To export audit events:
- Audit must be enabled for your organization
- You must be assigned the Tenant Auditor role
To export your audit events:
- In the Administration console, navigate to Audit.
- Under the navigation bar, click Export.
- In the Save File dialog, specify a name for your export file.
- Click Save.
Your export file saves as a Common Event Format (CEF) file. For information about CEF, see the PDF document entitled CommonEventFormat
in the upper left of: ArcSight Common Event Format (CEF) Implementation Standard. The latest version is posted on that page.