With the Tenant Auditor role, you can export your audit logs in Common Event Format (CEF).

    To export audit events:

    • Audit must be enabled for your organization
    • You must be assigned the Tenant Auditor role

    To export your audit events:

    1. In the Administration console, navigate to Audit.
    2. Under the navigation bar, click Export.
    3. In the Save File dialog, specify a name for your export file.
    4. Click Save.

    Your export file saves as a Common Event Format (CEF) file. For information about CEF, see the ArcSight Common Event Format (CEF) Implementation Standard.