Monitor Agent Activity
Viewing agent audit logs requires either a Cortex XDR Prevent or Cortex XDR Pro per Endpoint license.
The Cortex XDR agent logs entries for events that are monitored by the Cortex XDR agent and reports the logs back to Cortex XDR hourly. Cortex XDR stores the logs for 180 days. To view the Cortex XDR agent logs, select
To ensure you and your colleagues stay informed about agent activity, you can Configure Notification Forwarding to forward your Agent Audit log to an email distribution list, Syslog server, or Slack channel.
The Cortex XDR agent logs these endpoint events using one of the following categories:
Log message that describes the action.
Domain to which the endpoint belongs.
Unique ID assigned by the Cortex XDR agent.
If the action or activity failed, this field indicates the identified cause.
Date and time when the action was received by the agent and reported back to Cortex XDR.
The result of the action (
Severity associated with the log:
Type and Sub-Type
Additional classification of agent log (Type and Sub-Type:
Date and time when the action occurred.
XDR Agent Version
Version of the Cortex XDR agent running on the endpoint.
Recommended For You
Recommended videos not found.