Forward management audit log notifications to an email distribution list or syslog server.
You can forward management audit notifications to an email distribution list or a syslog server. If you are forwarding to a syslog server, Add a Syslog Server before forwarding.
Navigate to → → → → .
Enter a name and a description for the configuration and click Next.
By default, all management audit notifications are forwarded. To select a subset of the management audit notifications, click the filter button and perform a search. For example, if you want to forward only notifications related to API keys, search for Type
API Key. Click Next.Add one or more email addresses to receive management audit notifications.
(Optional) Change the notification timezone. The notification timezone only affects the time listed in email notifications. You can use the timezone configured in Cortex XSOAR or select Coordinated Universal Time (UTC).
(Optional) Change the grouping timeframe. The grouping timeframe specifies how often Cortex XSOAR sends notifications. Every 30 notifications aggregated within this time frame are sent together. To send every notification as soon as it is generated, set the time frame to 0. By default, the grouping timeframe is 10 minutes.
(Optional) Change the email subject.
Click Done to save your configuration.
(Optional) To later modify a saved forwarding configuration, right-click the configuration, and Edit, Disable, or Delete.