Applies To: ThreatSync+ NDR, ThreatSync+ SaaS
The ThreatSync+ Audit Logs page shows details of configuration activity performed for ThreatSync+, and includes:
You can use the information in this page to view details about changes made to your ThreatSync+ configuration.
ThreatSync+ audit logs do not appear on the Audit Logs page in WatchGuard Cloud. For more information, go to See Audit Logs.
To open the Audit Logs page:
- Select Monitor > ThreatSync+ > ThreatSync+ Audit Logs.
The ThreatSync+ Audit Logs page opens.
IP Addresses
The IP Addresses tab shows a list of IP address remediation history.
This page is only available with a ThreatSync+ NDR license. For more information, go to About ThreatSync+ NDR Licenses.
The IP Remediation History table shows a list of block and unblock IP address actions, and the Status column shows whether the operation was successful, in progress, or if it failed.
To view IP address details, click the IP address of a specific log. For more information, go to All IP Addresses.
Users
The Users tab shows a list of all user remediation history with a Microsoft 365 SaaS integration.
The Users tab is only available with a ThreatSync+ SaaS license. For more information, go to About ThreatSync+ SaaS Licenses.
The User Remediation History table shows when remediation was enabled or disabled for a specific Microsoft 365 user, and the Status column shows whether the operation was successful, in progress, or if it failed.
For more information, go to ThreatSync+ Users.
Policies
The Policies tab shows a list of all configuration history related to ThreatSync+ policy changes.
To view details about the policy activity, click a row to expand it. For example, if an operator changed the status of a policy from Not Active to Live, it shows in the log history.
To view policy details, refine policy options, or add comments, click the name of the policy. For more information, go to Configure ThreatSync+ Policies.
Zones
The Zones tab shows details of zone configuration history changes.
Expand each zone configuration history to view more details.
To manage zones, click the zone name. For more information, go to Manage ThreatSync+ Zones.
SaaS Collectors
The SaaS Collectors tab shows audit logs and history for your ThreatSync+ SaaS collectors. For example, if you have a Microsoft 365 SaaS integration, Microsoft 365 shows in the Type column.
The SaaS Collectors tab is only available with a ThreatSync+ SaaS license. For more information, go to About ThreatSync+ SaaS Licenses.
Expand each operation to view more details. For more information, go to Configure a ThreatSync+ SaaS Integration — Microsoft 365.
Smart Alert Controls
The Smart Alerts Controls tab shows details of Smart Alert audit logs.
The Smart Alerts Controls tab is only available with a ThreatSync+ NDR license. For more information, go to About ThreatSync+ NDR Licenses.
To view details about the Smart Alert audit log history, click a row to expand it. For example, if an operator selects or clears the Ignore Similar Smart Alerts check box when they close a Smart Alert, it shows in the log history. For more information, go to Review Smart Alert Details.