When an administrator makes changes to a BloxOne Threat Defense Cloud configuration through the UI or API, the configuration changes are logged in the audit log. Logged configuration information includes the username of the person updating or modifying the configuration, the IP address from where the configuration changes originated, the object name or configuration option being changed, such as named lists, bypass lists, DNS forwarding proxy, internal domains, enabling and disabling of apps on an on-prem host, etc., and the new configuration values. Audit logs may be viewed, sorted, and downloaded from the Cloud Services Platform. A copy of the audit log can be downloaded in CSV format.
Viewing Audit Logs
The Cloud Services Portal displays audit logs so you can view administrative activities performed by specific user accounts.
To view the audit logs, do the following:
- From the Cloud Services Portal, click Administration -> Logs -> Audit Logs.
- On the Audit Logs page, the Cloud Services Portal displays the following information:
TIMESTAMP: The UTC timestamp when the user performed the specific task.
USER: The name of the user account that performed the task.
- SOURCE IP: The IP address of the source destination.
RESOURCE TYPE: The resource with which the performed task was associated. For example, if a user performed a specific task to to an on-prem host, this field displays the name of the host.
- RESOURCE ID: The ID for the resource type.
ACTION: The specific action that was performed by the user. For example, if a user updated a the configuration of the on-prem host, this field displays Update; and if a user deleted tags on an on-prem host, this fields displays Delete.
RESULT: The outcome of the performed task.
DETAILS: Details about the performed task.
Downloading Audit Logs
To download audit logs, do the following:
From the Cloud Services Portal, click Administration -> Logs -> Audit Logs.
On the Audit Logs page in CSV format, click Download located below the top task bar. The download file is called auditlog-(followed by the start date and end date in UTC format). For example, auditlog-10-04-2019, 07-07-06 PM UTC.csv.
You can also do the following on this page:
Clickto select the columns to be displayed or reorder the columns.
Enter the value that you want to search in the Search text box. The application displays the list of audit logs matching the keyword in the text box.
Clickto filter the objects by any of the column headings. Click + to apply one or more filtering criteria.
To export a copy of the audit logs, click the Download button to export to a CSV file. The download file is named auditlog-(followed by the start date and end date in UTC format). For example, auditlog-10-04-2019, 07-07-06 PM UTC.csv.
To refresh the page, click on the Refresh button.
This page has no comments.