Help Center
News
Help Center
News
Popular
Architecture and High-level Information
Scans
Agents
How to Use Dashboards
How to Use Data Asset Inventory
How to Install\Uninstall and Set Up Spirion Sensitive Data Platform
How to Use Logs
How to View Endpoint LogsHow to Use Audit LogsHow to Use Agent LogsWhere to Find PostgreSQL LogsAdvanced Log and Log Location Information for Power UsersWhat are common errors shown in the Agent Log and how do I fix them?Can I Export Agent Log Data for External Analysis?Can I export Audit Log data for External Analysis?How do I export Audit Log data via the Web API?Can I customize which events appear in the Audit Log?Can I schedule automated exports of Audit Log data?Is there a sample script for API-based audit log export?Guide to Analyzing Logs and Generating Graphs in Time IntervalsIs There a Sample Script for Exporting Agent Log Data?What are Best Practices for Managing Large Log Exports?Is There an Example of Filtering Logs by Severity?What are best practices for storing and securing exported log data?What Tools Integrate Well with Spirion for Log Integrity VerificationIs There a Sample Script for Hash Verification?
PowerBI
How to Manage Users and Roles
Reports
Settings and Resources
Additional Resources
Release Notes
Reporting API
Customer Support Articles

Can I export Audit Log data for External Analysis?

Some users choose to export audit log data to 3rd-party tools for analysis. This article provides details.

Yes, you can export Audit Log data for external analysis. In Spirion Sensitive Data Platform, this is typically done to support security operations, compliance reporting, and long-term forensic retention.

1. Manual Export (CSV/Excel)

For point-in-time analysis or simple reporting, you can manually export the Audit Log directly from the console.

  • How to do it: Navigate to the Audit Log page, apply any necessary filters (such as date range or user), and use the Export button (usually located at the top right of the grid).
  • Format: The data is typically exported as a CSV or Excel file, which can be opened in tools like Microsoft Excel or Google Sheets for sorting and filtering.

2. Automated Export via Web API (SIEM Integration)

For continuous monitoring and advanced analysis, the most common method is to use the Spirion Web API.

  • The Method: You can configure a script or a SOAR (Security Orchestration, Automation, and Response) tool to poll the Spirion API for new audit events.
  • SIEM Integration: This is the standard way to feed Spirion audit data into a centralized SIEM like Splunk, Microsoft Sentinel, or LogRhythm.
  • Benefit: By moving audit logs into a SIEM, you can correlate Spirion administrative actions with other enterprise events (for example, "User X logged into the Spirion Console immediately after a suspicious VPN login").

3. Custom Scripting (Execute Script)

While less common for the Audit Log itself, you can use the Execute Script action within Spirion to trigger external notifications or log entries in response to specific system events.

  • Usage: If a high-impact event occurs (like a change to a global security policy), a script can be triggered to send that specific audit detail to an external API or a syslog server in real-time.

Recommendations

  • Centralize for Compliance: If you are subject to PCI DSS, HIPAA, or CMMC, you should automate the export of Audit Logs to a secure, centralized location. These regulations often require audit trails to be protected from modification and retained for at least one year.
  • Monitor for "Admin Drift": Use external analysis to look for patterns of "Admin Drift"—where configuration changes are made outside of your established change management windows.
  • Watch for Failed Logins: Exporting and analyzing failed login attempts from the Audit Log is a key part of monitoring for brute-force or credential-stuffing attacks against your Spirion Console.

Summary

Whether you need a quick spreadsheet for a meeting or a real-time data stream for your SOC, Spirion provides the manual and automated tools necessary to get your Audit Log data into the external platforms you use for analysis and governance.

Was this article helpful?

Powered by Product Fruits