Management audit logs - Administrator Guide - 8 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Cloud Documentation

Product
Cortex XSOAR
Version
8
Creation date
2024-03-07
Last date published
2025-01-14
Category
Administrator Guide
Solution
Cloud
Abstract

View, export, extract, and purge the audit trail in Cortex XSOAR. The audit trail logs all administrative user actions in Cortex XSOAR.

The management audit logs display a log of all administrative user interactions within Cortex XSOAR. By default, the logs are sorted by Timestamp and cover which users interacted in what way with system objects, and associated data.

Note

The audit logs do not include actions performed in the War Room. These actions are documented in the War Room.

You can filter by field, such as email, ID, user name, type, etc., and you can save filters for later use. In addition, you can adjust the appearance of the columns and add or remove columns.

To view the audit logs, go to Settings & InfoManagement Audit Logs.

To export the management audit logs as a tsv text-based file, click the Export to file button. You can also forward management audit notifications to a syslog server or an email distribution list.

The following table describes the log types and sub types.

API Keys

Includes the following subtypes:

Authentication

Includes the following subtypes:

Licensing

Includes details about the license such as expiration and ingestion violation.

Permissions

Includes user role permissions such as:

Cortex Automation

XSOAR Migration

Includes audit information about the migration from Cortex XSOAR 6 to 8, such as whether users were migrated, the cutoff date, and whether content and integrations were resynced.