Working with Audit Logs

Overview

The Audit Log page is found under Reports>Audit Log.

The Audit Log page table displays activities taken in the system such as policy changes, playbook changes, etc., and enables you to view and filter this information.

Audit Events

  • Audit Log events queue in RabbitMQ and then move to the database.

  • The event then continues to Audit Log Table.

  • The Audit Log does not retain non-functional event types.

  • The event state must be successful to be recorded.

  • Any event that fails is removed from the Audit Log.

  • When the Type filter uses only event types triggered in Sensitive Data Platform, they are displayed on the Audit Log screen.

    • See the Using Filters to Find an Audit Log section.

Access and View Audit Logs

Access to the Audit Log

  • Audit log access is limited to selected users and roles.

  • To have Audit Log access, an Administrator must select the setting Manage in the Manage Administrative Settings area for the user.

  • The Audit Log is only available to users with this setting assigned to their role.

View Audit Logs

Procedure:

  1. From the left menu, click Reports.

  2. Click Audit Log.

  3. The Audit Log page appears.

Audit Log Columns

The Audit Log table displays these columns:

Field Description
Date/Time The timestamp of when the action occurred.
Type

The action that was logged:

  • Application Setting - Written when an app setting is changed. Within Sensitive Data Platform, see Settings>Application Settings.

  • Cloud Provider Authenticated - Written when Sensitive Data Platform console authenticates with a cloud provider.

  • Global Ignore List - Written a global ignore list is added or deleted. Within Sensitive Data Platform, see Settings>Application Settings>Global Ignore List.

  • Global Ignore List Item - Written when items are added to a given Ignore list.

  • Playbook Override - Written when the override action is performed on the location details dialog.

  • Policy - Written when a policy is created, updated (changed), or deleted using edit mode.

  • Remote Result Action - Written when a Shred, Quarantine, or Ignore action initiated from the Console Results tab is scheduled for processing by an endpoint

  • Sensitive Data Type - Written when custom data types are created, modified, deleted, etc.. These are called sensitive data types in Sensitive Data Manager. Within Sensitive Data Platform, see Settings>Global Data Types>Custom Data Types tab.

  • Sensitive Data Type Export - Written when row menu on the page above is used and an item is exported.

  • Spirion Support User - Not logged.

  • Tag - Written when a tag is changed, created, or deleted.

  • Targets Merge - Written when Targets are merged.

  • User - Written each time a user logs in to the Console and permissions are synchronized.
Action Type

The type of action that was taken:

  • Accessed

  • Cloned

  • Created

  • Deleted

  • Updated
Location

The location within Sensitive Data Platform where the action occurred:

  • Agents And Endpoints

  • Analytics

  • Analytics Dashboard

  • Audit Log

  • Change Password

  • Classifications

  • Compliance

  • Dashboard

  • Discovery Teams

  • Endpoints

  • Excluded Rows

  • Identity Requests

  • Identity Results

  • Incidents Management

  • Incidents Results

  • Installation

  • Map Data

  • Notifications

  • Playbooks

  • Policies

  • Privacy Manager

  • Profile

  • Results

  • Roles

  • Scans

  • Scans Dashboard

  • Schedules

  • Script Repository

  • Sensitive Data Types

  • Spirion Support User

  • Tag Management

  • Tags

  • Unknown

  • Users
Description Includes Action Type, Name, and Type
More Options menu (3 vertical dots) View Details

Column Sorting

Procedure:

  1. Click a column to sort ascending.

  2. Click the column again to sort descending.

Search for an Audit Log

You can search for a log by Account Name, Action Type, and Location.

To search for a log:

  1. Type in the name of the log in the Search entry field.

  2. Click the magnifying glass (search) icon or press Enter.

  3. The result displays.

  4. Click the x to clear the search.

View Audit Log Details

To view the details of an Audit Log:

  1. Locate the log you want to view in the Audit Log list.

  2. Click the More Options menu at the end of the column.

  3. Click View Details.

  4. The Log Details window opens.

  5. Click Close to close the window and return to the previous screen.

Using Filters to Find an Audit Log

Note: The Type filter only uses and displays event types triggered in Sensitive Data Platform.

To use the filter feature to find an Audit Log based on specific criteria:

  1. In the upper left of the screen, go to the Filters.

  2. For the selection criteria, select one or more items from the list of filters.

    • IP Address

    • For audits, the user's IP Address is preferred.

    • Date/Time

    • Type

    • Action Type

    • Location

    • Description

  1. Click Apply to apply the filter to the Audit Log list.

  2. Click Clear and then click Apply to remove the filter.