Audit Logging
WITHIN SPYCLOUD INVESTIGATIONS MODULE
🧭 Overview
Audit Logging in SpyCloud’s console allows you to track and review user activity across your organization. Each provisioned module generates specific audit events, providing transparency into who performed which actions and when.
🧰 Audit Logging at a Glance
Prerequisite: Admin Role
Log Retention: 12 months (rolling basis). Older logs are purged automatically.
📊 Viewing Audit Logs
- Go to Configuration → Audit Log.
- Review the table of recorded user actions.
| Field | Description |
|---|---|
| 👤 User | Who performed the action |
| ⚙️ Operation | Action performed |
| 🧩 Module | Feature or system area |
| 🕒 Timestamp | When it happened |
Click any row to view raw event data, including:
- Timestamp
- User name & email
- Organization
- IP address
- User agent
These details help you perform internal investigations or meet compliance requirements.
👇AUDIT LOGGING TABLE
👇DETAILED VIEW OF AUDIT LOGS
📤 Exporting Logs
Use filters to narrow down by user, date, or module – then export for compliance or offline analysis.
Note: Logs older than 12 months are automatically deleted.
🧠 After Setup
Once you’ve reviewed or exported Audit logs:
- Filter by user or module to find trends.
- Export for compliance or review.
- Combine with SIEM tools for advanced correlation.
Updated 4 days ago