Logging -> Audit shows results of Search -> Database ->Events
Article ID: 190468
Endpoint Detection and Response
Within the Graphic User Interface (GUI) of EDR 3.2-4.3, on the Logging-> Audit page, instead of the audit log entries that are expected, Endpoint Detection and Response (EDR) displays the results for Search -> Database ->Events. Attempting to search for audit entries (i.e. using "type_id:20 OR type_id:21") returns 0 results even when searching for all time.