Audit Logs

the audit logs provides a complete record of actions performed by members of your organization across the flare platform and through api each log entry captures the date and time of the action, who performed it, the type of resource affected, the action performed, and the tenant where it occurred the audit logs can be used to investigate platform activity and trace specific actions back to individual users support compliance requirements by maintaining a tamper evident record of platform events maintain accountability across your organization by monitoring how members interact with sensitive data and platform resources viewing the audit logs audit logs are accessible to organization admins only to access the audit logs, navigate to organization >audit logs , and then click audit logs the audit logs display the following information date the date and time the action was performed performed by the user who performed the action type the kind of resource affected, such as user, identifier, tenant, or global search action the action that was performed tenant the tenant where the action was performed clicking on any log entry opens a details panel showing a full breakdown of the action the panel is divided into two sections metadata displays the core details of the event, including the date and time, the user who performed the action, the type, the action taken, the tenant, the originating ip address, and whether the action came from the platform ui or the api audit event json data displays the raw event payload, providing additional context about the specific resource affected the fields vary depending on the event type data retention audit log entries are retained for one year, and any data older than a year is deleted from our system you may export audit logs docid\ iuroor uuh1f318v4boqy to maintain historical data searching and filtering the audit logs provide a search bar that allows you to quickly search for keywords within the logs the logs can be also filtered by the following fields type the kind of resource being accessed, such as an alert, credential, identifier, user, organization, or tenant action what happened to the resource created a new resource was added to the platform, such as a new alert, identifier, or tenant updated an existing resource was modified, such as a change to organization settings or editing an identifier deleted a resource was permanently removed from the platform viewed a resource was accessed or opened without any changes being made source whether the action was performed through the flare platform interface or via the api date a start and end range, including time, limited to the past year performed by the user who performed the action select any organization member, or system for events triggered by flare's automated processes tenant the tenant where the action was performed click clear to remove any applied filters and return to the full list this will reset all active filters and restore the default view of the audit logs sharing audit logs once you have applied your desired search terms or filters, the url in your browser automatically updates to reflect your current view you can copy and share this url to give others a direct link to the same results without them needing to manually recreate the same view exporting audit logs audit logs can be exported as a csv file any filters applied to the current view are reflected in the export, so scope your results first if you need a specific subset of the logs follow these steps to export the audit logs apply any filters or search terms to narrow the results if needed click the export csv button in the top right corner review the number of logs shown in the confirmation dialog click ok to download the file, or cancel to go back tracked events the audit logs tracks actions across all major areas of the platform each event is categorized by type, making it straightforward to filter activity by a specific area when investigating changes or reviewing platform usage alerts tracks when alerts are created, edited, or deleted across the platform alert channels tracks when alert channels are created, edited, deleted, or viewed useful for auditing changes to your notification configuration credentials tracks searches performed in the credential browser and credential validation actions against an identity provider useful for monitoring who is querying credential data and when events tracks when monitored resources are viewed, remediated, unremediated, ignored, or unignored useful for auditing how your team is responding to alerts and managing their workload identifiers tracks the full lifecycle of identifiers, including creation, edits, deletion, merging, and grouping, as well as any alerts or recommendation actions associated with them integrations tracks actions performed against an integrated identity provider, including disabling accounts, marking accounts as compromised, revoking sessions, and validating credentials organization tracks changes to organization settings and member management, including permission edits, member creation, and enabling or disabling accounts global search tracks global search activity across the platform tenants tracks the creation and deletion of tenants, changes to tenant settings, and member and integration management within each tenant other covers additional platform activity including asset authorization requests, and sandbox submission activity