ThreatSync+ Audit Logs

Applies To: ThreatSync+ NDR, ThreatSync+ SaaS

The ThreatSync+ Audit Logs page shows details of configuration activity performed for ThreatSync+, and includes:

IP Addresses
Users
Policies
Zones
Cloud Collectors
Smart Alert Controls

You can use the information in this page to view details about changes made to your ThreatSync+ configuration.

ThreatSync+ audit logs do not appear on the Audit Logs page in WatchGuard Cloud. For more information, go to See Audit Logs.

To open the ThreatSync+ Audit Logs page:

Select Monitor > ThreatSync+ > Audit Logs.
The ThreatSync+ Audit Logs page opens.

Screenshot of the Network Audit Logs page in ThreatSync+ NDR

IP Addresses

The IP Addresses tab shows a list of IP address remediation history.

This page is only available with a ThreatSync+ NDR or Total NDR license. For more information, go to About ThreatSync+ NDR Licenses and About Total NDR Licenses.

Screenshot of the IP Addresses tab on the ThreatSync+ Audit Logs page

The IP Remediation History table shows a list of block and unblock IP address actions, and the Status column shows whether the operation was successful, in progress, or if it failed.

To view IP address details, click the IP address of a specific log. For more information, go to All IP Addresses.

Users

The Users tab shows a list of all user remediation history with a Microsoft 365 cloud integration.

The Users tab is only available with a ThreatSync+ SaaS or Total NDR license. For more information, go to About ThreatSync+ SaaS Licenses and About Total NDR Licenses.

Screenshot of the Users tab on the ThreatSync+ Audit Logs page

The User Remediation History table shows when remediation was enabled or disabled for a specific Microsoft 365 user, and the Status column shows whether the operation was successful, in progress, or if it failed.

For more information, go to ThreatSync+ Users.

Policies

The Policies tab shows a list of all configuration history related to ThreatSync+ policy changes.

Screenshot of the Network Audit Logs page with the Policies tab selected by default

To view details about the policy activity, click a row to expand it. For example, if an operator changed the status of a policy from Not Active to Live, it shows in the log history.

Screenshot of the policy log changes that shows the change in policy status

To view policy details, refine policy options, or add comments, click the name of the policy. For more information, go to Configure ThreatSync+ Policies.

Zones

The Zones tab shows details of zone configuration history changes.

Screenshot of the Zones tab on the Network Audit Logs page

Expand each zone configuration history to view more details.

To manage zones, click the zone name. For more information, go to Manage ThreatSync+ Zones.

Cloud Collectors

The Cloud Collectors tab shows audit logs and history for your ThreatSync+ cloud integrations. For example, if you have an Azure Flow Logs integration, Azure Flow Logs shows in the Type column.

Screenshot of the SaaS Collectors Audit logs tab

Expand each operation to view more details. For more information, go to About ThreatSync+ Cloud Integrations .

Smart Alert Controls

The Smart Alerts Controls tab shows details of Smart Alert audit logs.

The Smart Alerts Controls tab is only available with a ThreatSync+ NDR or Total NDR license. For more information, go to About ThreatSync+ NDR Licenses and About Total NDR Licenses.

Screenshot of the Smart Alert Logs tab on the Network Audit Logs page in ThreatSync+ NDR

To view details about the Smart Alert audit log history, click a row to expand it. For example, if an operator selects or clears the Ignore Similar Smart Alerts check box when they close a Smart Alert, it shows in the log history. For more information, go to Review Smart Alert Details.