Enable MID audit log [New in Security Center 1.3 and updated in 1.5]

Xanadu Platform security

Release

xanadu

ft:locale

en-US

ft:publication_title

Xanadu Platform security

ft:clusterId

psec

bundleId

psec

workflow

Platform

Enable MID audit log [New in Security Center 1.3 and updated in 1.5]

Release version: Xanadu

Updated March 7, 2025

1 minute to read

The MID Server command audit log records details such as the command name, command hash, name of credential used, and execution status.

Once enabled, audit logs can be viewed by users with the role agent_security_admin in the ecc_agent_command_audit_log table or by navigating to Mid Server > Command Audit Logs.

Set mid.log.command_audit.enable to true in the MID Server Properties [ecc_agent_property] table to turn on auditing for commands run by the MID server.

More information


Attribute	Description
Configuration name	mid.log.command_audit.enable
Configuration type	MID Server Property [ecc_agent_property] record
Data type	Boolean
Recommended value	true
Default value	false
Category	Error handling and logging
Security risk	Severity score: 2.2 CVSS score: Low Security risk details: In the event of security investigation, this table can be used by incident response teams to audit the commands run on the MID server. Without this log, there might not be sufficient details to respond to situations such as unauthorized account use.
Dependencies and prerequisites	None