ThreatKey Audit Logs provide a record of activity within the ThreatKey platform. These logs can be used to track user activity, monitor system performance, and identify security issues.
ThreatKey Audit Logs capture a wide range of activity within the platform, including:
- User login and logout events
- Changes to user accounts, including password resets and permissions changes
- Changes to system configurations, such as adding or removing integrations
- Activity within individual sources, such as generating or deleting findings
- Certain System performance metrics, such as API response times and resource usage
Viewing Audit Logs
To access the Audit Logs, log in to the ThreatKey platform and navigate to the "Audit Logs" page under the "Administration" menu. From this page, you can view the full log of activity within the platform, filter the log by activity type or user, and export the log to a CSV file for further analysis.
Retention and Security
ThreatKey Audit Logs are retained for a custom period of days depending on your account type. After this time, they are deleted to ensure system performance and to comply with data retention regulations.
ThreatKey Audit Logs are stored in a secure, encrypted format and can only be accessed by users with the appropriate permissions. It is important to ensure that only authorized users have access to the Audit Logs, as they may contain sensitive information.
Auditing Best Practices
To get the most out of the ThreatKey Audit Logs, it is recommended to:
- Regularly review the logs to identify any potential security issues or unusual activity
- Set up alerts for specific types of activity, such as changes to user permissions or system configurations
- Use the logs in conjunction with other security tools, such as intrusion detection systems, to get a complete picture of the security posture of your organization.
By following these best practices, you can use the ThreatKey Audit Logs to effectively monitor activity within the platform and ensure the security and integrity of your organization's data.