Skip to main content
All CollectionsCYFOX For PartnersUser Guides
Audit Log: Monitoring System Changes & Activity
Audit Log: Monitoring System Changes & Activity
Omer Kushmirski avatar
Written by Omer Kushmirski
Updated this week

Starting March 31, users can access a complete audit log of all writing activities within the system. This includes policy adjustments, system setting changes, and threat responses. A complete list of audited actions included in the initial release is provided below.

Feature Availability

  • Cloud Clients

    Available on cloud.cyfox.com starting March 31

  • On-Premises Clients

    Available with CYFOX version 2.03.35

Audited Actions in the Initial Release

Category

Actions

Event Response

Creating, modifying, or deleting event response rules.

Host Groups

Adding, modifying, or deleting host groups.

Mitigations

Logging actions related to releasing files from quarantine.

Network Scanning

Updates to network configuration settings.

Port Profiles (Soon)

Creating, modifying, or deleting port profile rules.

IDS Configuration (Soon)

Updating profile switches, rules, or proxy settings.

Notifications (Soon)

Adjusting rules, including SMTP settings and mailing group modifications.

FIM Subscription (Soon)

Adding, modifying, or deleting File Integrity Monitoring (FIM) rules.

Domain Controller Rules (Soon)

Adding, modifying, or deleting domain controller (DC) rules.

Event Subscription (Soon)

Modifying any rule for any host.

Authorized Software (Soon)

Adding, modifying, or deleting software profiles.

Feature Usage

The audit log is available in two formats:

  1. Full System Audit Log
    Users can access the complete audit log by navigating to System Settings β†’ Audit Log. This section provides a comprehensive list of all system-wide audit actions.

  2. Category-Specific Audit Log
    Each category includes a dedicated Audit Log link next to its title. Clicking this link opens the audit log filtered for that specific category.

Example: Viewing Audit Logs in the Event Response Section

For the purpose of this explanation, the following examples use the Event Response section. To view:

  1. Open the Event Response section.

  2. Click Audit Log next to the section title (Server Policy or Agent Policy).

  3. The audit log for Event Response appears, showing all logged actions sorted by date.

Users can export logs to an Excel file by clicking the Export button next to the Audit Log section.

  • If exporting from the full audit log, all system-wide logs will be included.

  • If exporting from a specific category, only logs for that category will be exported.

Important Note!

Audit logs are not recorded retroactively. Any configuration changes made before the feature launch on March 31 will not appear in the audit log. Only actions recorded after the launch will be included.

Did this answer your question?