Help Center
News
Help Center
News
Popular
Architecture and High-level Information
Scans
Agents
How to Use Dashboards
How to Use Data Asset Inventory
How to Install\Uninstall and Set Up Spirion Sensitive Data Platform
How to Use Logs
How to View Endpoint LogsHow to Use Audit LogsHow to Use Agent LogsWhere to Find PostgreSQL LogsAdvanced Log and Log Location Information for Power UsersWhat are common errors shown in the Agent Log and how do I fix them?Can I Export Agent Log Data for External Analysis?Can I export Audit Log data for External Analysis?How do I export Audit Log data via the Web API?Can I customize which events appear in the Audit Log?Can I schedule automated exports of Audit Log data?Is there a sample script for API-based audit log export?Guide to Analyzing Logs and Generating Graphs in Time IntervalsIs There a Sample Script for Exporting Agent Log Data?What are Best Practices for Managing Large Log Exports?Is There an Example of Filtering Logs by Severity?What are best practices for storing and securing exported log data?What Tools Integrate Well with Spirion for Log Integrity VerificationIs There a Sample Script for Hash Verification?
PowerBI
How to Manage Users and Roles
Reports
Settings and Resources
Additional Resources
Release Notes
Reporting API
Customer Support Articles

Can I customize which events appear in the Audit Log?

In Spirion Sensitive Data Platform, you cannot "customize" the Audit Log in the sense of choosing which system events are recorded—the platform is designed to be an immutable, comprehensive record of all administrative actions for compliance and security reasons.

However, you have extensive control over how you view, filter, and interact with that data within the console, as well as how you export it for external use.

1. Filtering and Views (Console Customization)

While the platform records everything, you can customize your view of the Audit Log to focus on what matters to you:

  • Event Categories: You can filter by specific types of actions, such as "Policy Changes," "User Logins," or "Target Modifications."
  • User Filtering: You can isolate actions taken by a specific administrator or service account.
  • Time Windows: You can narrow the log to specific dates or times (e.g., "Show me all changes made during last night's maintenance window").
  • Search: You can perform keyword searches to find specific objects (e.g., searching for a specific Policy name to see its entire modification history).

2. External Customization (SIEM/API)

If you need to customize which events are alerted on or how they are categorized for your organization's specific needs, you should do this in an external tool:

  • API Filtering: When pulling data via the Web API, you can write logic to only ingest specific event IDs or categories into your external database.
  • SIEM Logic: In a tool like Splunk or Sentinel, you can create custom dashboards and alerts that only trigger on the specific Spirion audit events you deem "high-risk" (e.g., "Alert if any Playbook is deleted").

3. What is Always Recorded (Non-Customizable)

To maintain its integrity as a "System of Record," Spirion will always log the following, and these cannot be disabled:

  • Identity: Who performed the action (User ID/IP Address).
  • Action: What was done (Create, Update, Delete, Login).
  • Object: What was affected (Policy Name, Target ID, User Role).
  • Timestamp: Exactly when it happened (UTC).

4. "Custom" Audit Events via Playbooks

While you can't change the system audit log, you can create your own "Operational Audit Trail" using Playbooks:

  • Execute Script: You can create a playbook that triggers a custom script whenever a specific condition is met (e.g., "If a scan finds >1000 SSNs, run a script to log this to our internal security portal"). This allows you to create a custom, business-specific audit trail outside of the standard system logs.

Recommendations

  • Don't try to "limit" the logs: From a compliance perspective (PCI, NIST, GDPR), having "too much" audit data is always better than having gaps.
  • Use Roles to Limit Noise: If you have too many events in your Audit Log, it may be because too many people have "Admin" rights. Use Role-Based Access Control (RBAC) to ensure only necessary personnel can perform auditable actions.
  • Leverage Saved Filters: If you find yourself looking for the same types of events repeatedly, use the console's ability to save filtered views to quickly access your "custom" audit perspective.

Summary

You cannot turn off or "pick and choose" which administrative actions Spirion records in the Audit Log, as this would undermine the platform's security and compliance value. Instead, use the console's filtering tools and the Web API to customize how you analyze and respond to that data.

Was this article helpful?

Powered by Product Fruits