Viewing the audit log

As an administrator, you can view a log of actions that are taken by QRadar® EDR Dashboard users.

About this task

Each audit log entry includes a date, which user performed the action, the action type, a description of the action, and the status of the action. The description might contain a link to an object that is associated with the action, such as a group or a client.
Important: Administrators with restricted access cannot view audit logs with actions that are made by an administrator with unrestricted access or access to more than one client.

Procedure

  1. Click Administration > Audit.
  2. To filter the actions, click Advanced Filters and select a date range, username, or action type.
  3. To download the audit log, click Export as CSV.