See descriptions of the fields in the Action Center.
The following table describes both the default and additional optional fields that you can view from the All Actions tab of the Action Center and lists the fields in alphabetical order.
Field | Description |
---|---|
Action Type | Type of action initiated on the endpoint. |
Agent Restart | Status of the restart an agent action on <endpoint name>. Statuses:
|
Created By | Name of the user who initiated the action. |
Creation Timestamp | Date and time the action was created. |
Description | Action scope of affected endpoints and additional data relevant to each of the specific actions, such as agent version, file path, and file hash. |
Expiration Date | Time the action will expire. To set an expiration date, the action must apply to one or more endpoints. By default, Cortex XSIAM assigns a 7-day expiration limit to the following actions:
Additional actions such as malware scans, quarantine, and endpoint data retrieval are assigned a 4-day expiration limit. After the expiration limit, the status for any remaining Pending actions on endpoints change to Expired and these endpoints will not perform the action. |
Status | Current status of the action. |
Additional data—If additional details are available for an action or for specific endpoints, you can pivot to the Additional data view. You can also export the additional data to a TSV file. The page can include details in the following fields but varies depending on the type of action. | |
Endpoint Name | Target host name of each endpoint for which an action was initiated. |
IP Addresses | IP address associated with the endpoint. |
Status | Status of the action for the specific endpoint. (Linux)—Completed with Partial Success for a single endpoint that did not complete the action successfully. |
Action Last Update | Time at which the last status update occurred for the action. |
Advanced Analysis | For Retrieve alert data requests related to Cortex XSIAM Alerts raised by exploit protection modules, Cortex XSIAM can analyze the memory state for additional verdict verification. This field displays the analysis progress and resulting verdict. |
Action Parameters | Summary of the Action including the alert name and alert ID. |
Additional Data | Malicious Files | Additional data, if any is available, for the action. For malware scans, this field is titled Malicious Files and indicates the number of malicious files identified during the scan. |