User activity log
Control Center logs all the operations and actions performed by users. The user activity list includes events according to your administrative permission level such as:
Logging in and logging out
Creating, editing, renaming and deleting reports
Adding and removing dashboard portlets
Creating, editing, and deleting credentials
Creating, modifying, downloading and deleting network packages
Creating, restarting and deleting network tasks
Starting, ending, canceling, and stopping troubleshooting processes on affected machines
Creating, editing, renaming and deleting user accounts
Deleting or moving endpoints between groups
Creating, moving, renaming and deleting groups
Deleting and restoring quarantined files
Creating, editing and deleting user accounts
Creating, assigning and deleting exclusion rules
Starting and ending Remote Shell sessions, and downloading archived session logs.
Creating and deleting exclusion lists
Creating, editing, renaming, assigning and deleting policies
Creating, editing and deleting maintenance windows
Creating and canceling Security for AWS subscriptions
Updating the two-factor authentication status
Changing the interval for remembering devices used with two-factor authentication
Creating, editing and deleting integrations from Sensors Management.
Adding, editing, and deleting incident notes.
Assigning and unasigning an incident.
Create, edit, and delete endpoint tags.
Creating, editing and deleting rules and rule sets from Integrity Monitoring.
Changing the category for Integrity Monitoring events.
Running a Live Search query.
To examine the user activity records, go to the Accounts > User Activity page.

To display recorded events that you are interested in, you have to define a search. Fill in the available fields with the search criteria and click the Search button. All the records matching your criteria will be displayed in the table.
The table columns provide you with useful information about the listed events:
The username of who performed the action.
User role.
Action that caused the event.
Type of console object affected by the action.
Specific console object affected by the action.
Time when the event occurred.
To sort events by a specific column, simply click the header of that column. Click the column header again to reverse the sorting order.
To view detailed information about an event, select it and check the section under the table.