Skip to main content

Use the Audit Log

When multiple users are working in the BigPanda platform, it’s vital to see historic information on system configuration changes. The Audit Log enables BigPanda admins to keep track of configuration change actions across the BigPanda platform. Using the Audit Log, admins can search for specific actions and filter the list of actions based on criteria such as timeframe, users, and action categories.

BigPanda audit logs reports on Create, Update, and Delete actions for these resources:

  • Alert Correlation

  • Alert Enrichment

  • Alert Filtering

  • API Keys

  • AutoShare

  • Environments

  • Integrations

  • JIT Provisioning

  • Maintenance Plans

  • Roles

  • SAML Attribute Mapping

  • SSO Configuration

  • SSO Test

  • User Management

Actions are added to the audit log in near real-time, appearing as the action is completed in the system.

Audit Log retention

BigPanda retains audit log data for the duration of your contract. See the Data Retention documentation for more information about retention policies.

Change tracking

Audit logs track changes to specific fields for each resource. Changes to other fields (such as a permissions change for an environment) will not be visible in the audit log.

Coming soon

Additional resources within BigPanda will be coming to the audit logs soon.

https://files.readme.io/9327dbd-Audit_Log.png

Audit Logs can also be accessed via API. See the Audit Logs API documentation for more information.

Key features

  • View a list of configuration changes and actions that occurred within BigPanda.

  • Determine which user made a configuration change to the system.

  • Sort and drill down into specific actions

  • Filter logs and search for a specific action.

Relevant Permissions

Roles with the following permissions can access the Audit Logs screen:

Field

Description

Audit logs

View the Audit Log in BigPanda Settings and the Audit Log API.

Permission access levels can be adjusted by selecting either View or Full Access. To learn more about how BigPanda's permissions work, see the  Roles Management guide.

View the Audit Log

The Audit Log can be accessed from within BigPanda at Settings > Audit Log. The following information appears in the Audit Log screen:

Field

Description

User

The name and email address of the user associated with the action.

Action

The action that took place. Possible actions include Created, Updated, or Deleted.

Category

The screen in BigPanda where the action took place.

Object Name

The name of the object that was changed as part of the action.

Date

The date and time that the action took place.

To view additional details, click any action in the list on the Audit Log page. Detailed information about the changed object and the user who made the change appears on the page.

https://files.readme.io/4f0eb9e-Settings_AuditLog_DrillDown.png

Audit Log Details

Filter

The Audit Log can be filtered by User, Action, Category, Object Name, or Date to adjust your results.

To filter the Audit Log, select one of the options above the Audit Log table. Depending upon the filter selected, choose an option from the drop-down menu, or type into the box to narrow the results. Multiple filters can be applied at the same time.

To remove all filters, click Clear All.

Sort

The Audit Log can be filtered by User, Action, Category, Object Name, or Date to change the order of your results. From within the Audit Log table, select one of the options from the top of each column to change the sort order.

Sort is turned off when you are drilled down into a log. To change sort options for the list, collapse the selected log by clicking the down arrow in the log detail ribbon.

User Information

At the bottom of the details of each action, information about the BigPanda user who made the change appears. The following information about the user is available:

Field

Description

User Name

The name of the user.

Email

The user’s email address

IP Address

The user’s IP address.

User Agent

The browser and version that was used when the change occurred.

Available Resources

Audit logs track actions taken on individual resources within BigPanda. The following resources are available to track via the audit log:

Alert Correlation

Correlation patterns allow you to correlate related alerts into incidents for visibility into high-level, actionable issues. For more information, see Manage Alert Correlation.

Field

Description

Category

The name of the resource.

Object Name

The correlation pattern associated with the action.

Action

The type of action that occurred, along with the date and time it happened.

Correlation Pattern ID

System-generated unique identifier for the correlation pattern.

Status

Indicates whether the correlation pattern is Active or Inactive.

Cross Source

Determines if alerts can be correlated from different source systems into the same incident.

Correlation Tags

The tag names used to correlate alerts with matching values.

Time Window

Maximum duration between the start time of correlated alerts in minutes.

Query Filter

A BPQL query to filter incoming alerts. Only matched alerts will be correlated based on the pattern.

Description

A description of the correlation pattern.

Alert Enrichment

Enrichment is the process of adding contextual information to alerts in BigPanda. See Manage Alert Enrichment for more information.

Alert Enrichment Audit logs report on several sub-objects including:

  • Tag

  • Tags Order

  • Tag Enrichments

  • Tag Enrichments Order

  • Mapping Enrichment

  • Mapping Table Upload

Tag

Field

Description

Category

The name of the resource.

Object Name

The name of the tag.

Action

The type of action that occurred, along with the date and time it happened.

Tag ID

The name of the tag in BigPanda.

Status

Indicates the tag’s status in the system. Statuses include Active, Inactive, or Deleted.

Function Type

Automatic Enrichment rule type. Function types include Composition, Extraction, Mapping, or Mixed.

Execution Order

Number indicating the tag’s place in the execution order.

Automatic Enrichment

Click View full details to view additional information about the enrichment items.

Tags Order

Field

Description

Category

The name of the resource.

Object Name

The name of the tag

Action

The type of action that occurred, along with the date and time it happened.

Tags Order ID

The tag order ID.

Status

Indicates the tag’s status in the system. Statuses include Active, Inactive, or Deleted.

Tag Enrichments

Field

Description

Category

The name of the resource.

Object Name

The name of the enrichment item.

Action

The type of action that occurred, along with the date and time it happened.

Tag Enrichments ID

The tag enrichment ID.

Status

Indicates the tag’s status in the system. Statuses include Active, Inactive, or Deleted.

Function Type

Automatic Enrichment rule type. Function types include Composition or Extraction.

Automatic Enrichment

Click View full details to view additional information about the enrichment items.

Tag Enrichments Order

Field

Description

Category

The name of the resource.

Object Name

The name of the enrichment item.

Action

The type of action that occurred, along with the date and time it happened.

Tag Enrichments Order ID

The tag enrichment order ID.

Status

Indicates the tag’s status in the system. Statuses include Active, Inactive, or Deleted.

Mapping Enrichment

Field

Description

Category

The name of the resource.

Object Name

The name of the map.

Action

The type of action that occurred, along with the date and time it happened.

Mapping Enrichment ID

The tag mapping enrichment ID.

Status

Indicates the tag’s status in the system. Statuses include Active, Inactive, or Deleted.

Mapping Table Upload

Field

Description

Category

The name of the resource.

Object Name

The name of the map.

Action

The type of action that occurred, along with the date and time it happened.

Mapping Table Upload ID

The mapping table upload ID.

Status

Indicates the tag’s status in the system. Statuses include Active, Inactive, or Deleted.

Alert Filtering

Alert filtering allows you to prevent low-relevancy alerts from being correlated into incidents. See Manage Alert Filtering for more information.

Field

Description

Category

The name of the resource.

Object Name

The name of the alert filter associated with the action.

Action

The type of action that occurred, along with the date and time it happened.

User

Unique system identifier for the user.

Alert Filtering ID

The ID for the alert filter associated with the action.

Status

Indicates whether the alert filter is currently active.

Filter Name

Name of the alert filter.

Time Window

Details of the alert filter's time window.

API Keys

API Keys are used to securely authenticate calls to the BigPanda Public API.

Field

Description

Category

The name of the resource.

Object Name

The name of the API key associated with the action.

Action

The type of action that occurred, along with the date and time it happened.

API Key ID

The system-generated ID associated with the API key.

Status

Indicates whether the API key is active or not. 

AutoShare

AutoShare rules can be configured to share BigPanda incidents through email or integrated channels to notify your team of critical issues, automatically create tickets, or loop in team members who don’t use BigPanda. See Manage AutoShare for more information.

Field

Description

Category

The name of the resource.

Object Name

The sharing channel associated with the action.

Action

The type of action that occurred, along with the date and time it happened.

AutoShare ID

System-generated unique identifier for the AutoShare rule

Status

Indicates whether the environment is Active or Inactive.

Environment

The environment that the incident was shared from.

Share Via

The sharing channel that the incident was shared to.

