Send Management Audit logs. Integration logs or Guard Rails to an email distribution list and/or Syslog Server.
You can send management audit logs, integration logs or guard rails log notifications to an email distribution list and/or a syslog server. You need to add the syslog server to External Applications to select from the list of servers.
Navigate to → → → → .
Enter a name and a description for the configuration.
From the Log Type list, select the option.
Management Audit Logs
Integration Logs
Guard Rails
Define the scope.
To select a subset of the selected logs, click the filter button, select the relevant filters, and perform a search. For example, if you want to forward only notifications related to API keys, click the filter button, select Type, and then select the Api Key value.
Click Next.
Update the following fields:
Field
Description
Mandatory
Distribution List
Add at least one email address to receive notifications for management audit logs, integration logs or guard rails log.
Yes
Notification Timezone
Change the notification timezone. The notification timezone only affects the time listed in email notifications. You can use the timezone configured in Cortex XSOAR or select Coordinated Universal Time (UTC).
No
Grouping Timeframe
Change the grouping time frame. The grouping time frame specifies how often Cortex XSOAR sends notifications. Every 30 notifications aggregated within this time frame are sent together. To send every notification as soon as it is generated, set the time frame to 0.
By default, the grouping time frame is 10 minutes.
No
Subject
Select to generate the subject automatically or deselect and enter the email subject. By default, this field is selected.
Optional
Syslog Server
Select the Syslog Server (if already configured).
No
Click Done to send the notification.