Audit Logs

Navigate to Logging > Audit Logs to view the audit logs created by Threat Defender. Audit logs aggregate reported events from the user and asset logs, system logs, as well as threat intelligence incident logs.

The chart displays the events logged in the previous 24 hours over time and by category.

You can filter the audit log entries using the filter_icon filter field above the table. Alternatively, you can filter the log table by hovering the mouse over one of the cells and clicking filter_icon to include or filter-remove_icon to exclude matching elements in the filtered results.

Event Details

Click view_icon in the last table column or double-click its row to display the entry in a separate audit log page.

The table displays the following information:

Field

Description

Created At

The date when the audit log event was created in Threat Defender.

State

The state of the logged event, i.e. whether it was successful or failed.

Action

The action logged by the event.

Tag

The tag assigns the event to a certain log.

Message

A message describing the event. If applicable, this entry provides a link to the relevant screens.

Username

The login name of the user involved in the event.

User IP Address

The IP address of the user involved in the event.