Skip to main content

User activity log

Control Center logs all the operations and actions performed by users. The user activity list includes events according to your administrative permission level such as:

  • Logging in and logging out.

  • Creating, editing, renaming and deleting reports.

  • Adding and removing dashboard portlets.

  • Creating, editing, and deleting credentials.

  • Creating, modifying, downloading and deleting network packages.

  • Creating, restarting and deleting network tasks.

  • Starting, ending, canceling, and stopping troubleshooting processes on affected machines.

  • Creating, editing, renaming and deleting user accounts.

  • Deleting or moving endpoints between groups.

  • Creating, moving, renaming and deleting groups.

  • Deleting and restoring quarantined files.

  • Creating, editing and deleting user accounts.

  • Creating, editing and deleting access permission rules.

  • Creating, assigning and deleting exclusion rules.

  • Starting and ending Remote Shell sessions, and downloading archived session logs.

  • Creating and deleting exclusion lists.

  • Creating, editing, renaming, assigning and deleting policies.

  • Creating, editing and deleting maintenance windows.

  • Creating, editing, synchronizing and deleting Amazon EC2 integrations.

  • Creating, editing, synchronizing and deleting Microsoft Azure integrations.

  • Updating the GravityZone appliance.

  • Updating the two-factor authentication status.

  • Changing the interval for remembering devices used with two-factor authentication.

  • Creating, editing and deleting integrations from Sensors Management.

  • Adding, editing, and deleting incident notes.

  • Creating, editing, and deleting EDR Custom detection rules.

  • Creating, editing, and deleting EDR Custom exclusion rules.

  • Assigning and unassigning an incident.

  • Creating, editing, assigning and deleting endpoint tags.

To examine the user activity records, go to the Accounts > User Activity page from the left side menu and choose the network view that you want from the views selector.


To display recorded events that you are interested in, you have to define a search. Fill in the available fields with the search criteria and click the Search button. All the records matching your criteria will be displayed in the table.

The table columns provide you with useful information about the listed events:

  • The username of who performed the action.

  • User role.

  • Action that caused the event.

  • Type of console object affected by the action.

  • Specific console object affected by the action.

  • Time when the event occurred.

To sort events by a specific column, simply click the header of that column. Click the column header again to reverse the sorting order.

To view detailed information about an event, select it and check the section under the table.