Send Management Audit logs to a Syslog Server or an email distribution list.
You can forward management audit notifications to an email distribution list or a Syslog Server. If you are forwarding to a Syslog Server, add a Syslog Server before forwarding.
By default, all management audit notifications are forwarded.
Navigate to
→ → → → .Enter a name and a description for the configuration and click Next.
Define the Management Audit log scope.
To select a subset of the management audit notifications, click the filter button, select the relevant filters, and perform a search. For example, if you want to forward only notifications related to API keys, click the filter button, select Type, and then select the Api Key value.
Click Next.
Update the following fields:
Field
Description
Mandatory
Distribution List
Add at least one email address to receive management audit notifications.
Yes
Notification Timezone
Change the notification timezone. The notification timezone only affects the time listed in email notifications. You can use the timezone configured in Cortex XSOAR or select Coordinated Universal Time (UTC).
No
Grouping Timeframe
Change the grouping time frame. The grouping time frame specifies how often Cortex XSOAR sends notifications. Every 30 notifications aggregated within this time frame are sent together. To send every notification as soon as it is generated, set the time frame to 0.
By default, the grouping time frame is 10 minutes.
No
Subject
Select to generate the subject automatically or deselect and enter the email subject. By default, this field is selected.
Optional
Syslog Server
Select the Syslog Server (if already configured).
No
Click Done to send the notification.