Activity Logs (feeds)
Default ThreatQ Role: Administrative or Maintenance
Custom Role - Action Permissions: Integrations - Edit Integration Configurations, Run Operations
ThreatQ allows you to view feed run activity for individual CDFs from the Activity Log in a CDF's configuration page and to access information on all feed runs over the past ninety days from the Feed Run Activity tab in the Integrations page.
Activity Log Details
The Activity Log provides you with details regarding recent runs performed by a CDF integration.
The Log Details section displays run details that include:
| Log Data | Details |
|---|---|
| Type of Run | Whether the run was scheduled or triggered manually. |
| Date and Time | When the run, data and time, was initiated. |
| Outcome | Whether the run completed successfully or if it encountered errors. |
You can click on the arrow icon next to the output to view run details such as an ingestion summary of objects ingested, download files (stored files), and additional timestamps regarding the run.
| Field | Description |
|---|---|
| Run Started | The timestamp of when the run was initiated. |
| Response Received | The timestamp when the feed endpoint responded. |
| Data Ingested | The timestamp when the run was completed and intel data was ingested. |
| Query Range | The time frame for the data ingested. |
| Store Files | Zipped password-locked file(s) of the ingested data. |
| Ingested Summary | A summary of ingested object types. |
Accessing a CDF's Activity Log
You can access CDF's activity log from the My Integrations page.
- Locate and click on the integration to load its details page.
The integration details page will load.
- Select the Activity Log tab if not already selected.
- Click on the arrow icon located next to a run’s outcome status to view additional details regarding the run.