Audit Logs
tenant settings user management
Tenant Administrators and Auditors can view auditable events performed by all tenant users within Secureworks® Taegis™ XDR from the Audit Log panel. Tenant Analysts and Responders can view auditable events performed by themselves within this page. To access Audit Logs, select Tenant Settings → Audit Logs from the Taegis Menu.
Audit Logs
Audit Logs are subject to the same XDR data retention period as events and alerts:
Data Retention Policy ⫘
Secureworks retains event and alert data for 12 months from the date the data is received. All other data concerns are covered in the Secureworks Cloud Services Interface Privacy Statement.
Note
Audit logs are available beginning from the release of the feature in August 2020.
Find Logs ⫘
Audit logs are organized into a table with the following columns:
- Timestamp — The date and time at which the recorded activity occurred
-
Category — Groupings that are used to divide the activities that occur in XDR; available groupings include:
- Users — activities related to users, such as being added to or removed from XDR
- Investigations — activities related to changes made to an investigation within XDR
- Alerts — activities related to individual alerts
-
Activity — The type of activity which generated the audit log
- User — The account which took the action that generated the audit log
- Email — The email address associated with the user who generated the audit log
- Change Logs — A description of the activity that occurred
Features are available to help you quickly find logs. Use the date picker at the top right to narrow or widen the timeframe of the logs populating the table. The default timeframe is 14 days.
Each column in the table supports the following actions:
- Sort the results by clicking on the column header.
- Select the menu icon from a column header and then choose the filter icon to perform the following:
- Enter a term to filter the table by the content of that column.
- Select Reset to clear the filter.
- Select Columns from the right-hand toolbar of the table to hide or show columns.
Filter the Audit Log Table
The quick search field above the audit log data table allows for any term to be searched across all of the available columns for the specified time range.
Graph ⫘
The Audit Logs graph displays the activity specific volume for the timeframe specified in the date/time picker. Use the color coded legend to determine which activity corresponds with the volume in the stacked bar chart. You can hover over a specific block in the graph to see the volume count of a specific type of activity.
Audit Logs Graph
Actions ⫘
The Actions column has an option to View Diff for appropriate audit entries. Select this to open a modal window that shows the values of an audit event before and after the event took place. This gives you a clear view of the change.
Export Records ⫘
Audit logs can be exported from XDR to a comma-separated value (CSV) file. Select Actions above the table, then choose Export All as CSV or Export Selected as CSV from the drop-down menu.