Use the Audit Log
The Audit Log allows you to track BigPanda configuration changes from within the UI.
When multiple users are working in the BigPanda platform, it’s vital to see historic information on system configuration changes. The Audit Log enables BigPanda admins to keep track of configuration change actions across the BigPanda platform. Using the Audit Log, admins can search for specific actions and filter the list of actions based on criteria such as timeframe, users, and action categories.
BigPanda audit logs reports on Create, Update, and Delete actions for these resources:
- Alert Correlation
- AutoShare
- Environment
- User Management
- Alert Enrichment
Actions are added to the audit log in near real-time, appearing as the action is completed in the system.
Audit logs track changes to specific fields for each resource. Changes to other fields (such as a permissions change for an environment) will not be visible in the audit log.
Additional resources within BigPanda will be coming to the audit logs soon.
The Audit Log
Audit Logs can also be accessed via API. See the Audit Logs API documentation for more information.
Key Features
- View a list of configuration changes and actions that occurred within BigPanda.
- Determine which user made a configuration change to the system.
- Sort and drill down into specific actions.
- Filter logs and search for a specific action.
Permissions
Roles with the following permissions can access the Audit Logs screen:
| Name | Description |
|---|---|
| Audit_logs_Read | Read only - View the Audit Log page |
| Audit_logs_full_access | Full access - View the Audit Log page |
To learn more about how BigPanda's permissions work, see the Roles Management guide.
View the Audit Log
The Audit Log can be accessed from within BigPanda at Settings > Audit Log. The following information appears in the Audit Log screen:
| Field | Description |
|---|---|
| User | The name and email address of the user associated with the action. |
| Action | The action that took place. Possible actions include Created, Updated, or Deleted. |
| Category | The screen in BigPanda where the action took place. |
| Object Name | The name of the object that was changed as part of the action. |
| Date | The date and time that the action took place. |
To view additional details, click any action in the list on the Audit Log page. Detailed information about the changed object and the user who made the change appears on the page.
Audit Log Details
Filter
The Audit Log can be filtered by User, Action, Category, Object Name, or Date to adjust your results.
To filter the Audit Log, select one of the options above the Audit Log table. Depending upon the filter selected, choose an option from the drop-down menu, or type into the box to narrow the results. Multiple filters can be applied at the same time.
To remove all filters, click Clear All.
Sort
The Audit Log can be filtered by User, Action, Category, Object Name, or Date to change the order of your results. From within the Audit Log table, select one of the options from the top of each column to change the sort order.
Sort is turned off when you are drilled down into a log. To change sort options for the list, collapse the selected log by clicking the down arrow in the log detail ribbon.
User Information
At the bottom of the details of each action, information about the BigPanda user who made the change appears. The following information about the user is available:
| Field | Description |
|---|---|
| User Name | The name of the user. |
| The user’s email address | |
| IP Address | The user’s IP address. |
| User Agent | The browser and version that was used when the change occurred. |
Available Resources
Audit logs track actions taken on individual resources within BigPanda. The following resources are available to track via the audit log:
Alert Correlation
Correlation patterns allow you to correlate related alerts into incidents for visibility into high-level, actionable issues. For more information, see Manage Alert Correlation.
| Field | Description |
|---|---|
| Category | The name of the resource. |
| Object Name | The correlation pattern associated with the action. |
| Action | The type of action that occurred, along with the date and time it happened. |
| Correlation Pattern ID | System-generated unique identifier for the correlation pattern. |
| Status | Indicates whether the correlation pattern is Active or Inactive. |
| Cross Source | Determines if alerts can be correlated from different source systems into the same incident. |
| Correlation Tags | The tag names used to correlate alerts with matching values. |
| Time Window | Maximum duration between the start time of correlated alerts in minutes. |
| Query Filter | A BPQL query to filter incoming alerts. Only matched alerts will be correlated based on the pattern. |
| Description | A description of the correlation pattern. |
AutoShare
AutoShare rules can be configured to share BigPanda incidents through email or integrated channels to notify your team of critical issues, automatically create tickets, or loop in team members who don’t use BigPanda. See Manage AutoShare for more information.
