How to Use Audit Logs

The Audit Log page table displays activities taken in the system such as policy changes, playbook changes, etc., and enables you to view and filter this information.

Overview

The Audit Log page is found under Reports > Audit Log.

The Audit Log page table displays activities taken in the system such as policy changes, playbook changes, etc., and enables you to view and filter this information.

Audit logs enable traceability across the platform for your environment
Review audit log events to see exactly which changes were made in Spirion, by whom, and at what time

What are Audit Events?

An Audit “Event” is one discrete action the platform records, such as a user log-in, changing a role, editing a policy, or running a scan
Audit Log events queue in PostgreSQL for Agents v13.6+ (Agents v13-13.5 use RabbitMQ) and then move to the database
The event then continues to Audit Log table
The Audit Log does not retain non-functional event types
The event state must be successful to be recorded
Any event that fails is removed from the Audit Log
When the Type filter uses only event types triggered in Spirion Sensitive Data Platform, they are displayed on the Audit Log screen
- See the How to Use Filters to Find an Audit Log section

How to Grant User Access to the Audit Log

Access to the Audit Log page is limited to users of specific roles.
To access Audit Logs, an Administrator must apply the Manage privilege in the Manage Administrative Settings area for the user. From the left side navigation menu, navigate to Settings > User Management.
The Audit Log page is available only to users who are members of a role which contain the Manage privilege.

How to View Audit Logs

Use the following steps to view Audit Logs:

From the left side navigation menu, click Reports.
Next, click Audit Log.
The Audit Log page appears.

Audit Log Table Columns

The Audit Log table displays these columns:

Field	Description
Date/Time	The timestamp of when the action occurred.
Type	The action that was logged: Application Setting - Written when an app setting is changed. Within Sensitive Data Platform, see Settings>Application Settings. Cloud Provider Authenticated - Written when Sensitive Data Platform console authenticates with a cloud provider. Global Ignore List - Written a global ignore list is added or deleted. Within Sensitive Data Platform, see Settings>Application Settings>Global Ignore List. Global Ignore List Item - Written when items are added to a given Ignore list. Playbook Override - Written when the override action is performed on the location details dialog. Policy - Written when a policy is created, updated (changed), or deleted using edit mode. Remote Result Action - Written when a Shred, Quarantine, or Ignore action initiated from the Console Results tab is scheduled for processing by an endpoint Sensitive Data Type - Written when custom data types are created, modified, deleted, etc.. These are called sensitive data types in Sensitive Data Manager. Within Sensitive Data Platform, see Settings>Global Data Types>Custom Data Types tab. Sensitive Data Type Export - Written when row menu on the page above is used and an item is exported. Spirion Support User - Not logged. Tag - Written when a tag is changed, created, or deleted. Targets Merge - Written when Targets are merged. User - Written each time a user logs in to the Console and permissions are synchronized.
Action Type	The type of action that was taken: Accessed Cloned Created Deleted Updated
Location	The location within Sensitive Data Platform where the action occurred: Agents And Endpoints Analytics Analytics Dashboard Audit Log Change Password Classifications Compliance Dashboard Discovery Teams Endpoints Excluded Rows Identity Requests Identity Results Incidents Management Incidents Results Installation Map Data Notifications Playbooks Policies Privacy Manager Profile Results Roles Scans Scans Dashboard Schedules Script Repository Sensitive Data Types Spirion Support User Tag Management Tags Unknown Users
Description	Includes Action Type, Name, and Type
More Options menu (3 vertical dots)	View Details

How to Sort Table Columns

Sort your Audit Logs by table column to instantly bring your desired focus area to the top of the Audit Log table. For example, sort by date to view the oldest or the most recent Audit logs.

Use the following steps to sort table columns:

Click a column to sort ascending.
Click the column again to sort descending.

How to Search for an Audit Log

You can search for an Audit log by Account Name, Action Type, or Location.

Use the following steps to search for an audit log:

Enter the name of the log in the Search entry field.
Click the magnifying glass (search) icon or press Enter.
The result displays.
Click the x to clear the search.

How to View Audit Log Details

Use the following steps to view the details of an Audit log:

From the Audit Log page locate the log you want to view in the Audit Log list.
Click the More Options menu at the end of the column.
Click View Details.
The Log Details window opens.
Click Close to close the window and return to the previous screen.

How to Use Filters to Find an Audit Log

Note: The Type filter only uses and displays event types triggered in Sensitive Data Platform.

To use the filter feature to find an Audit Log based on specific criteria:

In the upper left of the screen, go to the Filters.
For the selection criteria, select one or more items from the list of filters.
- IP Address
- For audits, the user's IP Address is preferred.
- Date/Time
- Type
- Action Type
- Location
- Description
Click Apply to apply the filter to the Audit Log list.
Click Clear and then click Apply to remove the filter.