Audit Log Events
Audit logs are records of the event logs, typically regarding a sequence of activities or a specific activity. The following events are tracked as part of the Audit Log.
Event Category | Event |
---|---|
Admin Actions |
AWS Account Authentication |
Admin Actions |
API Access |
Admin Actions |
Config Audit AWS Accounts Modified |
Admin Actions | IP allowlist enabled |
Admin Actions | IP allowlist disabled |
Admin Actions | IP allowlist changed (IPs are added or removed |
Admin Actions | IP allowlist changed (Support IP option is enabled or disabled) |
Cloud Connector |
Log Processing Config Changed |
Cloud Connector |
Custom Attribute Config Changed |
Cloud Connector |
SIEM Config Changed |
Cloud Connector |
IP User Mapping Config Changed |
Cloud Connector |
SMTP Config Changed |
Cloud Connector |
Panorama Config Changed |
Cloud Connector |
Cloud Config synced to EC |
Cloud Registry | Custom attribute created |
Cloud Registry | Custom attribute deleted |
Cloud Registry | Custom attribute(s) edited |
Cloud Registry | Risk category weights changed |
Cloud Registry | Risk attribute weights changed |
Cloud Service Detail | Custom service attribute value edited |
Cloud Service Detail | Bulk edit of Custom service attribute values |
Cloud Service Detail | Note added to Cloud Service |
Cloud Service Detail | Note edited for Cloud Service |
Cloud Service Detail | Service detail report created |
Cloud Service Detail | Cloud service risk score is overridden |
Data Jurisdictions | Jurisdiction created |
Data Jurisdictions | Jurisdiction edited |
Data Jurisdictions | Jurisdiction deleted |
DLP Policies | Sanctioned DLP Policy created |
DLP Policies | Sanctioned DLP Policy edited |
DLP Policies | Sanctioned DLP Policy deleted |
DLP Policies | Sanctioned DLP Policy exported |
DLP Policies | Sanctioned DLP Policy enabled |
DLP Policies | Sanctioned DLP Policy disabled |
DLP Policies | Assigned jurisdiction to Sanctioned DLP Policy |
DLP Policies | Sanctioned DLP Policy Rule or Exception Group edited |
DLP Policies | Policy Dictionary created |
DLP Policies | Policy Dictionary deleted |
DLP Policies | Policy Dictionary updated |
File Downloads | Cloud traffic URL list downloaded |
File Downloads | Anomalies CSV exported |
File Downloads | Upload Activities CSV exported |
File Downloads | Service Group list downloaded |
File Downloads | Report downloaded |
File Downloads | Integration URL list downloaded |
File Downloads | Application audit trail downloaded |
File Downloads | Item creating incident downloaded |
File Emailed | Report emailed to the user |
Incidents | Incidents deleted |
Incidents | Bulk change incident owner |
Incidents | Bulk change incident status |
Incidents | Bulk change incident response |
Incidents | Change incident owner |
Incidents | Change incident status |
Incidents | Change incident response |
Incidents | Create incident note |
Incidents | Update incident note |
Incidents | Delete incident note |
Incident Bulk Remediate | Incident bulk remediate start |
Incident Bulk Update | Incident bulk update start |
Integrations | Firewall/proxy integration added |
Integrations | Firewall/proxy integration edited |
Integrations | Firewall/proxy integration removed |
Integrations | Changes approved to sync with firewall or proxy |
On-Demand Scan | On-Demand Scan created |
On-Demand Scan | On-Demand Scan edited |
On-Demand Scan | On-Demand Scan deleted |
On-Demand Scan | On-Demand Scan started |
On-Demand Scan | On-Demand Scan stopped |
On-Demand Scan | On-Demand Scan paused |
On-Demand Scan | On-Demand Scan resumed |
On-Demand Scan | On-Demand Scan Estimate started |
On-Demand Scan | On-Demand Scan Estimate stopped |
Reports | My Dashboard cards export |
Reports | Run Now report created |
Reports | Scheduled report created |
Reports | Run Now report created |
Reports | Scheduled report created |
Reports | Scheduled report edited |
Reports | Scheduled report is run |
Reports | Scheduled report deleted |
Reports | Scheduled report duplicated |
Reports | Report Executed |
Service Management | Proxy is un-managed |
Service Management | Proxy is disabled |
Service Management | Added Service Properties |
Service Management | Updated Service Properties |
Service Management | Deleted Service Properties |
Service Management | Renew Certificate |
Service Management | SMTP Configuration |
Service Management | SAML Configuration |
Saved Views | Saved view shared |
Saved Views | Saved view deleted |
Saved Views | Saved view shared |
Saved Views | Saved view deleted |
Service Groups | Cloud service(s) added to Service Group |
Users | User logged in |
Users | User logged out |
Users | User login failed |
Users | User entered Captcha |
Users | User clicked forgot password |
Users | User password reset attempt (Success) |
Users | User password reset attempt (Failure) |
Users | User changed a password |
Watchlists | Users added to watchlist |
Uncategorized | Application Navigation |
Uncategorized | Enterprise Dashboard Show More View |
Uncategorized | Enterprise Dashboard Show Less View |
Uncategorized | Show Service Details |
Uncategorized | View Managed Services |
Uncategorized | Show Anomalies |
Uncategorized | Create an Anomaly Exception Rule |
Uncategorized | Delete an Anomaly Exception Rule |
Uncategorized | Setting a New Anomaly Threshold |
Uncategorized | Bundle Pushed to Proxy |
Uncategorized | Default Bundle Pushed to Proxy |
Uncategorized | On-Demand Scan |
Uncategorized | Quarantine Management |
Uncategorized | Manual Remediation |
Uncategorized | User Management Action |
Uncategorized | User Clicked Download Script |
Uncategorized | Manual Upload Started |
Uncategorized | Manual Upload Failed |
Uncategorized | Edit Settings for Data Feed |
Uncategorized | Risk Scoring Model Change |
Uncategorized | Threat Protection |
DLP Classifications | Classification created |
DLP Classifications | Classification deleted |
DLP Classifications | Classification updated |
DLP Classifications | Classification Advanced Pattern created |
DLP Classifications | Classification Advanced Pattern deleted |
DLP Classifications | Classification Advanced Pattern updated |
DLP Classifications | Classification Dictionary created |
DLP Classifications | Classification Dictionary deleted |
DLP Classifications | Classification Dictionary updated |