Monitor Administrative Activity
View all Cortex XDR administrator-initiated actions taken on alerts, incidents, and live terminal sessions.
, you can track the status of all administrative and investigative actions. Cortex XDR stores audit logs for 365 days (instead of 180 days, which was the retention period in the past). Use the page filters to narrow the results or Manage Columns and Rows to add or remove fields as needed.
Settings ( )
To ensure you and your colleagues stay informed about administrative activity, you can Configure Notification Forwarding to forward your Management Audit log to an email distribution list, Syslog server, or Slack channel.
The following table describes the default
and optional additional fieldsthat you can view in alphabetical order.
Email address of the administrative user
Descriptive summary of the administrative action. Hover over this field to view more detailed information in a popup tooltip. This enables you to know exactly what has changed, and, if necessary, roll back the change.
Name of any relevant affected hosts
Unique ID of the action
Result of the administrative action: Success, Partial, or Fail.
Sub category of action
Time and date of the action
Type of activity logged, one of the following:
The user who performed the action.
Recommended For You
Recommended videos not found.