Skip Navigation

Audit log information:
CylanceOPTICS

The following table lists the information that is added to the audit log for
CylanceOPTICS
administrative actions. You can use the filtering options available in the console to filter the audit log results.
Category
Action
Details
Advanced Query
Execute
Query:
<EQL_query>
Advanced Query Export
Add
Name:
<name>
; Description:
<description>
; Shared:
<isShared>
Advanced Query Export
Download
Name:
<name>
; Description:
<description>
Advanced Query Export
Remove
Name:
<name>
; Description:
<description>
; Shared:
<isShared>
Advanced Query Snapshot
Add
Name:
<name>
; Description:
<description>
; Shared:
<isShared>
Advanced Query Snapshot
Edit
Name:
<name>
; Description:
<description>
; Shared:
<isShared>
Advanced Query Snapshot
Remove
Name:
<name>
; Description:
<description>
; Shared:
<isShared>
Advanced Query Template
Add
Name:
<name>
; Description:
<description>
; Shared:
<isShared>
; Query:
<EQL_query>
Advanced Query Template
Edit
Name:
<name>
; Description:
<description>
; Shared:
<isShared>
; Query:
<EQL_query>
Advanced Query Template
Remove
Name:
<name>
; Description:
<description>
; Shared:
<isShared>
Detections
Change Status
Detection:
<detection label>
; Detection ID:
<detection id>
; Device:
<device name>
; Previous Status:
<previous detection status>
; New Status:
<new detection status>
Detections
Remove
Detection:
<detection label>
; Detection ID:
<detection id>
; Device:
<device name>
Detection Exception
Add
Name:
<name>
Detection Exception
Edit
Name:
<name>
Detection Exception
Remove
Name:
<name>
Detection Rule
Add
Name:
<name>
; Description:
<description>
; Severity:
<severity>
; OS:
<OS list>
Detection Rule
Edit
Name:
<name>
; Description:
<description>
; Severity:
<severity>
; OS:
<OS list>
Detection Rule
Remove
Name:
<name>
; Description:
<description>
; Severity:
<severity>
; OS:
<OS list>
Detection Rule Set
Add
Name:
<name>
; Description:
<description>
; Device Policy:
<device policy name>
Detection Rule Set
Edit
Name:
<name>
; Description:
<description>
; Device Policy:
<device policy name>
Detection Rule Set
Remove
Name:
<name>
; Description:
<description>
; Device Policy:
<device policy name>
Device
File Download
Device:
<device name>
; File:
<file path and name>
Device
Lock
Device:
<device name>
; Configuration Profile:
<profile name>
; Lockdown Period:
<lockdown period>
Device
Unlock
Device:
<device name>
Device
Change Lockdown Profile
Device:
<device name>
; Configuration Profile:
<profile name>
Device
Show Unlock Key
Device:
<device name>
Focus Data
Add
Device:
<device name>
; Type:
<focus view type>
; Artifact:
<focus view artifact>
InstaQuery
Add
Name:
<IQ name>
, Artifact:
<IQ artifact>
, Facet:
<IQ facet>
, Term:
<IQ term>
InstaQuery
Remove
Name:
<IQ name>
, Artifact:
<IQ artifact>
, Facet:
<IQ facet>
, Term:
<IQ term>
Job Service
Stop
Name:
<name>
; Service:
<parent service type>
Lockdown Configuration
Add
Configuration Profile:
<configuration profile>
; Description:
<description>
; Whitelist Definitions:
<allowed_connections>
Lockdown Configuration
Delete
Configuration Profile:
<configuration profile>
Lockdown Configuration
Edit
Configuration Profile:
<configuration profile>
; Description:
<description>
; Whitelist Definitions:
<allowed_connections>
Package Deploy
Add
Name:
<name>
; Packages:
<packages>
Package Deploy
Remove
Name:
<name>
Package PlayBook
Add
Name:
<name>
; Packages:
<packages>
Package PlayBook
Edit
Name:
<name>
; Packages:
<packages>
Package PlayBook
Remove
Name:
<name>
; Packages:
<packages>
PlayBook Result
Remove
Device:
<device name>
; Playbook Name:
<playbook name>
; Detection ID:
<detection id>
; Status:
<status>
Remote Response
Connect
Device:
<device name>
Remote Response
Disconnect
Device:
<device name>
Scheduled Advanced Query
Add
Name:
<name>
; Description:
<description>
; Shared:
<isShared>
; Schedule:
<schedule_details>
Scheduled Advanced Query
Edit
Name:
<name>
; Description:
<description>
; Shared:
<isShared>
; Schedule:
<schedule_details>
Scheduled Advanced Query
Remove
Name:
<name>
; Description:
<description>
; Shared:
<isShared>
Scheduled Advanced Query
Remove Result
Name:
<name>
; Description:
<description>
; Result Timestamp:
<result_timestamp>
; Results:
<result_count>
Scheduled Advanced Query
Start
Name:
<name>
; Description:
<description>
; Shared:
<isShared>
; Schedule:
<schedule_details>
Scheduled Advanced Query
Stop
Name:
<name>
; Description:
<description>
; Shared:
<isShared>
; Schedule:
<schedule_details>