About the Audit Log
The Audit Log, located at Settings > Audit Log, provides a list of all events performed by registered application users. Drill down to perform detailed Audit Log analysis using the extensive filter and search tools. Then export your findings to a CSV file for accurate reporting.
NOTE: You can use the Audit Log for visibility into various events related to the creation, modification, and deletion of classifications and sanctioned DLP policies by users within your organization.
You can also export the Audit Log to a third-party SIEM system using a Syslog export via Enterprise Connector. For details, see Export Anomalies, Threats, and the Audit Log to a SIEM.
The Audit Log page allows you to search and filter in the following ways:
- Date Picker. Use the Date Picker to select a preset or custom date range in order to display data from only this date range.
- All Users. Filter for users using the drop-down menu.
- All Event Categories. Filter for event categories using the drop-down menu.
- All Events. Filter for a specific event using the drop-down menu.
- Search Field. Search by keyword in Additional Information or by IP Address.
- Actions:
- Create Report
- Download CSV. Export a CSV file of the data displayed in the Audit Log.
- Settings
- Edit Table Columns. Edit the columns displayed in the Audit Log table.
- Create Report
- Available Table Columns:
- User. The username.
- Event Category.
- Name. The object name, which is different for each Event Category.
- Event. The type of event the user performed, detailed in Audit Log Event Type.
- Additional Information. Any additional information available for the user.
- Timestamp. The timestamp when the event occurred.
- IP Address. The user's IP address.
- Description. Description of the event.