Get the PDF

Audit log information: General administration

The following table lists the information that is added to the audit log for administrative actions that impact multiple

Cylance Endpoint Security

features. You can use the filtering options in the console to filter the audit log results.

Category	Action	Details
Agent Update	Edit	Rule: `<rule name>`; Zones: `<zones>`; Agent Version: `<version>`; Optic Version: `<version>`
Agent Update	Edit	Tier: `<tier name>`; Zones: N/A; Agent Version: `<version>`; Optic Version: `<version>`
Custom Update Rule	Add	Custom updater rule: `<rule name>`; Zones: `<zones>`; Agent Version: `<version>`; Optic Version: `<version>`
Custom Update Rule	Remove	Custom updater rule `<rule ID>` is deleted.
Device	Add	Device: `<device name>`; Zone: `<zone name>`
Device	Edit	Renamed: `<original name>` to `<new name>`; Policy Changed: `<old policy>` to `<new policy>`; Zones Removed: `<zone names>`; Zones Added: `<zone names>`; Agent Logging Level Changed: `<original value>` to `<new value>`; Agent Self Protection Level Changed: `<original value>` to `<new value>`
Device	Remove	Devices: `<device names>`
Login	Success	Provider: CylancePROTECT, Source IP: `<IP address>`
Login	Failure	—
Policy	Add	Policy: `<policy name>`, Detection Settings changed from `<change details>`
Policy	Edit	Policy: `<policy name>`: `<change details>`
Policy	Remove	Policy: `<policy name>`
Syslog	Disabled	Syslog disabled.
Syslog	Settings Save	{`<configuration_settings>`}
Tenant Configuration	Update	Updated custom domain name to `<name>`.
Tenant Role	Add	Role: `<custom role name>`
Tenant Role	Edit	Role: `<custom role name>`
Tenant Role	Remove	Role: `<custom role name>`
User	Add	User: `<username>`; Role: `<role type>`
User	Edit	User: `<username>`; email: `<user email>`
User	Remove	Users: `<user names>`
Zone	Add	Zone: `<zone name>`; Policy: `<policy name>`; Value: `<"High" / "Low" / "Normal">`
Zone	Edit	Renamed: `<original name>` to `<new name>`; Current Policy: `<policy name>`; Policy Applied To All Devices In Zone: `<TRUE / FALSE>`; Values Assigned: `<"High" / "Low" / "Normal">`
Zone	Remove	Zones: `<zone names>`

Section:

Auditing administrator actions