In the TDR web UI, you can review the Audit Log to see the actions completed by users and the system that affect the hosts and configuration settings. All users can see the Audit Log.
Threat Detection and Response keeps an audit log of actions completed by users and system actions that affect the hosts and configuration settings. All users can see the audit log.
Each entry in the audit log includes this summary information about each action:
- Time — The time when the action occurred, displayed in your local time zone
- User — The name of the user who completed the action, or System for an action completed by the system
- Device — The host, if any, that is affected by the action
- Change Type — If the action was a change, the type of change (Delete, Edit, or Insert)
- Entity Type — The type of configuration setting that was affected by the action
- Description — A brief description of the action
To see the Audit Log:
- Select System > Audit Log.
By default, the Audit Log shows all actions sorted by time, with the most recent action at the top.
- Select the filter options at the top of each column to apply filters to the events.
- To expand the details for a log entry, in the first column, click .