The ESM actually is quite limited from that perspective, when it comes to generating events for Audit purposes (What you are looking for) also detailed diagnostics of the H/W devices.
There are some events but they are not sufficient.
I believe this is a lack of full functionality.
My best guess will be that you need to submit PER so McAfee/Intel could implement it at some stage:
If you inspect the System log on the ESM you should be able to see what and when they did but no reporting available.
If the Analysts are assigned cases for critical events then you can track how many cases they acknowledged and how many were closed. You can also generate a report on how many cases were generated during that shift, for that user and you can track the timing for that user with case timing (First case when it was acknowledge and last case when it was acknowledged). This is similar to checking the system logs for user logins but here you can generate a report. Hope this helps