ThreatKey's audit logs provide visibility into user and system activity occurring within your ThreatKey instance. All major events like users signing in, users accessing data, and users changing configurations are logged for auditing and troubleshooting purposes.
Accessing the audit logs via the API
You can reach out to our support team to request access to the audit logs via the API. You will need to be on the Enterprise plan to access the API at a higher rate limit.
Filters can be applied to narrow down the results by:
- User
- Action type
- IP address
- Timeframe
The log displays important details on each event:
- Timestamp
- User
- Action
- IP address
- Affected object
Logs can be exported as a CSV file for offline review and analysis upon request.
Use cases
Typical use cases for the audit logs include:
- Reviewing user activity and access
- Change management audits
- Troubleshooting platform issues
- Correlating events with security incidents
- Compliance and auditing for standards like SOC2
Audit logs provide vital oversight into the ThreatKey platform. Consult these logs to monitor user actions and ensure proper use of the system.
Additional resources
For more help with audit logs and platform monitoring, see:
- Audit log FAQs
- Platform security guide
- Contact our support team