Personal message

An optional note adding context to the AutoShare rule.

Environment

Environments group related incidents together for improved automation and visibility. See Manage Environments for more information.

Field

Description

Category

The name of the resource.

Object Name

The environment associated with the action.

Action

The type of action that occurred, along with the date and time it happened.

Environment ID

System-generated unique identifier for the environment

Status

Indicates whether the environment is Active or Inactive.

Environment name

The name of the environment as displayed in the BigPanda UI

Condition

A BPQL query to filter incoming incidents. Only matched incidents will be placed in the environment.

Integrations

Integrations allow you to shorten and automate incident triage by creating high quality alerts and actionable incidents. For more information, see Integrate with BigPanda.

Field

Description

Category

The name of the resource.

Object Name

The integration associated with the action.

Action

The type of action that occurred, along with the date and time it happened.

Target System ID

Name that uniquely defines an integration.

Stream ID

System-generated unique app_key for the integration.

Status

Indicates whether the integration is Active or Inactive.

Organization

The name of the BigPanda Organization where the update occurred.

Changes

List of updated configuration properties.

JIT Provisioning

JIT Provisioning allows you to define the domains associated with your IdP, and select default BigPanda user roles for newly created accounts from each SSO domain.

Field

Description

Category

The name of the resource.

Object name

The domain associated with the action.

Action

The type of action that occurred, along with the date and time it happened.

JIT Provisioning ID

The unique system-generated ID associated with the JIT mapping.

Status

Indicates whether the configuration is Active or Inactive.

Maintenance Plans

Maintenance plans reduce unnecessary noise by marking and silencing alerts triggered by system maintenance. See Manage Planned Maintenance for more information.

Field

Description

Category

The name of the resource.

Object Name

The name of the maintenance plan associated with the action.

Action

The type of action that occurred (Created, Updated, or Deleted), along with the date and time it happened.

User

Unique system identifier for the user.

Maintenance Plan ID

The ID for the maintenance plan associated with the action.

Status

Indicates the current status of the maintenance plan.

Plan Name

Name of the maintenance plan.

Time Window

Details of the maintenance plan's time window and whether or not it's recurring. 

Roles

Roles and permissions control the levels of access to different features in BigPanda.

Field

Description

Category

The name of the resource.

Object name

The role associated with the action.

Action

The type of action that occurred, along with the date and time it happened.

Role ID

System-generated unique identifier for the role.

Status

Indicates whether the role is Active or Inactive.

Name

The name of the role.

SAML Attribute Mapping

With SAML Attribute Mapping, you can use properties from your IdP to automatically map roles to an account in BigPanda whenever an existing user logs in.

Field

Description

Category

The name of the resource.

Object name

The domain associated with the action.

Action

The type of action that occurred, along with the date and time it happened.

JIT Provisioning ID

Unique system identifier for this mapping.

Status

Indicates whether the configuration is Active or Inactive.

SSO Configuration

You can configure an SSO integration to manage your organization’s BigPanda users via a third-party identity provider. See Single Sign-On for more information.

Field

Description

Category

The name of the resource.

Object Name

The correlation pattern associated with the action.

Action

The type of action that occurred, along with the date and time it happened.

SSO Configuration ID

The identity provider used in the SSO configuration.

Status

Indicates whether the SSO configuration is Active or Inactive.

SSO Test

SSO Test tracks when a user tests the SSO connection from the Single Sign-On screen during the configuration process.

Field

Description

Category

The name of the resource.

Object Name

The SSO domain associated with the action.

Action

The type of action that occurred, along with the date and time it happened.

SSO Test ID

The name of the SSO provider.

Status

The status of the SSO configuration.

User Management

User management allows administrators to manage who can access your organization's data in BigPanda. See User Management for more information.

Field

Description

Category

The name of the resource.

Object Name

The user name associated with the action.

Action

The type of action that occurred, along with the date and time it happened.

User ID

Unique system identifier for the user.

Status

Indicates the user’s status in the system. Statuses include Active or Pending.

User Name

The name of the user as displayed in the BigPanda UI.

Email

The email address associated with the user.

In this section: