https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/live-terminal-session-information/m-p/516532#M2956 <P>Hi,</P> <P>I was playing around with the live terminal with the permission of accessing a colleagues computer. I connected fine and created a file using the terminal on their Desktop. But I'm not sure how to trace this action. In the Action Center, all I can find is proof that I initiated the live terminal but there's no session logs to dig through (this is assuming that I didn't download the session logs after disconnecting). Any advice on how to dig through live terminal actions/cmds?</P> Fri, 30 Sep 2022 23:02:14 GMT B-LAlferez 2022-09-30T23:02:14Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/live-terminal-session-information/m-p/516532#M2956 <P>Hi,</P> <P>I was playing around with the live terminal with the permission of accessing a colleagues computer. I connected fine and created a file using the terminal on their Desktop. But I'm not sure how to trace this action. In the Action Center, all I can find is proof that I initiated the live terminal but there's no session logs to dig through (this is assuming that I didn't download the session logs after disconnecting). Any advice on how to dig through live terminal actions/cmds?</P> Fri, 30 Sep 2022 23:02:14 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/live-terminal-session-information/m-p/516532#M2956 B-LAlferez 2022-09-30T23:02:14Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/live-terminal-session-information/m-p/516899#M2957 <P><SPAN>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/232133">@B-LAlferez</a>,</SPAN></P> <P>&nbsp;</P> <P><SPAN>Commands executed in the Live Terminal session can later be found in the Management Audit Logs menu. For Live Terminal, logs here would include created remote terminal sessions, actions taken in the file/task manager, and a complete history of commands executed.</SPAN></P> <P>&nbsp;</P> <P><SPAN>Management Audit Logs can be found under Settings &gt; Management Audit Logs.</SPAN></P> <P>&nbsp;</P> <P><SPAN>Here is an example of what a terminal log may look like in this menu after executing the command "dir".</SPAN></P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="mfakhouri_0-1664974399216.png" style="width: 967px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/44414i19BD5FEF0631C291/image-dimensions/967x104/is-moderation-mode/true?v=v2" width="967" height="104" role="button" title="mfakhouri_0-1664974399216.png" alt="mfakhouri_0-1664974399216.png" /></span></P> <P>&nbsp;</P> <P><SPAN>Along with the Live Terminal, there is a lot of useful administrative log information that can be found here. More details can be found on the documentation:&nbsp;</SPAN></P> <P><SPAN><A href="https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/monitoring/monitor-administrative-activity" target="_blank">https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/monitoring/monitor-administrative-activity</A></SPAN></P> Wed, 05 Oct 2022 13:00:40 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/live-terminal-session-information/m-p/516899#M2957 mfakhouri 2022-10-05T13:00:40Z