Audit Logs
Note: Only users with an Administrator role can view Audit Logs.
Audit logs provide a record of creation, modification, or deletion tasks performed by Secure Client users in your Cisco XDR organization. It includes the IP address, action taken (Message), Operation, Target, Timestamp, and User details.
Choose Client Management > Audit Logs in the navigation menu to open the Audit Logs page.
Click the 
(Edit Columns) icon and check the boxes next to the column names in the Add/Remove columns area to filter the columns that are displayed on the page. In the Drag to Reorder area, you can drag and drop the column names in the order you want to view them in the audit logs table.
