View Enterprise DLP Audit Logs on Strata Cloud Manager

1. Log in to Strata Cloud Manager.
2. (Optional) Configure syslog forwarding for Enterprise DLP audit logs.
3. Select ConfigurationData Loss PreventionAudit Log.
4. (Optional) Filter Enterprise DLP audit logs as needed.

   • Enter an email in the search bar to filter the audit logs by user.
   • Add New Filter to filter the Enterprise DLP audit logs based on:
     • Time—Select a predefined time frame or specify a Custom time frame. For the predefine time frame, you can select Past 60 Minutes, Past 24 Hours, Past 7 Days, Past 30 Days, or All
     • Channel—Select the security enforcement point where the change occurred. You can select Enterprise DLP, NGFW, Prisma Access, SaaS Security, and Strata Cloud Manager.
     • Event—Select the type of audit log event to view. You can select Create, Update, and Delete.
5. Click View Details to see detailed information about a specific audit log.

   You can view additional audit log details to better understand what changes in your Enterprise DLP configuration. When you update an existing data pattern, data profile, or other Enterprise DLP configuration object, Enterprise DLP highlights in red what the security admin deleted and highlights in green what the security admin added or changed.

   Enterprise DLP generates an audit log when a data security administrator:

   • Create
     • Creates a new data pattern.
     • Creates a new data profile.
     • Creates a new custom document type.
     • Creates a new data dictionary
     • Adds an Endpoint DLP peripheral device.
     • Creates an Endpoint DLP policy rule.
   • Read
     • Accesses an Enterprise DLP or Email incident incident and views the associated snippet.
       Enterprise DLP generates an audit log when view viewing Email DLP incident snippet from ConfigurationData Loss PreventionAudit Log.
     • Accesses a Data Security (SaaS API) incident and views the associated snippet.
       Enterprise DLP generates an audit log when view viewing Email DLP incident snippet from ConfigurationSaaS SecurityData SecurityIncidentsData Asset Incidents.
   • Update
     • Edits the snippet settings.
     • Updates a data pattern.
     • Updates a data profile
     • Updates a DLP rule.
     • Updates an Endpoint DLP peripheral device.
     • Updates an Endpoint DLP policy rule.