| Field | Description |
|---|---|
| Category | The name of the resource. |
| Object Name | The sharing channel associated with the action. |
| Action | The type of action that occurred, along with the date and time it happened. |
| AutoShare ID | System-generated unique identifier for the AutoShare rule |
| Status | Indicates whether the environment is Active or Inactive. |
| Environment | The environment that the incident was shared from. |
| Share Via | The sharing channel that the incident was shared to. |
| Personal message | An optional note adding context to the AutoShare rule. |
Environment
Environments group related incidents together for improved automation and visibility. See Manage Environments for more information.
| Field | Description |
|---|---|
| Category | The name of the resource. |
| Object Name | The environment associated with the action. |
| Action | The type of action that occurred, along with the date and time it happened. |
| Environment ID | System-generated unique identifier for the environment |
| Status | Indicates whether the environment is Active or Inactive. |
| Environment name | The name of the environment as displayed in the BigPanda UI |
| Condition | A BPQL query to filter incoming incidents. Only matched incidents will be placed in the environment. |
User Management
User management allows administrators to manage who can access your organization's data in BigPanda. See User Management for more information.
| Field | Description |
|---|---|
| Category | The name of the resource. |
| Object Name | The user name associated with the action. |
| Action | The type of action that occurred, along with the date and time it happened. |
| User ID | Unique system identifier for the user. |
| Status | Indicates the user’s status in the system. Statuses include Active or Pending. |
| User Name | The name of the user as displayed in the BigPanda UI. |
| The email address associated with the user. |
Alert Enrichment
Enrichment is the process of adding contextual information to alerts in BigPanda. See Manage Alert Enrichment for more information.
Alert Enrichment Audit logs report on several sub-objects including:
- Tag
- Tags Order
- Tag Enrichments
- Tag Enrichments Order
- Mapping Enrichment
- Mapping Table Upload
Tag
| Field | Description |
|---|---|
| Category | The name of the resource. |
| Object Name | The name of the tag. |
| Action | The type of action that occurred, along with the date and time it happened. |
| Tag ID | The name of the tag in BigPanda. |
| Status | Indicates the tag’s status in the system. Statuses include Active, Inactive, or Deleted. |
| Function Type | Automatic Enrichment rule type. Function types include Composition, Extraction, Mapping, or Mixed. |
| Execution Order | Number indicating the tag’s place in the execution order. |
| Automatic Enrichment | Click View full details to view additional information about the enrichment items. |
Tags Order
| Field | Description |
|---|---|
| Category | The name of the resource. |
| Object Name | The name of the tag |
| Action | The type of action that occurred, along with the date and time it happened. |
| Tags Order ID | The tag order ID. |
| Status | Indicates the tag’s status in the system. Statuses include Active, Inactive, or Deleted. |
Tag Enrichments
| Field | Description |
|---|---|
| Category | The name of the resource. |
| Object Name | The name of the enrichment item. |
| Action | The type of action that occurred, along with the date and time it happened. |
| Tag Enrichments ID | The tag enrichment ID. |
| Status | Indicates the tag’s status in the system. Statuses include Active, Inactive, or Deleted. |
| Function Type | Automatic Enrichment rule type. Function types include Composition or Extraction. |
| Automatic Enrichment | Click View full details to view additional information about the enrichment items. |
Tag Enrichments Order
| Field | Description |
|---|---|
| Category | The name of the resource. |
| Object Name | The name of the enrichment item. |
| Action | The type of action that occurred, along with the date and time it happened. |
| Tag Enrichments Order ID | The tag enrichment order ID. |
| Status | Indicates the tag’s status in the system. Statuses include Active, Inactive, or Deleted. |
Mapping Enrichment
| Field | Description |
|---|---|
| Category | The name of the resource. |
| Object Name | The name of the map. |
| Action | The type of action that occurred, along with the date and time it happened. |
| Mapping Enrichment ID | The tag mapping enrichment ID. |
| Status | Indicates the tag’s status in the system. Statuses include Active, Inactive, or Deleted. |
Mapping Table Upload
| Field | Description |
|---|---|
| Category | The name of the resource. |
| Object Name | The name of the map. |
| Action | The type of action that occurred, along with the date and time it happened. |
| Mapping Table Upload ID | The mapping table upload ID. |
| Status | Indicates the tag’s status in the system. Statuses include Active, Inactive, or Deleted. |
Updated about 1 month ago