Skip to main content
adem_netsys
adem_netsys
Explorer III
January 26, 2026
Solved

Sample Audit Log Notify

  • January 26, 2026
  • 2 replies
  • 224 views

Hello All,

 

We would like to receive audit log activities via email at specific intervals for specific users. When we tried using a notification rule, it only allowed us to select individual statuses. Has anyone tried this before? We are also open to hearing about any different notification rules you have used.

 

Thanks in advance

    Best answer by sahirrao

    Hi @adem_netsys 
    Kindly refer to the attached sample playbook, which is expected to satisfy your requirements.

    2 replies

    jankit6
    Staff
    jankit6
    Staff
    January 26, 2026

    Hello @adem_netsys 

    Can you forward the logs using the 'Log Forwarding' option to a syslog server and then perform automation directly from there? Would that help?

    adem_netsys
    adem_netsysAuthor
    Explorer III
    January 26, 2026

    Actually, we can see the audit logs on SOAR. Can't we retrieve them via the API, or if there is an API endpoint, we could use a code snippet?

    sahirrao
    Staff
    sahirraoAnswer
    Staff
    January 27, 2026

    Hi @adem_netsys 
    Kindly refer to the attached sample playbook, which is expected to satisfy your requirements.

    adem_netsys
    adem_netsysAuthor
    Explorer III
    January 28, 2026

    Hi @sahirrao,

    Thank you your response. This is exactly what I wanted.

    Terms & ConditionsAccessibility statement