The Security Audit Log provides account administrators a way to monitor any changes or logins made to their account.
It can be accessed by navigating to Account > Security Audit in the left menu.
This report will show any actions that have been performed in the account, including logins, user deletions, alarm creations, and much more.
Just like with other reports, we can filter this report based on time as well as export the report to a CSV file.
The Security Audit Log also has the ability to create an alarm based on certain conditions. We can create one of these alarms either by going to Alarms and selecting "Security Audit" when making a new alarm or by clicking on "Create Alarm" at the top of the log.
The alarm creation page for the Security Audit is very similar to a normal Activity Alarm, with a few tweaks.
The interface is very similar, but the fields we can set to trigger the alarm are different:
- ActivTrak ID: This is the login for the user, i.e., firstname.lastname@example.org
- Public IP Address: The public internet protocol address a user logged in from
- Description: A detailed description of the activity performed (logged in, deleted users, etc).
- Event: The Activity performed.
- Action Type: The type of action taken (logging in, deleting something, creating, etc).
For example, if we wanted an alarm set to trigger whenever something (be it users, screenshots, alarms, etc) is deleted we would use the following:
Now that the alarm triggers have been set, the action taken must be configured.
Unlike an Activity Alarm, the Security Audit Alarm only has one available action, sending an email.
The subject and email bodies can both be filled with fields that will change based on who triggers the alarm and when it is done.
The Security Audit Log is available as part of the Advanced Plan.