Help Center
News
Help Center
News
Popular
Architecture and High-level Information
Scans
Agents
How to Use Dashboards
How to Use Data Asset Inventory
How to Install\Uninstall and Set Up Spirion Sensitive Data Platform
How to Use Logs
How to View Endpoint LogsHow to Use Audit LogsHow to Use Agent LogsWhere to Find PostgreSQL LogsAdvanced Log and Log Location Information for Power UsersWhat are common errors shown in the Agent Log and how do I fix them?Can I Export Agent Log Data for External Analysis?Can I export Audit Log data for External Analysis?How do I export Audit Log data via the Web API?Can I customize which events appear in the Audit Log?Can I schedule automated exports of Audit Log data?Is there a sample script for API-based audit log export?Guide to Analyzing Logs and Generating Graphs in Time IntervalsIs There a Sample Script for Exporting Agent Log Data?What are Best Practices for Managing Large Log Exports?Is There an Example of Filtering Logs by Severity?What are best practices for storing and securing exported log data?What Tools Integrate Well with Spirion for Log Integrity VerificationIs There a Sample Script for Hash Verification?
PowerBI
How to Manage Users and Roles
Reports
Settings and Resources
Additional Resources
Release Notes
Reporting API
Customer Support Articles

Can I schedule automated exports of Audit Log data?

Yes, you can automate the export of Audit Log data, though the method depends on whether you want a scheduled report delivered via email or a continuous data stream for a SIEM.

1. Scheduled Reporting (Console-Driven)

Within the Spirion Sensitive Data Platform (SDP), you can use the reporting engine to schedule automated exports.

  • How to do it: Navigate to the Reports or Exports section of the console. You can create a custom report based on the Audit data type.
  • Scheduling: You can set the frequency (e.g., Daily, Weekly, Monthly) and specify the recipients.
  • Delivery: The report is typically delivered as a CSV or PDF attachment via email.
  • Use Case: This is ideal for compliance officers who need a weekly summary of administrative changes for their records.

2. Continuous Automation (API-Driven)

For security operations (SOC) and real-time analysis, the recommended approach is to use the Web API in conjunction with an external scheduler.

  • The Method: Use a tool like Windows Task Scheduler, a Cron job, or a SOAR platform (like Palo Alto Cortex XSOAR or Splunk Phantom) to call the GET /api/v1/auditlogs endpoint at regular intervals.
  • Automation Logic: Your script should pull the logs, filter for new events since the last run, and push them into your centralized log management system.
  • Use Case: This is the standard for organizations that need to correlate Spirion audit events with other security logs in a SIEM.

3. Integration with ServiceNow (Workflow-Driven)

Spirion supports integrations with ServiceNow ITSM, which can be used to automate the "export" of specific audit events into actionable tickets.

  • How it works: You can configure a Playbook or Workflow to send an email notification to a ServiceNow inbound email action whenever a high-priority audit event occurs (e.g., "Global Policy Deleted").
  • Result: This effectively "exports" the audit event into your organization's existing ticketing and change management system automatically.

Recommendations

  • Phase Your Automation: Start with a Weekly Scheduled Report to establish a baseline for what "normal" administrative activity looks like. Once you have identified high-risk events, move to API-driven automation for real-time alerting.
  • Use "Last Seen" Timestamps: When using the API, always store the timestamp of the most recent audit event you exported. Use this as the startDate for your next scheduled run to ensure you don't miss events or create duplicates.
  • Monitor the Exporter: If you automate via the API, ensure you have a "heartbeat" check on your script. If the script fails, you could lose visibility into critical administrative changes.

Summary

You can schedule automated exports of Audit Log data through the console's Reporting engine for periodic reviews, or through the Web API for continuous, real-time security monitoring. Both methods ensure that your audit trail is preserved and accessible outside of the Spirion platform.

Was this article helpful?

Powered by Product Fruits