Overview

Each automated or manual action within the Automation module (previously called Continuous Content Management) is logged with detailed results and can be reviewed on the History page. Here you can see the logs related to all Jobs run by your team or the system for all Data Planes of your organization.

All logs are displayed as a table with the following columns:

Column name	Description
Time	The date and time when the job was run.
Content Name	The content item related to the job. N/A is shown for jobs with more than one content item.
Type	The type of the logged job. With the Service Log toggle off, the following job types may be displayed: Content Deploy — refers to content deployment either manually from the Code tab of a content item page in Threat Detection Marketplace or automatically through a job in Automation. Also, it covers enabling/disabling and updating content via Automation. Deleted from Inventory — content was deleted only from Inventory in Automation. Deleted from Inventory and SIEM — content was deleted both from Inventory in Automation and from SIEM. Unlock Content — a Premium Sigma rule has been unlocked (when Auto Unlock is enabled for the List that includes that rule) With the Service Log toggle on, in addition to the options above, the following service Job types may be displayed: Job Inventory — inventory content was synchronized with the SIEM. The total number of content items synchronized is shown under the Content Count column. Each Job Inventory has separate Content Inventory Jobs related to it. They show the synchronization result for content of specific types available for a given SIEM (the content type can be found under the Content Name column, and the number of synchronized content items of this type under the Content Count column). Content Inventory — a Job showing the number of synchronized content items of a specific type available in a given SIEM. Job Deploy — a service Job to run the Content Deploy Job set up by the user.
Data Plane	The related Data Plane.
Content List	The Content List to which the content belongs.
Job Name	The name of the Job. Displays a custom name for Jobs set up by the users, or one of the predefined names for system Jobs: Content was deleted Content hasn't deleted Content was deployed Content was enabled Content was disabled Content was updated (refers to manual updates from the Inventory page) Inventory Job (Inventory was synchronized)
CFM	The related Custom Field Mapping profile (if any).
Action by	User associated with the logged Job.
Content Count	Total number of content items processed by the Job. For Inventory Jobs: For Job Inventory type — the total number of content items synchronized with your organization's SIEM For Content Inventory type — the number of synchronized content of a specific type available for a given SIEM
Result	Job result: Success — with details on the stage of the Job: Job started, start of deploying, etc. Failure — there were issues with the Job, for example credentials error
Message	Message with key details about the Job result

You can sort the History page with the arrow up and arrow down icons next to the corresponding column name.

For your convenience, you can manage the logs shown. By default, all the logs for Jobs, manual deployments, and other changes are displayed, which can be quite a nuisance to users who want to focus on more relevant actions, like content deployment results. When the Service Logs toggle is OFF (by default), you can focus only on the deployment logs rather than being distracted by all the logs sent by the system. To enable all logs, switch Service Logs ON.

You can export the History logs as CSV by clicking the Export icon.

Note that the scope of data for export corresponds to the scope of data currently visible on the selected page in the History section. This is intended to prevent the creation of extra-large export files.

How To

Here you can find instructions on how to work with History:

View Deployment Result
Use Lucene Search

View Deployment Result

To view the details of the deployment result for a Job on the History page, click the Job result pill (Success or Failure) under the Result column.

You will see the notification pop-up with the details of the content deployment:

Success. You will be notified that content has been successfully deployed to your Data Plane, and will be able to review the deployment details.

Failure. You will be notified of the issue with the error details and the failed HTTP request (where applicable).

Note:

The Result column contains result pills for Jobs of all types. By clicking the pill, you can view the details of the result for any Job.

Use Lucene Search

You can search for content on the History page using the Lucene query syntax.

Here’s the list of fields that are available.

Field	Type	Description
`content.deploy_date`	timestamp	Date and time when the content was deployed. Specified in the UTC format. For example: `2020-08-31 15:55:41`
`content.id`	text	SIEM platform content internal ID. For example: `03cf7ee6-e77b-11ea-977c-02b7662333ec`
`content.name`	text	Content name
`content.siem`	text	Content native vendor type. Possible values: `ala` `ala-rule` `sentinel` `xpack-watcher` `kibana` `elasticsearch-rule` `humio` `sumologic` `chronicle`
`content.type`	text	Content type. Possible values: `query` `rule` `alert` `detection rule` `saved search` `watcher` `rule alert` `rule-alert`
`job.content_list_id`	text	Internal SOC Prime Platform Content List ID. For example: `SLxPPnQBumvMEkwI7nlX`
`job.deploy_result`	text	Indicates whether a job was executed successfully or failed. Possible values: `failure` `success`
`job.id`	text	SOC Prime Platform internal Job ID. For example: `TEouTnQBQAH5UgbBrxD4`
`job.last_run`	timestamp	Date and time when the job was executed. Specified in the UTC format. For example: `2020-08-31 15:55:41`
`job.name`	text	The name of the job specified in the job settings.
`job.platform`	text	Possible values: `elastic_cloud_platform` `azure_sentinel_platform` `humio_platform` `sumo_logic_platform` `chronicle_platform`

If no content items match your search criteria, you will see the corresponding message: