Audit logs can be seen as a security-relevant chronological record that provide evidence of the sequence of activities that have performed on the system. All changes performed by authorized users of an Org are tracked.
Users of an Org can view information in an audit trail, but cannot delete records from it .
Audit Logs and Org Admins¶
Click on "Audit Logs" to view all actions performed by authorized users of an Org.
Audit logs are presented sorted by "date/time" i.e. always in a reverse chronological format. An illustrative example is shown below.
Canned filters are provided so that the audit logs can be filtered so that the user can quickly zero in on what they are looking for.
- Type of action
- Client type: Browser or CLI
- Time window
An illustrative example for a filtered view is shown below.
Click the up/down arrow of each log to quickly show/hide the entire JSON payload and this shows all the metadata associated with it
- Search: A free text search box provided for the users to quickly search for the required log details
- Clear Filters: Remove the applied filters and reset to the default view
- Refresh: Refreshes the page to view the latest audit logs
- Export: Allows the user to download the user's audit log in CSV format
Audit Logs for Users in a Project¶
All users with access to specific projects also have visibility into the audit logs, but limited to just the project they have access to.
Common Use Cases¶
The ability to follow records back to their origin provides numerous benefits, including transparency and a defense of records for compliance, record integrity and accuracy, system protection from misuse or harm, and security of sensitive or vital information.
These are achieved through these four areas:
Implementing audit trails promotes appropriate user behavior, which can prevent improper use of information, and unauthorized use or modifications.
In addition, the user knows that their actions are automatically recorded and tied to their unique identity.
Reconstruction of Events¶
When an investigation is warranted or triggered, the first step to remediate a problem is knowing the "when,” the “how," and the "what" of the event. Visibility into this information can aid in problem detection and prevent future occurrences of things such as hacking, system failures, outages, or corruption of information.
Audit trails aid in identifying suspicious behavior or actions. Unauthorized access is a serious problem for most systems. Many regulations now have mandates for the security of information and maintaining confidentiality. Protection also extends to intellectual property, designs, personnel information, and financial records.
Through real-time monitoring, you can use automated audit logs to identify problems that indicate system implementation issues, operational issues, unusual or suspicious activities, or system and operator errors.
Long term maintenance of audits can prove difficult for many organizations because the logs can occupy extensive storage space that may not be readily available. We will retain the audit trail for 365 days (one calendar year).