Audit Logs
The Audit logs page allows you to view the activities in Check Point XDR
Extended Detection & Response.
|
|
Note - Only high level activities that affect Check Point product security are shown. Changes in incident management (such as assignee, status and comments) are not shown. |
To view the Audit logs, go to Settings > Audit logs.
XDR creates Audit logs only for these activities:
-
Incident
Correlation of one or more insights into a security incident potentially impacting your environment. It can be based on insights generated from one or more products. status (Created/Closed) -
IoC Management (Added/Edited/Deleted)
-
Notifications
-
Policy changes (Enabled/Updated/Disabled)
-
Notifications sent
-
-
Manual or automatic action taken
-
Isolate host on endpoint or gateway
-
Kill process on Endpoint
-
Quarantine file on Endpoint
-
-
Automatic response (Enabled/Updated/Disabled)
-
Exclusions (Created/Updated/Deleted)
To search for a specific activity, enter the name in the Search field.
To export the data to an excel in CSV format, click Export all (CSV).
|
Column Name |
Description |
|---|---|
|
Date |
Date and time the activity was started. |
|
User |
Name of the user who initiated the activity. System indicates that the activity was performed by XDR. |
|
Action Type |
Type of activity performed. |
|
Details |
Details of the activity. For activities on incidents, it shows a link to the relevant incident. |
|
Status |
Status of the activity.
|