Audit Log Events
Audit logs are records of the event logs, typically regarding a sequence of activities or a specific activity. The following events are tracked as part of the Audit Log.
Event Category | Event |
---|---|
Admin Actions |
AWS Account Authentication |
Admin Actions |
API Access |
Admin Actions |
Config Audit AWS Accounts Modified |
Admin Actions | IP allowlist enabled |
Admin Actions | IP allowlist disabled |
Admin Actions | IP allowlist changed (IPs are added or removed |
Admin Actions | IP allowlist changed (Support IP option is enabled or disabled) |
Cloud Connector |
Log Processing Config Changed |
Cloud Connector |
Custom Attribute Config Changed |
Cloud Connector |
SIEM Config Changed |
Cloud Connector |
IP User Mapping Config Changed |
Cloud Connector |
SMTP Config Changed |
Cloud Connector |
Panorama Config Changed |
Cloud Connector |
Cloud Config synced to EC |
Cloud Registry | Custom attribute created |
Cloud Registry | Custom attribute deleted |
Cloud Registry | Custom attribute(s) edited |
Cloud Registry | Risk category weights changed |
Cloud Registry | Risk attribute weights changed |
Cloud Service Detail | Custom service attribute value edited |
Cloud Service Detail | Bulk edit of Custom service attribute values |
Cloud Service Detail | Note added to Cloud Service |
Cloud Service Detail | Note edited for Cloud Service |
Cloud Service Detail | Service detail report created |
Cloud Service Detail | Cloud service risk score is overridden |
Data Jurisdictions | Jurisdiction created |
Data Jurisdictions | Jurisdiction edited |
Data Jurisdictions | Jurisdiction deleted |
File Downloads | Cloud traffic URL list downloaded |
File Downloads | Anomalies CSV exported |
File Downloads | Upload Activities CSV exported |
File Downloads | Service Group list downloaded |
File Downloads | Report downloaded |
File Downloads | Integration URL list downloaded |
File Downloads | Application audit trail downloaded |
File Downloads | Item creating incident downloaded |
File Emailed | Report emailed to the user |
Incidents | Delete incidents |
Incidents | Bulk change incident owner |
Incidents | Bulk change incident status |
Incidents | Bulk change incident response |
Incidents | Change incident owner |
Incidents | Change incident status |
Incidents | Change incident response |
Integrations | Firewall/proxy integration added |
Integrations | Firewall/proxy integration edited |
Integrations | Firewall/proxy integration removed |
Integrations | Changes approved to sync with firewall or proxy |
Reports | My Dashboard cards export |
Reports | Run Now report created |
Reports | Scheduled report created |
Reports | Run Now report created |
Reports | Scheduled report created |
Reports | Scheduled report edited |
Reports | Scheduled report is run |
Reports | Scheduled report deleted |
Reports | Scheduled report duplicated |
Reports | Report Executed |
Service Management | Proxy is un-managed |
Service Management | Proxy is disabled |
Service Management | Added Service Properties |
Service Management | Updated Service Properties |
Service Management | Deleted Service Properties |
Service Management | Renew Certificate |
Service Management | SMTP Configuration |
Service Management | SAML Configuration |
Saved Views | Saved view shared |
Saved Views | Saved view deleted |
Saved Views | Saved view shared |
Saved Views | Saved view deleted |
Service Groups | Cloud service(s) added to Service Group |
Users | User logged in |
Users | User logged out |
Users | User login failed |
Users | User entered Captcha |
Users | User clicked forgot password |
Users | User password reset attempt (Success) |
Users | User password reset attempt (Failure) |
Users | User changed a password |
Watchlists | Users added to watchlist |
Uncategorized | Application Navigation |
Uncategorized | Enterprise Dashboard Show More View |
Uncategorized | Enterprise Dashboard Show Less View |
Uncategorized | Show Service Details |
Uncategorized | View Managed Services |
Uncategorized | Show Anomalies |
Uncategorized | Create an Anomaly Exception Rule |
Uncategorized | Delete an Anomaly Exception Rule |
Uncategorized | Setting a New Anomaly Threshold |
Uncategorized | Bundle Pushed to Proxy |
Uncategorized | Default Bundle Pushed to Proxy |
Uncategorized | On-Demand Scan |
Uncategorized | Quarantine Management |
Uncategorized | Manual Remediation |
Uncategorized | User Management Action |
Uncategorized | User Clicked Download Script |
Uncategorized | Manual Upload Started |
Uncategorized | Manual Upload Failed |
Uncategorized | Edit Settings for Data Feed |
Uncategorized | Risk Scoring Model Change |
Uncategorized | Threat Protection |
DLP Classifications | Classification created |
DLP Classifications | Classification deleted |
DLP Classifications | Classification updated |