Keeping track of what's happening within a larger organization's setup can be hard. Sometimes there are changes that you weren't expecting or perhaps you spot something that just doesn't seem right. Was it deliberate? By accident? Or even malicious?
Having a log of what changes were made and who made them is key to gaining insight into exactly what happened.
We're excited to share that as of today, customers can now view and export audit logs of important actions to do just that!
Our audit logs track actions taken within your organization such as user changes, role alterations, workflow edits, and the installation or removal of integrations. We also track when users are granted access to private incidents and even when users attempt to access incidents they are not permitted to.
You can see a full list of the events we currently track by reading the audit logs section in our API documentation.
Each audit log entry will be made up of a simple schema detailing:
There are a number of ways to view your audit logs either via our simple UI, exporting to CSV, or even streaming events into your Security Incident and Event Management (SIEM) provider such as Datadog, Splunk, or AWS S3.
For more information on how to get access audit logs, the types and schema of events, and setting up your own SIEM integration please refer to our help centre article.
Policies can now be configured to warn you about upcoming violations, before they happen. This is optional configuration that will nudge the policy's responsible user via a direct Slack message, and highlight upcoming policy violations within the web dashboard.