Audit logs in Xprotect

Audit logs are generated when Xprotect users perform tasks on the Xprotect UI. For example, when agents are installed on hosts or when Policies are saved and published to hosts. Audit logs can help you determine the status of the API requests sent for the tasks.

Audit logs page

Audit logs are generated at the level of the instance and displayed on the Audit Logs page. By design, Xprotect only displays the Audit logs generated in the last 30 days; the older Audit logs are purged automatically. 

Column name
 Description

Category

Type of entity on which the task is performed - Host Group, Host, MD5, Host Policy, Tag, User Group, User Policy, and LDAP.

Action

Nature of the task performed on the entity. For example, Upgrade Agent, MD5 Override or Publish Policy.

Name

Name of the entity on which task is performed

Status

Status of the API request made for the task - Success, Failed, and Partial Success

Hover over 'Failed' and 'Partial Success' API requests to see the reason for the failure or a partial success.

Time

Date and time when the API request for the task was sent

Action By

Xprotect user who performed the task

See Audit logs

  1. Go to Settings > Audit Logs.

    By design, the Audit Logs page displays Audit logs for the last 24 hours.

  2. To see a specific set of Audit logs, filter the Audit Logs page by One or more columns displayed on the page. See Filter data in Xprotect for more details.

See payload for API requests

You may need to analyze some API requests, especially the ones that failed or partially succeeded. This can help you redo tasks that did not succeed.

  • Click the 3-dot menu of an Audit log and click View JSON.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.