QRadar EDR (formerly ReaQta): Viewing user audit logs

Steps

1. Log in to the ReaQta Hive Dashboard and select Administration > Audit.
   
2. The Audit page displays a list of all audit logs, which include the following:
   • Date, username along with IP address, action, description, and status
   • The status shows whether the action succeeded or failed
   • A basic and advanced filter search filter
   • A Export as CSV button
   • The basic filter option allows choice between the Action and Users
   • For the Action filter, select the search box to see a scrollable list of the available actions
     
   • The search box is also text-sensitive, and shows all matches as you type
     
   • The User filter requires an exact username match and does not auto-match or pre-populate the search field
   • The Advanced Filter adds time filter options
     
   • Presets allow a relative time selection of last 24 hours, last 7 days, or last 30 days
   • Select the Action Type search box to display the list of available Actions
   • The search matches actions as you type
3. You can also specify multiple actions for search criteria by using the Advanced Filter.
   • Enter and select a filter criteria, and repeat for more filters
4. Some audit entries contain a blue link in the Description field. Select the link to show the applicable content in the dashboard.
   
5. Select the Export as CSV button to export the filtered results to a csv file.