View, export, extract, and purge the audit trail in Cortex XSOAR. The audit trail logs all administrative user actions in Cortex XSOAR.
The management audit logs display a log of all administrative user interactions within Cortex XSOAR. By default, the logs are sorted by Timestamp and cover which users interacted in what way with system objects, and associated data.
Note
The audit logs do not include actions performed in the War Room. These actions are documented in the War Room.
You can filter by field, such as email, ID, user name, type, etc., and you can save filters for later use. In addition, you can adjust the appearance of the columns and add or remove columns.
To view the audit logs, go to
→ .To export the management audit logs as a tsv
text-based file, click the Export to file button. You can also forward management audit notifications to a syslog server or an email distribution list.
The following table describes the log types and sub types.
API Keys
Includes the following subtypes:
Authentication
Includes the following subtypes:
Licensing
Includes details about the license such as expiration and ingestion violation.
Permissions
Includes user role permissions such as:
Cortex Automation
XSOAR Migration
Includes audit information about the migration from Cortex XSOAR 6 to 8, such as whether users were migrated, the cutoff date, and whether content and integrations were resynced.