What type of actions are tracked in the API Audit Trail?

The API Audit Trail specifically tracks actions taken through the Falcon OAuth2-based APIs. This includes monitoring all API interactions and the changes made via these calls, which is crucial for maintaining a clear record of how the API is being utilized. This capability allows administrators to audit and review the usage of the API, ensuring that each interaction is accounted for, and enhance security by identifying any unauthorized access or anomalies in usage patterns.

By focusing on the actions taken through the Falcon API, it helps in accountability and compliance, as organizations may need to report and review these interactions for security and operational integrity. This tracking is essential for maintaining robust security measures and understanding the dynamics of API usage within their environment.

In contrast, user login events, sensor performance issues, and malware detections comprise different aspects of system monitoring and management that are not covered by the API Audit Trail. These areas involve the overall security posture and operational efficiency of the platform rather than specific interactions with the API.