I understand we can use the following to look at the investigations created which are 'Active'.
|inputlookup append=t investigative_canvas_lookup
|inputlookup append=t investigative_canvas_entries_lookup
How to audit/track 'removed' investigations by an analyst? The info in _audit index logs seems to not capture 'delete/remove investigations'. Any pointers/help would be appreciated.
We don't currently have sufficient audit trail info for this case. We have an enhancement request to do this. For reference, the enhancement request number is SOLNESS-10790.
I'll try to remember to post back here once this gets done.
That enhancement request is not just to increase auditing for item 1 but to make sure we log thoroughly (which should include all three plus other actions). Our goal is to make it where any change to an investigation is logged.
For clarification, which were you wanting to track: