![]() Click the container to view the container.Perform the following steps to download an audit trail for a container: Click Audit Trail to download a CSV file containing the audit information for this playbook.Perform the following steps to download an audit trail for a playbook: Users can access audit information in two places: on the page for a playbook and on the Investigation page for a container. The privileges for each of the items are as follows:Įnable the audit trail for individual objects Attempting to download with the Audit Type section set to All results in an error.Ī user with only some of the required privileges can switch to Custom and select only the items they have the rights to access. With only the View System Settings privilege, the user can't access all audit items. If they want to view or change anything under the Manage Audit Trail, then they also need the Edit System Settings privilege. In order to access the Audit Trail page, users must have a role with the View System Settings privilege. ![]() Required privileges for enabling audit trail See Accessing Audit Data in the REST API Reference for more information. In other words, the logs treat the role like a user group, and shows events for those users in it. Second, the logs show audit events for users currently in that group. First, creating a role or changing permissions in it shows up as audit events for that role. User1%1Euser2 Export audit logs for roles For example, if you want to specify user1 and user2: You can download audit logs for multiple users. Other categories might let you pick from a list, such as Users. ![]() When you download the audit logs, you receive only audit events for the container specified instead of all containers. Click Download to download the CSV file.Įxporting audit logs for multiple users adds a new input field where you can specify a container to report on.Click Custom in the Audit Range Time Frame field to configure a specific date range. By default, the audit trail from the last 30 days is downloaded.Only the audit trail for this specific container is downloaded. Specify the container ID, such as 123456.In the drop-down list for Containers, select Custom.From the Audit Trail page in the Audit Type section, click Custom.This example exports the CSV file for a specific container. Click the Container toggle to enable audit tracking for containers.From the Main Menu, select Administration.This example shows you how to configure audit logging for containers and download a CSV file.įirst, enable audit logging for containers: Perform the following steps to export audit events to a CSV file for download. To export audit logs for a particular product, make sure you enabled audit tracking for that product area.Īfter you enable audit logging, use the rest of the Audit Trail to configure the audit logs you want to download as a CSV file. Splunk Phantom immediately starts tracking audit events for the selected items.Įven when the audit categories are disabled, Splunk Phantom automatically tracks events such as action and playbook runs and logs them as audit events. Select the product areas for which you want to enable audit tracking.From the main menu, select Administration. ![]() Perform the following tasks to enable audit trail tracking in Splunk Phantom: Once enabled, audit trail logs can be downloaded and included as evidence in an investigation, or analyzed when troubleshooting an issue.īy default, all audit tracking in Splunk Phantom is disabled. Enable and download audit trail logs in Splunk PhantomĮnable audit trail logging to help you track the activities of various components in Splunk Phantom. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |