Auditing permissions ↗
Configure auditing permissions (under Configurations)
Provides access to view audit logs that track all administrative and operational activities within Cortex XSIAM:
Management Audit Logs: Track user actions, role modifications, and administrative operations. Go to → .
Agent Audit Logs: Track endpoint agent activities and related activities. Go to → .
XDR Collector Audit Logs: Track XDR collector activities and data collection events. Go to → .
Caution
The Auditing module is intentionally restricted to View-only access. Audit logs are immutable records designed to maintain compliance and forensic integrity. They cannot be modified or deleted by any user.
Permission | Description | Roles Example |
|---|---|---|
None | No access to any audit logs. | SOC Tier-1 Analyst: No Need for visibility into system activities, unless context is required. |
View | Read-only access to all audit log data. Auditing is intentionally view-only. Audit logs are immutable records that cannot be modified or deleted to maintain compliance and forensic integrity. |
|