for 365 days. To view the datasets and dataset views audit logs, select SettingsManagement Audit Logs.

You can customize your view of the logs by adding or removing filters to the Management Audit Logs table. You can also filter the page result to narrow down your search. The following table describes the default and optional fields that you can view in the Cortex XSIAM Management Audit Logs table:

Note

Certain fields are exposed and hidden by default. An asterisk (*) is beside every field that is exposed by default.

Field

Description

Description*

Log message that describes the action.

Email

Email of the user who performed the action.

Host Name*

This field is not applicable for datasets and dataset views logs.

ID

Unique ID of the action.

Reason

This field is not applicable for datasets and dataset views logs.

Result*

The result of the action ( Success, Fail, or N/A)

Severity*

Severity associated with the log:

  • Critical

  • High

  • Medium

  • Low

  • Informational

Timestamp*

Date and time when the action occurred.

Type* and Sub-Type*

Additional classifications of dataset and dataset view logs (Type and Sub-Type):

  • Datasets:

    • Create Dataset

    • Delete Dataset

    • Update Dataset

  • Dataset Views:

    • Create Dataset View

    • Delete Dataset View

    • Update Dataset View

User Name*

Name of the user who performed the action.