The latest of our Live Response enhancements is now available to customers with the release of our new Live Response per session audit logs.
Typically a few minutes after running a Live Response session, if you navigate to the Logs and Reports page in Central, under ‘Endpoint & Server Protection Logs’ you’ll see the new ‘Live Response session audit’ log:
When you go into the log you’ll see a list of past sessions (we’ll store session logs for the past 90 days).
Note: Only Super Admins or Admins with the Manage Live Response settings permissions will be able to take the action to download the session logs. The admin can then download a compressed file with details on the commands entered during the session.
One other thing worth pointing out, in the Central Audit log, where the Live Response session start and end entries are logged we are including a link which will open a new tab and bring you into the Live Response session audit report (it just brings you into the report and not doesn’t do anything related to a specific session). You can see an example below: