Skip Navigation

Optics
audit log information

The following table lists the information that is added to the audit log for
Optics
administrative actions. You can use the filtering options available in the console to filter the audit log results to the desired actions.
Category
Action
Details
Detections
Change Status
Detection:
<detection label>
; Detection ID:
<detection id>
; Device:
<device name>
; Previous Status:
<previous detection status>
; New Status:
<new detection status>
Detections
Remove
Detection:
<detection label>
; Detection ID:
<detection id>
; Device:
<device name>
Detection Exception
Add
Name:
<name>
Detection Exception
Edit
Name:
<name>
Detection Exception
Remove
Name:
<name>
Detection Rule
Add
Name:
<name>
; Description:
<description>
; Severity:
<severity>
; OS:
<OS list>
Detection Rule
Edit
Name:
<name>
; Description:
<description>
; Severity:
<severity>
; OS:
<OS list>
Detection Rule
Remove
Name:
<name>
; Description:
<description>
; Severity:
<severity>
; OS:
<OS list>
Detection Rule Set
Add
Name:
<name>
; Description:
<description>
; Device Policy:
<device policy name>
Detection Rule Set
Edit
Name:
<name>
; Description:
<description>
; Device Policy:
<device policy name>
Detection Rule Set
Remove
Name:
<name>
; Description:
<description>
; Device Policy:
<device policy name>
Device
File Download
Device:
<device name>
; File:
<file path and name>
Device
Lock
Device:
<device name>
; Lockdown Period:
<lockdown period>
Device
Show Unlock Key
Device:
<device name>
Focus Data
Add
Device:
<device name>
; Type:
<focus view type>
; Artifact:
<focus view artifact>
InstaQuery
Add
Name:
<IQ name>
, Artifact:
<IQ artifact>
, Facet:
<IQ facet>
, Term:
<IQ term>
InstaQuery
Remove
Name:
<IQ name>
, Artifact:
<IQ artifact>
, Facet:
<IQ facet>
, Term:
<IQ term>
Job Service
Stop
Name:
<name>
; Service:
<parent service type>
Package Deploy
Add
Name:
<name>
; Packages:
<packages>
Package Deploy
Remove
Name:
<name>
Package PlayBook
Add
Name:
<name>
; Packages:
<packages>
Package PlayBook
Edit
Name:
<name>
; Packages:
<packages>
Package PlayBook
Remove
Name:
<name>
; Packages:
<packages>
PlayBook Result
Remove
Device:
<device name>
; Playbook Name:
<playbook name>
; Detection ID:
<detection id>
; Status:
<status>
Remote Response
Connect
Device:
<device name>
Remote Response
Disconnect
Device:
<device name>