Skip to main content

User activity log

Control Center logs all the operations and actions performed by users. The user activity list includes events according to your administrative permission level such as:

  • Logging in and logging out.

  • Creating, editing, renaming and deleting reports.

  • Adding and removing dashboard portlets.

  • Creating, editing, and deleting credentials.

  • Creating, modifying, downloading and deleting network packages.

  • Creating, restarting and deleting network tasks.

  • Starting, ending, canceling, and stopping troubleshooting processes on affected machines.

  • Creating, editing, renaming and deleting user accounts.

  • Deleting or moving endpoints between groups.

  • Creating, moving, renaming and deleting groups.

  • Deleting and restoring quarantined files.

  • Retrieving, deleting and downloading a quarantined file.

  • Creating, editing and deleting user accounts.

  • Creating, assigning and deleting exclusion rules.

  • Starting and ending Remote Shell sessions, and downloading archived session logs.

    The Session Ended action type for remote shell activity logs also contains information about attempted file uploads and downloads.

  • Creating and deleting exclusion lists.

  • Creating, editing, renaming, assigning and deleting policies.

  • Creating, editing and deleting maintenance windows.

  • Creating and canceling Security for AWS subscriptions.

  • Updating the two-factor authentication status.

  • Changing the interval for remembering devices used with two-factor authentication.

  • Creating, editing and deleting integrations from Sensors Management.

  • Adding, editing, and deleting incident notes.

  • Creating, editing, and deleting EDR Custom detection rules.

  • Creating, editing, and deleting EDR Custom exclusion rules.

  • Assigning and unassigning an incident.

  • Creating, editing, assigning and deleting endpoint tags.

  • Creating, editing and deleting rules and rule sets from Integrity Monitoring.

  • Changing the category for Integrity Monitoring events.

  • Running a Live Search query.

To examine the user activity records, go to the Accounts > User Activity page.

user_activity_cloud.png

To display recorded events that you are interested in, you have to define a search. Fill in the available fields with the search criteria and click the Search button. All the records matching your criteria will be displayed in the table.

The table columns provide you with useful information about the listed events:

  • The username of who performed the action.

  • User role.

  • Action that caused the event.

  • Type of console object affected by the action.

  • Specific console object affected by the action.

  • Time when the event occurred.

To sort events by a specific column, simply click the header of that column. Click the column header again to reverse the sorting order.

To view detailed information about an event, select it and check the section under the table.