Skip to main content

User activity log

Control Center logs all the operations and actions performed by users. The user activity list includes events according to your administrative permission level such as:

  • Logging in and logging out.

  • Creating, editing, renaming and deleting reports.

  • Adding and removing dashboard portlets.

  • Creating, editing, and deleting credentials.

  • Creating, modifying, downloading and deleting network packages.

  • Creating, restarting and deleting network tasks.

  • Starting, ending, canceling, and stopping troubleshooting processes on affected machines.

  • Creating, editing, renaming and deleting user accounts.

  • Deleting or moving endpoints between groups.

  • Creating, moving, renaming and deleting groups.

  • Deleting and restoring quarantined files.

  • Retrieving, deleting and downloading a quarantined file.

  • Creating, editing and deleting user accounts.

  • Creating, assigning and deleting exclusion rules.

  • Starting and ending Remote Shell sessions, and downloading archived session logs.

    The Session Ended action type for remote shell activity logs also contains information about attempted file uploads and downloads.

  • Creating and deleting exclusion lists.

  • Creating, editing, renaming, assigning and deleting policies.

  • Creating, editing and deleting maintenance windows.

  • Creating and canceling Security for AWS subscriptions.

  • Updating the two-factor authentication status.

  • Changing the interval for remembering devices used with two-factor authentication.

  • Creating, editing and deleting integrations from Sensors Management.

  • Adding, editing, and deleting incident notes.

  • Creating, editing, and deleting EDR Custom detection rules.

  • Creating, editing, and deleting EDR Custom exclusion rules.

  • Assigning and unassigning an incident.

  • Creating, editing, assigning and deleting endpoint tags.

  • Creating, editing and deleting rules and rule sets from Integrity Monitoring.

  • Changing the category for Integrity Monitoring events.

  • Running a Live Search query.

  • Assigning an endpoint as an Integrator for an integration configured through the Integrations hub.

  • Unassigning an endpoint as an Integrator for an integration configured through the Integrations hub.

  • Stopping an integration configured through the Integrations hub.

  • Starting an integration configured through the Integrations hub.

  • Updating an integration configured through the Integrations hub.

  • Deleting an integration configured through the Integrations hub.

  • Creating an integration configured through the Integrations hub.

  • Start a Scan action, change the Investigation status, Assign or Unassign the selected artifacts or assets to users for analysis, set the priority of an artifact or asset from EASM.

To examine the user activity records, go to the Accounts > User Activity page from the left side menu.

user_activity_cloud.png

To display recorded events that you are interested in, you have to define a search. Fill in the available fields with the search criteria and click the Search button. All the records matching your criteria will be displayed in the table.

The table columns provide you with useful information about the listed events:

  • The username of who performed the action.

  • User role.

  • Action that caused the event.

  • Type of console object affected by the action.

  • Specific console object affected by the action.

  • Time when the event occurred.

To sort events by a specific column, simply click the header of that column. Click the column header again to reverse the sorting order.

To view detailed information about an event, select it and check the section under the table.

In this section: