Audit log information: General administration
The following table lists the information that is added to the audit log for administrative actions that impact multiple
Cylance Endpoint Security
features. You can use the filtering options in the console to filter the audit log results.Category | Action | Details |
---|---|---|
Agent Update | Edit | Rule: <rule name> ; Zones: <zones> ; Agent Version: <version> ; Optic Version: <version> |
Agent Update | Edit | Tier: <tier name> ; Zones: N/A; Agent Version: <version> ; Optic Version: <version> |
Custom Update Rule | Add | Custom updater rule: <rule name> ; Zones: <zones> ; Agent Version: <version> ; Optic Version: <version> |
Custom Update Rule | Remove | Custom updater rule <rule ID> is deleted. |
Device | Add | Device: <device name> ; Zone: <zone name> |
Device | Edit | Renamed: <original name> to <new name> ; Policy Changed: <old policy> to <new policy> ; Zones Removed: <zone names> ; Zones Added: <zone names> ; Agent Logging Level Changed: <original value> to <new value> ; Agent Self Protection Level Changed: <original value> to <new value> |
Device | Remove | Devices: <device names> |
Login | Success | Provider: CylancePROTECT, Source IP: <IP address> |
Login | Failure | — |
Policy | Add | Policy: <policy name> , Detection Settings changed from <change details> |
Policy | Edit | Policy: <policy name> : <change details> |
Policy | Remove | Policy: <policy name> |
Syslog | Disabled | Syslog disabled. |
Syslog | Settings Save | { <configuration_settings> } |
Tenant Configuration | Update | Updated custom domain name to <name> . |
Tenant Role | Add | Role: <custom role name> |
Tenant Role | Edit | Role: <custom role name> |
Tenant Role | Remove | Role: <custom role name> |
User | Add | User: <username> ; Role: <role type> |
User | Edit | User: <username> ; email: <user email> |
User | Remove | Users: <user names> |
Zone | Add | Zone: <zone name> ; Policy: <policy name> ; Value: <"High" / "Low" / "Normal"> |
Zone | Edit | Renamed: <original name> to <new name> ; Current Policy: <policy name> ; Policy Applied To All Devices In Zone: <TRUE / FALSE> ; Values Assigned: <"High" / "Low" / "Normal"> |
Zone | Remove | Zones: <zone names> |