Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
357
Views
0
Helpful
1
Replies

ESAv (v13.5.1), look for email actions, trail / log

costaspal
Level 1
Level 1

‎10-13-2022 05:10 AM

Hello colleagues !

We're trying to investigate a customer incident were, someone (massively) deleted emails from a folder under "Policy, Virus and Outbreak Quarantines", and the customer needs to know who actually did it !

To the best of my knowledge, this is not a config change action that would require a 'commit' so this cannot be used as an indicator.

From http and other logs we've found that, at the time, two users were logged-in the system but cannot tell which one performed the deletion.    We can see the log entry for the deletion itself but, it does not capture the user that did it.

Does anyone have a way to drill-down to this info ?

Thanx in advance

Costas

Labels:
0 Helpful
1 Reply 1

Ken Stieers
VIP
VIP

‎10-13-2022 05:35 AM

There is an EU Quarantine Access but I thinknit has to be turned on...

It may not be by default. Go to System/Log Subscriptions, add one and look down the list..
0 Helpful
Customers Also Viewed These Support Documents