1. Home
    2. Prisma
    3. Prisma Cloud
    4. Prisma™ Cloud Administrator's Guide
    5. Manage Prisma Cloud Administrators
    6. View Audit Logs

    View Audit Logs

    View audit logs for all the activities performed on Prisma Cloud.
    As part of compliance requirement for organizations, companies need to demonstrate they are proactively tracking security issues and taking steps to remediate issues as they occur. The Prisma Cloud Audit Logs section enables companies to prepare for such audits so that they can demonstrate compliance. The Audit logs list all actions initiated by Prisma Cloud administrators. It lists who did what and when, to help you identify any configuration changes and activity initiated on a cloud account of behalf of the administrator who initiated the action. To access audit logs select
    Settings
    Audit Logs
    .
    1. Select a
      Time Range
       to view the activity details by users in the system.
    2. Select [ ] the columns you want to display and their order.
    3. After selecting the columns, you can
      Download
       all administrator activity.
      The details are in a CSV format.
    4. View the data in the CSV file. The Prisma Cloud audit log includes the following fields, which are available for ingestion in to your security information and event management systems:
      Field Name
      Description
      action
      Contains the entire content of the audit log, which describes the actions performed by the Prisma Cloud user and details of the resource changed by the action.
      user
      Name of the Prisma Cloud user that performed the action.
      ipAddress
      IP address that the user logged-in with.
      If the action is a background process, which is not triggered by a user with an IP address, the placeholder
      Prisma Public Cloud Internal IP
       value is displayed.
      resourceName
      Prisma Cloud resource object that the activity was performed on.
      resourceType
      Category of the activity performed by the Prisma Cloud user.
      The values for this field are:
      • Account Group
      • Alert Config
      • Alert Rule
      • Alerts
      • Anomaly Settings
      • bridgecrew provision
      • CidrBlock
      • Cloud Account
      • Cloud Accounts
      • Data Pattern
      • Data Profile
      • Download Job
      • IaC Scan
      • iam provision
      • Integration
      • Investigate - Search
      • Login
      • Login Ip Whitelist Check
      • Notification Template
      • pcn provision
      • PublicNetwork
      • Saved Filter
      • Secure - Policy
      • Secure - Report
      • Security - SAML
      • Session Timeout
      • SSO Bypass Management
      • TenantConfig
      • twistlock provision
      • User Management
      • User Profile
      • User Role
      result
      Result of the action performed.
      The values for this field are:
      • Success
      • Successful
      • True
      • Failed
      • Failure
      • False
      timestamp
      Time that the Prisma Cloud audit event occurred, in epoch format and UTC timezone.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2022 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo