Use the Audit Log
The Audit Log allows you to track BigPanda configuration changes from within the UI.
When multiple users are working in the BigPanda platform, it’s vital to see historic information on system configuration changes. The Audit Log enables BigPanda admins to keep track of configuration change actions across the BigPanda platform. Using the Audit Log, admins can search for specific actions and filter the list of actions based on criteria such as timeframe, users, and action categories.
BigPanda audit logs reports on Create, Update, and Delete actions for these resources:
- Alert Correlation
- Alert Enrichment
- Alert Filtering
- API Keys
- AutoShare
- Environment
- Integrations
- JIT Provisioning
- Maintenance Plans
- Roles
- SAML Attribute Mapping
- SSO Configuration
- SSO Test
- User Management
Actions are added to the audit log in near real-time, appearing as the action is completed in the system.
Audit Log retention policy
BigPanda retains audit log data for the duration of your contract. See the Data Retention documentation for more information about retention policies.
Change tracking
Audit logs track changes to specific fields for each resource. Changes to other fields (such as a permissions change for an environment) will not be visible in the audit log.
Additional resources
Additional resources within BigPanda will be coming to the audit logs soon.
The Audit Log
Audit Logs can also be accessed via API. See the Audit Logs API documentation for more information.
Key features
- View a list of configuration changes and actions that occurred within BigPanda.
- Determine which user made a configuration change to the system.
- Sort and drill down into specific actions
- Filter logs and search for a specific action.
Relevant Permissions
Roles with the following permissions can access the Audit Logs screen:
| Field | Description |
|---|---|
| Audit logs | View the Audit Log in BigPanda Settings and the Audit Log API. |
Permission access levels can be adjusted by selecting either View or Full Access. To learn more about how BigPanda's permissions work, see the Roles Management guide.
View the Audit Log
The Audit Log can be accessed from within BigPanda at Settings > Audit Log. The following information appears in the Audit Log screen:
| Field | Description |
|---|---|
| User | The name and email address of the user associated with the action. |
| Action | The action that took place. Possible actions include Created, Updated, or Deleted. |
| Category | The screen in BigPanda where the action took place. |
| Object Name | The name of the object that was changed as part of the action. |
| Date | The date and time that the action took place. |
To view additional details, click any action in the list on the Audit Log page. Detailed information about the changed object and the user who made the change appears on the page.
Audit Log Details
Filter
The Audit Log can be filtered by User, Action, Category, Object Name, or Date to adjust your results.
To filter the Audit Log, select one of the options above the Audit Log table. Depending upon the filter selected, choose an option from the drop-down menu, or type into the box to narrow the results. Multiple filters can be applied at the same time.
To remove all filters, click Clear All.
Sort
The Audit Log can be filtered by User, Action, Category, Object Name, or Date to change the order of your results. From within the Audit Log table, select one of the options from the top of each column to change the sort order.
Sort is turned off when you are drilled down into a log. To change sort options for the list, collapse the selected log by clicking the down arrow in the log detail ribbon.
User Information
At the bottom of the details of each action, information about the BigPanda user who made the change appears. The following information about the user is available:
| Field | Description |
|---|---|
| User Name | The name of the user. |
| The user’s email address | |
| IP Address | The user’s IP address. |
| User Agent | The browser and version that was used when the change occurred. |
Available Resources
Audit logs track actions taken on individual resources within BigPanda. The following resources are available to track via the audit log:
Alert Correlation
Correlation patterns allow you to correlate related alerts into incidents for visibility into high-level, actionable issues. For more information, see Manage Alert Correlation.
| Field | Description |
|---|---|
| Category | The name of the resource. |
| Object Name | The correlation pattern associated with the action. |
| Action | The type of action that occurred, along with the date and time it happened. |
| Correlation Pattern ID | System-generated unique identifier for the correlation pattern. |
| Status | Indicates whether the correlation pattern is Active or Inactive. |
| Cross Source | Determines if alerts can be correlated from different source systems into the same incident. |
| Correlation Tags | The tag names used to correlate alerts with matching values. |
| Time Window | Maximum duration between the start time of correlated alerts in minutes. |
| Query Filter | A BPQL query to filter incoming alerts. Only matched alerts will be correlated based on the pattern. |
| Description | A description of the correlation pattern. |
Alert Enrichment
Enrichment is the process of adding contextual information to alerts in BigPanda. See Manage Alert Enrichment for more information.
Alert Enrichment Audit logs report on several sub-objects including:
- Tag
- Tags Order
- Tag Enrichments
- Tag Enrichments Order
- Mapping Enrichment
- Mapping Table Upload
Tag
| Field | Description |
|---|---|
| Category | The name of the resource. |
| Object Name | The name of the tag. |
| Action | The type of action that occurred, along with the date and time it happened. |
| Tag ID | The name of the tag in BigPanda. |
| Status | Indicates the tag’s status in the system. Statuses include Active, Inactive, or Deleted. |
| Function Type | Automatic Enrichment rule type. Function types include Composition, Extraction, Mapping, or Mixed. |
| Execution Order | Number indicating the tag’s place in the execution order. |
| Automatic Enrichment | Click View full details to view additional information about the enrichment items. |
Tags Order
| Field | Description |
|---|---|
| Category | The name of the resource. |
| Object Name | The name of the tag |
| Action | The type of action that occurred, along with the date and time it happened. |
| Tags Order ID | The tag order ID. |
| Status | Indicates the tag’s status in the system. Statuses include Active, Inactive, or Deleted. |
Tag Enrichments
| Field | Description |
|---|---|
| Category | The name of the resource. |
| Object Name | The name of the enrichment item. |
| Action | The type of action that occurred, along with the date and time it happened. |
| Tag Enrichments ID | The tag enrichment ID. |
| Status | Indicates the tag’s status in the system. Statuses include Active, Inactive, or Deleted. |
| Function Type | Automatic Enrichment rule type. Function types include Composition or Extraction. |
| Automatic Enrichment | Click View full details to view additional information about the enrichment items. |
Tag Enrichments Order
| Field | Description |
|---|---|
| Category | The name of the resource. |
| Object Name | The name of the enrichment item. |
| Action | The type of action that occurred, along with the date and time it happened. |
| Tag Enrichments Order ID | The tag enrichment order ID. |
| Status | Indicates the tag’s status in the system. Statuses include Active, Inactive, or Deleted. |
Mapping Enrichment
| Field | Description |
|---|---|
| Category | The name of the resource. |
| Object Name | The name of the map. |
| Action | The type of action that occurred, along with the date and time it happened. |
| Mapping Enrichment ID | The tag mapping enrichment ID. |
| Status | Indicates the tag’s status in the system. Statuses include Active, Inactive, or Deleted. |
Mapping Table Upload
| Field | Description |
|---|---|
| Category | The name of the resource. |
| Object Name | The name of the map. |
| Action | The type of action that occurred, along with the date and time it happened. |
| Mapping Table Upload ID | The mapping table upload ID. |
| Status | Indicates the tag’s status in the system. Statuses include Active, Inactive, or Deleted. |
Alert Filtering
Alert filtering allows you to prevent low-relevancy alerts from being correlated into incidents. See Manage Alert Filtering for more information.
| Field | Description |
|---|---|
| Category | The name of the resource. |
| Object Name | The name of the alert filter associated with the action. |
| Action | The type of action that occurred, along with the date and time it happened. |
| User | Unique system identifier for the user. |
| Alert Filtering ID | The ID for the alert filter associated with the action. |
| Status | Indicates whether the alert filter is currently active. |
| Filter Name | Name of the alert filter. |
| Time Window | Details of the alert filter's time window. |
API Keys
API Keys are used to securely authenticate calls to the BigPanda Public API.
| Field | Description |
|---|---|
| Category | The name of the resource. |
| Object Name | The name of the API key associated with the action. |
| Action | The type of action that occurred, along with the date and time it happened. |
| API Key ID | The system-generated ID associated with the API key. |
| Status | Indicates whether the API key is active or not. |
AutoShare
AutoShare rules can be configured to share BigPanda incidents through email or integrated channels to notify your team of critical issues, automatically create tickets, or loop in team members who don’t use BigPanda. See Manage AutoShare for more information.
| Field | Description |
|---|---|
| Category | The name of the resource. |
| Object Name | The sharing channel associated with the action. |
| Action | The type of action that occurred, along with the date and time it happened. |
| AutoShare ID | System-generated unique identifier for the AutoShare rule |
| Status | Indicates whether the environment is Active or Inactive. |
| Environment | The environment that the incident was shared from. |
| Share Via | The sharing channel that the incident was shared to. |
| Personal message | An optional note adding context to the AutoShare rule. |
Environment
Environments group related incidents together for improved automation and visibility. See Manage Environments for more information.
| Field | Description |
|---|---|
| Category | The name of the resource. |
| Object Name | The environment associated with the action. |
| Action | The type of action that occurred, along with the date and time it happened. |
| Environment ID | System-generated unique identifier for the environment |
| Status | Indicates whether the environment is Active or Inactive. |
| Environment name | The name of the environment as displayed in the BigPanda UI |
| Condition | A BPQL query to filter incoming incidents. Only matched incidents will be placed in the environment. |
Integrations
Integrations allow you to shorten and automate incident triage by creating high quality alerts and actionable incidents. For more information, see Integrate with BigPanda.
| Field | Description |
|---|---|
| Category | The name of the resource. |
| Object Name | The integration associated with the action. |
| Action | The type of action that occurred, along with the date and time it happened. |
| Target System ID | Name that uniquely defines an integration. |
| Stream ID | System-generated unique app_key for the integration. |
| Status | Indicates whether the integration is Active or Inactive. |
| Organization | The name of the BigPanda Organization where the update occurred. |
| Changes | List of updated configuration properties. |
JIT Provisioning
JIT Provisioning allows you to define the domains associated with your IdP, and select default BigPanda user roles for newly created accounts from each SSO domain.
| Field | Description |
|---|---|
| Category | The name of the resource. |
| Object Name | The configuration associated with the action. |
| Action | The type of action that occurred, along with the date and time it happened. |
| JIT Provisioning ID | The unique system-generated ID associated with the JIT mapping. |
| Status | Indicates whether the configuration is Active or Inactive. |
Maintenance Plans
Maintenance plans reduce unnecessary noise by marking and silencing alerts triggered by system maintenance. See Manage Planned Maintenance for more information.
| Field | Description |
|---|---|
| Category | The name of the resource. |
| Object Name | The name of the maintenance plan associated with the action. |
| Action | The type of action that occurred (Created, Updated, or Deleted), along with the date and time it happened. |
| User | Unique system identifier for the user. |
| Maintenance Plan ID | The ID for the maintenance plan associated with the action. |
| Status | Indicates the current status of the maintenance plan. |
| Plan Name | Name of the maintenance plan. |
| Time Window | Details of the maintenance plan's time window and whether or not it's recurring. |
Roles
Roles and permissions control the levels of access to different features in BigPanda.
| Field | Description |
|---|---|
| Category | The name of the resource. |
| Object Name | The name of the role associated with the action. |
| Action | The type of action that occurred, along with the date and time it happened. |
| Role ID | System-generated unique identifier for the role. |
| Status | Indicates whether the role is Active or Inactive. |
SAML Attribute Mapping
With SAML Attribute Mapping, you can use properties from your IdP to automatically map roles to an account in BigPanda whenever an existing user logs in.
| Field | Description |
|---|---|
| Category | The name of the resource. |
| Object Name | The name of the configuration associated with the action. |
| Action | The type of action that occurred, along with the date and time it happened. |
| JIT Provisioning ID | Unique system identifier for this mapping. |
| Status | Indicates whether the configuration is Active or Inactive. |
SSO Configuration
You can configure an SSO integration to manage your organization’s BigPanda users via a third-party identity provider. See Single Sign-On for more information.
| Field | Description |
|---|---|
| Category | The name of the resource. |
| Object Name | The name of the configuration associated with the action. |
| Action | The type of action that occurred, along with the date and time it happened. |
| SSO Configuration ID | The identity provider used in the SSO configuration. |
| Status | Indicates whether the SSO configuration is Active or Inactive. |
SSO Test
SSO Test tracks when a user tests the SSO connection from the Single Sign-On screen during the configuration process.
| Field | Description |
|---|---|
| Category | The name of the resource. |
| Object Name | The name of the configuration associated with the action. |
| Action | The type of action that occurred, along with the date and time it happened. |
| SSO Test ID | The name of the SSO provider. |
| Status | The status of the SSO configuration. |
User Management
User management allows administrators to manage who can access your organization's data in BigPanda. See User Management for more information.
| Field | Description |
|---|---|
| Category | The name of the resource. |
| Object Name | The user name associated with the action. |
| Action | The type of action that occurred, along with the date and time it happened. |
| User ID | Unique system identifier for the user. |
| Status | Indicates the user’s status in the system. Statuses include Active or Pending. |
| User Name | The name of the user as displayed in the BigPanda UI. |
| The email address associated with the user. |
Updated 4 months ago