When multiple users are working in the BigPanda platform, it’s vital to see historic information on system configuration changes. The Audit Log enables BigPanda admins to keep track of configuration change actions across the BigPanda platform. Using the Audit Log, admins can search for specific actions and filter the list of actions based on criteria such as timeframe, users, and action categories.

BigPanda audit logs reports on Create, Update, and Delete actions for these resources:

Alert Correlation
AutoShare
Environment
User Management
Alert Enrichment

Actions are added to the audit log in near real-time, appearing as the action is completed in the system.

🚧
Audit logs track changes to specific fields for each resource. Changes to other fields (such as a permissions change for an environment) will not be visible in the audit log.

👍
Additional resources within BigPanda will be coming to the audit logs soon.

Audit Logs can also be accessed via API. See the Audit Logs API documentation for more information.

Key Features

View a list of configuration changes and actions that occurred within BigPanda.
Determine which user made a configuration change to the system.
Sort and drill down into specific actions.
Filter logs and search for a specific action.

Permissions

Roles with the following permission can access the Audit Logs screen:

Name	Description
Audit Logs	View the Audit Log in BigPanda Settings and the Audit Lot API.

Permission access levels can be adjusted by selecting either View or Full Access. To learn more about how BigPanda's permissions work, see the Roles Management guide.

View the Audit Log

The Audit Log can be accessed from within BigPanda at Settings > Audit Log. The following information appears in the Audit Log screen:

Field	Description
User	The name and email address of the user associated with the action.
Action	The action that took place. Possible actions include Created, Updated, or Deleted.
Category	The screen in BigPanda where the action took place.
Object Name	The name of the object that was changed as part of the action.
Date	The date and time that the action took place.

To view additional details, click any action in the list on the Audit Log page. Detailed information about the changed object and the user who made the change appears on the page.

Filter

The Audit Log can be filtered by User, Action, Category, Object Name, or Date to adjust your results.

To filter the Audit Log, select one of the options above the Audit Log table. Depending upon the filter selected, choose an option from the drop-down menu, or type into the box to narrow the results. Multiple filters can be applied at the same time.

To remove all filters, click Clear All.

Sort

The Audit Log can be filtered by User, Action, Category, Object Name, or Date to change the order of your results. From within the Audit Log table, select one of the options from the top of each column to change the sort order.

Sort is turned off when you are drilled down into a log. To change sort options for the list, collapse the selected log by clicking the down arrow in the log detail ribbon.

User Information

At the bottom of the details of each action, information about the BigPanda user who made the change appears. The following information about the user is available:

Field	Description
User Name	The name of the user.
Email	The user’s email address
IP Address	The user’s IP address.
User Agent	The browser and version that was used when the change occurred.

Available Resources

Audit logs track actions taken on individual resources within BigPanda. The following resources are available to track via the audit log:

Alert Correlation

Correlation patterns allow you to correlate related alerts into incidents for visibility into high-level, actionable issues. For more information, see Manage Alert Correlation.

Field	Description
Category	The name of the resource.
Object Name	The correlation pattern associated with the action.
Action	The type of action that occurred, along with the date and time it happened.
Correlation Pattern ID	System-generated unique identifier for the correlation pattern.
Status	Indicates whether the correlation pattern is Active or Inactive.
Cross Source	Determines if alerts can be correlated from different source systems into the same incident.
Correlation Tags	The tag names used to correlate alerts with matching values.
Time Window	Maximum duration between the start time of correlated alerts in minutes.
Query Filter	A BPQL query to filter incoming alerts. Only matched alerts will be correlated based on the pattern.
Description	A description of the correlation pattern.

AutoShare

AutoShare rules can be configured to share BigPanda incidents through email or integrated channels to notify your team of critical issues, automatically create tickets, or loop in team members who don’t use BigPanda. See Manage AutoShare for more information.

Field	Description
Category	The name of the resource.
Object Name	The sharing channel associated with the action.
Action	The type of action that occurred, along with the date and time it happened.
AutoShare ID	System-generated unique identifier for the AutoShare rule
Status	Indicates whether the environment is Active or Inactive.
Environment	The environment that the incident was shared from.
Share Via	The sharing channel that the incident was shared to.
Personal message	An optional note adding context to the AutoShare rule.

Environment

Environments group related incidents together for improved automation and visibility. See Manage Environments for more information.

Field	Description
Category	The name of the resource.
Object Name	The environment associated with the action.
Action	The type of action that occurred, along with the date and time it happened.
Environment ID	System-generated unique identifier for the environment
Status	Indicates whether the environment is Active or Inactive.
Environment name	The name of the environment as displayed in the BigPanda UI
Condition	A BPQL query to filter incoming incidents. Only matched incidents will be placed in the environment.

User Management

User management allows administrators to manage who can access your organization's data in BigPanda. See User Management for more information.

Field	Description
Category	The name of the resource.
Object Name	The user name associated with the action.
Action	The type of action that occurred, along with the date and time it happened.
User ID	Unique system identifier for the user.
Status	Indicates the user’s status in the system. Statuses include Active or Pending.
User Name	The name of the user as displayed in the BigPanda UI.
Email	The email address associated with the user.

Alert Enrichment

Enrichment is the process of adding contextual information to alerts in BigPanda. See Manage Alert Enrichment for more information.

Alert Enrichment Audit logs report on several sub-objects including:

Tag
Tags Order
Tag Enrichments
Tag Enrichments Order
Mapping Enrichment
Mapping Table Upload

Tag

Field	Description
Category	The name of the resource.
Object Name	The name of the tag.
Action	The type of action that occurred, along with the date and time it happened.
Tag ID	The name of the tag in BigPanda.
Status	Indicates the tag’s status in the system. Statuses include Active, Inactive, or Deleted.
Function Type	Automatic Enrichment rule type. Function types include Composition, Extraction, Mapping, or Mixed.
Execution Order	Number indicating the tag’s place in the execution order.
Automatic Enrichment	Click View full details to view additional information about the enrichment items.

Tags Order

Field	Description
Category	The name of the resource.
Object Name	The name of the tag
Action	The type of action that occurred, along with the date and time it happened.
Tags Order ID	The tag order ID.
Status	Indicates the tag’s status in the system. Statuses include Active, Inactive, or Deleted.

Tag Enrichments

Field	Description
Category	The name of the resource.
Object Name	The name of the enrichment item.
Action	The type of action that occurred, along with the date and time it happened.
Tag Enrichments ID	The tag enrichment ID.
Status	Indicates the tag’s status in the system. Statuses include Active, Inactive, or Deleted.
Function Type	Automatic Enrichment rule type. Function types include Composition or Extraction.
Automatic Enrichment	Click View full details to view additional information about the enrichment items.

Tag Enrichments Order

Field	Description
Category	The name of the resource.
Object Name	The name of the enrichment item.
Action	The type of action that occurred, along with the date and time it happened.
Tag Enrichments Order ID	The tag enrichment order ID.
Status	Indicates the tag’s status in the system. Statuses include Active, Inactive, or Deleted.

Mapping Enrichment

Field	Description
Category	The name of the resource.
Object Name	The name of the map.
Action	The type of action that occurred, along with the date and time it happened.
Mapping Enrichment ID	The tag mapping enrichment ID.
Status	Indicates the tag’s status in the system. Statuses include Active, Inactive, or Deleted.

Mapping Table Upload

Field	Description
Category	The name of the resource.
Object Name	The name of the map.
Action	The type of action that occurred, along with the date and time it happened.
Mapping Table Upload ID	The mapping table upload ID.
Status	Indicates the tag’s status in the system. Statuses include Active, Inactive, or Deleted.