View, export, extract, and purge the audit trail in Cortex XSOAR. The audit trail logs all administrative user actions in Cortex XSOAR.
The management audit logs display a log of all administrative user interactions within Cortex XSOAR. The logs are sorted by date and cover which users interacted in what way with system objects, and associated data.
Note
The audit logs do not include actions performed in the War Room. These actions are documented in the War Room.
You can filter by field, such as email, ID, user name, type, etc., and you can save filters for later use. In addition, you can adjust the appearance of the columns and add or remove columns.
To view the audit logs, navigate to → .
To export the management audit logs as a .tsv file, click the Export to file button. You can also forward management audit notifications to a syslog server or an email distribution list.
The following table describes components and actions.
Component | Actions |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|