Use the Audit Log

The Audit Log allows you to track BigPanda configuration changes from within the UI.

When multiple users are working in the BigPanda platform, it’s vital to see historic information on system configuration changes. The Audit Log enables BigPanda admins to keep track of configuration change actions across the BigPanda platform. Using the Audit Log, admins can search for specific actions and filter the list of actions based on criteria such as timeframe, users, and action categories.

BigPanda audit logs reports on Create, Update, and Delete actions for these resources:

  • Alert Correlation
  • AutoShare
  • Environment
  • User Management
  • Alert Enrichment

Actions are added to the audit log in near real-time, appearing as the action is completed in the system.

🚧

Caution

Audit logs track changes to specific fields for each resource. Changes to other fields (such as a permissions change for an environment) will not be visible in the audit log.

👍

Tip

Additional resources within BigPanda will be coming to the audit logs soon.

The Audit Log

The Audit Log

Audit Logs can also be accessed via API. See the Audit Logs API documentation for more information.

Key features

  • View a list of configuration changes and actions that occurred within BigPanda.
  • Determine which user made a configuration change to the system.
  • Sort and drill down into specific actions
  • Filter logs and search for a specific action.

Relevant Permissions

Roles with the following permissions can access the Audit Logs screen:

NameDescription
Audit logsView the Audit Log in BigPanda Settings and the Audit Log API.

Permission access levels can be adjusted by selecting either View or Full Access. To learn more about how BigPanda's permissions work, see the  Roles Management guide.

View the Audit Log

The Audit Log can be accessed from within BigPanda at Settings > Audit Log. The following information appears in the Audit Log screen:

FieldDescription
UserThe name and email address of the user associated with the action.
ActionThe action that took place. Possible actions include Created, Updated, or Deleted.
CategoryThe screen in BigPanda where the action took place.
Object NameThe name of the object that was changed as part of the action.
DateThe date and time that the action took place.

To view additional details, click any action in the list on the Audit Log page. Detailed information about the changed object and the user who made the change appears on the page.

Audit Log Details

Audit Log Details

Filter

The Audit Log can be filtered by User, Action, Category, Object Name, or Date to adjust your results.

To filter the Audit Log, select one of the options above the Audit Log table. Depending upon the filter selected, choose an option from the drop-down menu, or type into the box to narrow the results. Multiple filters can be applied at the same time.

To remove all filters, click Clear All.

Sort

The Audit Log can be filtered by User, Action, Category, Object Name, or Date to change the order of your results. From within the Audit Log table, select one of the options from the top of each column to change the sort order.

Sort is turned off when you are drilled down into a log. To change sort options for the list, collapse the selected log by clicking the down arrow in the log detail ribbon.

User Information

At the bottom of the details of each action, information about the BigPanda user who made the change appears. The following information about the user is available:

FieldDescription
User NameThe name of the user.
EmailThe user’s email address
IP AddressThe user’s IP address.
User AgentThe browser and version that was used when the change occurred.

Available Resources

Audit logs track actions taken on individual resources within BigPanda. The following resources are available to track via the audit log:

Alert Correlation

Correlation patterns allow you to correlate related alerts into incidents for visibility into high-level, actionable issues. For more information, see Manage Alert Correlation.

FieldDescription
CategoryThe name of the resource.
Object NameThe correlation pattern associated with the action.
ActionThe type of action that occurred, along with the date and time it happened.
Correlation Pattern IDSystem-generated unique identifier for the correlation pattern.
StatusIndicates whether the correlation pattern is Active or Inactive.
Cross SourceDetermines if alerts can be correlated from different source systems into the same incident.
Correlation TagsThe tag names used to correlate alerts with matching values.
Time WindowMaximum duration between the start time of correlated alerts in minutes.
Query FilterA BPQL query to filter incoming alerts. Only matched alerts will be correlated based on the pattern.
DescriptionA description of the correlation pattern.

AutoShare

AutoShare rules can be configured to share BigPanda incidents through email or integrated channels to notify your team of critical issues, automatically create tickets, or loop in team members who don’t use BigPanda. See Manage AutoShare for more information.

FieldDescription
CategoryThe name of the resource.
Object NameThe sharing channel associated with the action.
ActionThe type of action that occurred, along with the date and time it happened.
AutoShare IDSystem-generated unique identifier for the AutoShare rule
StatusIndicates whether the environment is Active or Inactive.
EnvironmentThe environment that the incident was shared from.
Share ViaThe sharing channel that the incident was shared to.
Personal messageAn optional note adding context to the AutoShare rule.

