Subscribe to the Taegis™ XDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

Audit Logs

tenant settings user management

Tenant Administrators and Auditors can view auditable events performed by all tenant users within Secureworks® Taegis™ XDR from the Audit Log panel. Tenant Analysts and Responders can view auditable events performed by themselves within this page. To access Audit Logs, select Tenant Settings → Audit Logs from the Secureworks® Taegis™ XDR left-hand side navigation.

Audit Logs are subject to the same Secureworks® Taegis™ XDR data retention period as events and alerts:

Data Retention Policy

Secureworks retains event and alert data for 12 months from the date the data is received. All other data concerns are covered in the Secureworks© Cloud Services Interface Privacy Statement.


Audit logs are available beginning from the release of the feature in August 2020.

Find Logs

Audit logs are organized into a table with the following columns:

Audit Log Columns

Audit Log Columns

Features are available to help you quickly find logs. Use the date picker at the top right to narrow or widen the timeframe of the logs populating the table. The default timeframe is 14 days.

Each column in the table supports the following actions:

Filter Audit Log Table

Filter the Audit Log Table

The Quick Search field above the audit log data table allows for any term to be searched across all of the available columns for the specified time range.


The Actions column has an option to View Diff for appropriate audit entries. Select this to open a modal window that shows the values of an audit event before and after the event took place. This gives you a clear view of the change.

Export Records

Audit logs can be exported from Secureworks® Taegis™ XDR to a comma-separated value (CSV) file. Select Actions above the table, then choose Export All as CSV or Export Selected as CSV from the drop-down menu.


On this page: