Action History provides you with the ability to track all of the actions performed within your tenant. This includes actions performed by human users and the system, allowing you to keep track of things happening in your tenant.
TABLE OF CONTENTS
- What information is stored in the Action History
- How to review the Action History
- Filtering and Searching the Action History
Information is stored in the Action History
The Action History provides a record of changes made to the configuration of your tenant, or actions taken within your tenant. This is important to allow you to keep track of changes that happen, and who makes them.
Important examples of actions that are logged in the Action History include:
- An Integration was added or deleted
- An auto-detected Integration was added
- An Investigation was created, re-opened or updated
- New users added to your tenant
- Integrations added to or removed from your tenant
How to review the Action History
To access your Action History:
- In the Samurai XDR UI, expand the "Management" tab on the left hand side:
- Click on the "Action History":
Filtering and Searching the Action History
While you are viewing the Action History, you can filter it by:
- Selecting the time-period to display, using the pull-down menu above the list:
- Filtering into ascending or descending order by clicking the arrow to the right of any of the column headings:
- Clicking on the "User", "Category" or "Action" headings to filter based on the values of that column:
- If you need to also include system actions, simply toggle the slider as shown below. You can also filter on systems actions by selecting the "SYSTEM.USER@SAMURAI" in the user column
