The Activity log in Security Events shows entries for requests with exposed credentials identified by rules with the Log action.
Check for exposed credentials events in the Security Events dashboard (Security > Events tab), filtering by a specific Rule ID. For more information on filtering security events, refer to Adjusting displayed data.