Audit Log Events
Audit logs are records of the event logs, typically regarding a sequence of activities or a specific activity. The following events are tracked as part of the Audit Log.
| Event Category | Event |
|---|---|
|
Admin Actions |
AWS Account Authentication |
|
Admin Actions |
API Access |
|
Admin Actions |
Config Audit AWS Accounts Modified |
| Admin Actions | IP allowlist enabled |
| Admin Actions | IP allowlist disabled |
| Admin Actions | IP allowlist changed (IPs are added or removed |
| Admin Actions | IP allowlist changed (Support IP option is enabled or disabled) |
|
Cloud Connector |
Log Processing Config Changed |
|
Cloud Connector |
Custom Attribute Config Changed |
|
Cloud Connector |
SIEM Config Changed |
|
Cloud Connector |
IP User Mapping Config Changed |
|
Cloud Connector |
SMTP Config Changed |
|
Cloud Connector |
Panorama Config Changed |
|
Cloud Connector |
Cloud Config synced to EC |
| Cloud Registry | Custom attribute created |
| Cloud Registry | Custom attribute deleted |
| Cloud Registry | Custom attribute(s) edited |
| Cloud Registry | Risk category weights changed |
| Cloud Registry | Risk attribute weights changed |
| Cloud Service Detail | Custom service attribute value edited |
| Cloud Service Detail | Bulk edit of Custom service attribute values |
| Cloud Service Detail | Note added to Cloud Service |
| Cloud Service Detail | Note edited for Cloud Service |
| Cloud Service Detail | Service detail report created |
| Cloud Service Detail | Cloud service risk score is overridden |
| Data Jurisdictions | Jurisdiction created |
| Data Jurisdictions | Jurisdiction edited |
| Data Jurisdictions | Jurisdiction deleted |
| DLP Policies | Sanctioned DLP Policy created |
| DLP Policies | Sanctioned DLP Policy edited |
| DLP Policies | Sanctioned DLP Policy deleted |
| DLP Policies | Sanctioned DLP Policy exported |
| DLP Policies | Sanctioned DLP Policy enabled |
| DLP Policies | Sanctioned DLP Policy disabled |
| DLP Policies | Assigned jurisdiction to Sanctioned DLP Policy |
| DLP Policies | Sanctioned DLP Policy Rule or Exception Group edited |
| DLP Policies | Policy Dictionary created |
| DLP Policies | Policy Dictionary deleted |
| DLP Policies | Policy Dictionary updated |
| File Downloads | Cloud traffic URL list downloaded |
| File Downloads | Anomalies CSV exported |
| File Downloads | Upload Activities CSV exported |
| File Downloads | Service Group list downloaded |
| File Downloads | Report downloaded |
| File Downloads | Integration URL list downloaded |
| File Downloads | Application audit trail downloaded |
| File Downloads | Item creating incident downloaded |
| File Emailed | Report emailed to the user |
| Incidents | Incidents deleted |
| Incidents | Bulk change incident owner |
| Incidents | Bulk change incident status |
| Incidents | Bulk change incident response |
| Incidents | Change incident owner |
| Incidents | Change incident status |
| Incidents | Change incident response |
| Incidents | Create incident note |
| Incidents | Update incident note |
| Incidents | Delete incident note |
| Incident Bulk Remediate | Incident bulk remediate start |
| Incident Bulk Update | Incident bulk update start |
| Integrations | Firewall/proxy integration added |
| Integrations | Firewall/proxy integration edited |
| Integrations | Firewall/proxy integration removed |
| Integrations | Changes approved to sync with firewall or proxy |
| On-Demand Scan | On-Demand Scan created |
| On-Demand Scan | On-Demand Scan edited |
| On-Demand Scan | On-Demand Scan deleted |
| On-Demand Scan | On-Demand Scan started |
| On-Demand Scan | On-Demand Scan stopped |
| On-Demand Scan | On-Demand Scan paused |
| On-Demand Scan | On-Demand Scan resumed |
| On-Demand Scan | On-Demand Scan Estimate started |
| On-Demand Scan | On-Demand Scan Estimate stopped |
| Reports | My Dashboard cards export |
| Reports | Run Now report created |
| Reports | Scheduled report created |
| Reports | Run Now report created |
| Reports | Scheduled report created |
| Reports | Scheduled report edited |
| Reports | Scheduled report is run |
| Reports | Scheduled report deleted |
| Reports | Scheduled report duplicated |
| Reports | Report Executed |
| Service Management | Proxy is un-managed |
| Service Management | Proxy is disabled |
| Service Management | Added Service Properties |
| Service Management | Updated Service Properties |
| Service Management | Deleted Service Properties |
| Service Management | Renew Certificate |
| Service Management | SMTP Configuration |
| Service Management | SAML Configuration |
| Saved Views | Saved view shared |
| Saved Views | Saved view deleted |
| Saved Views | Saved view shared |
| Saved Views | Saved view deleted |
| Service Groups | Cloud service(s) added to Service Group |
| Users | User logged in |
| Users | User logged out |
| Users | User login failed |
| Users | User entered Captcha |
| Users | User clicked forgot password |
| Users | User password reset attempt (Success) |
| Users | User password reset attempt (Failure) |
| Users | User changed a password |
| Watchlists | Users added to watchlist |
| Uncategorized | Application Navigation |
| Uncategorized | Enterprise Dashboard Show More View |
| Uncategorized | Enterprise Dashboard Show Less View |
| Uncategorized | Show Service Details |
| Uncategorized | View Managed Services |
| Uncategorized | Show Anomalies |
| Uncategorized | Create an Anomaly Exception Rule |
| Uncategorized | Delete an Anomaly Exception Rule |
| Uncategorized | Setting a New Anomaly Threshold |
| Uncategorized | Bundle Pushed to Proxy |
| Uncategorized | Default Bundle Pushed to Proxy |
| Uncategorized | On-Demand Scan |
| Uncategorized | Quarantine Management |
| Uncategorized | Manual Remediation |
| Uncategorized | User Management Action |
| Uncategorized | User Clicked Download Script |
| Uncategorized | Manual Upload Started |
| Uncategorized | Manual Upload Failed |
| Uncategorized | Edit Settings for Data Feed |
| Uncategorized | Risk Scoring Model Change |
| Uncategorized | Threat Protection |
| DLP Classifications | Classification created |
| DLP Classifications | Classification deleted |
| DLP Classifications | Classification updated |
| DLP Classifications | Classification Advanced Pattern created |
| DLP Classifications | Classification Advanced Pattern deleted |
| DLP Classifications | Classification Advanced Pattern updated |
| DLP Classifications | Classification Dictionary created |
| DLP Classifications | Classification Dictionary deleted |
| DLP Classifications | Classification Dictionary updated |