Environment

Environments group related incidents together for improved automation and visibility. See Manage Environments for more information.

FieldDescription
CategoryThe name of the resource.
Object NameThe environment associated with the action.
ActionThe type of action that occurred, along with the date and time it happened.
Environment IDSystem-generated unique identifier for the environment
StatusIndicates whether the environment is Active or Inactive.
Environment nameThe name of the environment as displayed in the BigPanda UI
ConditionA BPQL query to filter incoming incidents. Only matched incidents will be placed in the environment.

Integrations

Integrations allow you to shorten and automate incident triage by creating high quality alerts and actionable incidents. For more information, see Integrate with BigPanda.

FieldDescription
CategoryThe name of the resource.
Object NameThe integration associated with the action.
ActionThe type of action that occurred, along with the date and time it happened.
Target System IDName that uniquely defines an integration.
Stream IDSystem-generated unique app_key for the integration.
StatusIndicates whether the integration is Active or Inactive.
OrganizationThe name of the BigPanda Organization where the update occurred.
ChangesList of updated configuration properties.

User Management

User management allows administrators to manage who can access your organization's data in BigPanda. See User Management for more information.

FieldDescription
CategoryThe name of the resource.
Object NameThe user name associated with the action.
ActionThe type of action that occurred, along with the date and time it happened.
User IDUnique system identifier for the user.
StatusIndicates the user’s status in the system. Statuses include Active or Pending.
User NameThe name of the user as displayed in the BigPanda UI.
EmailThe email address associated with the user.

Alert Enrichment

Enrichment is the process of adding contextual information to alerts in BigPanda. See Manage Alert Enrichment for more information.

Alert Enrichment Audit logs report on several sub-objects including:

  • Tag
  • Tags Order
  • Tag Enrichments
  • Tag Enrichments Order
  • Mapping Enrichment
  • Mapping Table Upload

Tag

FieldDescription
CategoryThe name of the resource.
Object NameThe name of the tag.
ActionThe type of action that occurred, along with the date and time it happened.
Tag IDThe name of the tag in BigPanda.
StatusIndicates the tag’s status in the system. Statuses include Active, Inactive, or Deleted.
Function TypeAutomatic Enrichment rule type. Function types include Composition, Extraction, Mapping, or Mixed.
Execution OrderNumber indicating the tag’s place in the execution order.
Automatic EnrichmentClick undefined to view additional information about the enrichment items.

Tags Order

FieldDescription
CategoryThe name of the resource.
Object NameThe name of the tag
ActionThe type of action that occurred, along with the date and time it happened.
Tags Order IDThe tag order ID.
StatusIndicates the tag’s status in the system. Statuses include Active, Inactive, or Deleted.

Tag Enrichments

FieldDescription
CategoryThe name of the resource.
Object NameThe name of the enrichment item.
ActionThe type of action that occurred, along with the date and time it happened.
Tag Enrichments IDThe tag enrichment ID.
StatusIndicates the tag’s status in the system. Statuses include Active, Inactive, or Deleted.
Function TypeAutomatic Enrichment rule type. Function types include Composition or Extraction.
Automatic EnrichmentClick undefined to view additional information about the enrichment items.

Tag Enrichments Order

FieldDescription
CategoryThe name of the resource.
Object NameThe name of the enrichment item.
ActionThe type of action that occurred, along with the date and time it happened.
Tag Enrichments Order IDThe tag enrichment order ID.
StatusIndicates the tag’s status in the system. Statuses include Active, Inactive, or Deleted.

Mapping Enrichment

FieldDescription
CategoryThe name of the resource.
Object NameThe name of the map.
ActionThe type of action that occurred, along with the date and time it happened.
Mapping Enrichment IDThe tag mapping enrichment ID.
StatusIndicates the tag’s status in the system. Statuses include Active, Inactive, or Deleted.

Mapping Table Upload

FieldDescription
CategoryThe name of the resource.
Object NameThe name of the map.
ActionThe type of action that occurred, along with the date and time it happened.
Mapping Table Upload IDThe mapping table upload ID.
StatusIndicates the tag’s status in the system. Statuses include Active, Inactive, or Deleted.