View Audit Logs

View audit logs for all the activities performed on Prisma Cloud.
As part of compliance requirement for organizations, companies need to demonstrate they are proactively tracking security issues and taking steps to remediate issues as they occur. The Prisma Cloud Audit Logs section enables companies to prepare for such audits so that they can demonstrate compliance. The Audit logs list all actions initiated by Prisma Cloud administrators. It lists who did what and when, to help you identify any configuration changes and activity initiated on a cloud account of behalf of the administrator who initiated the action. To access audit logs select
Settings
Audit Logs
.
  1. Select a
    Time Range
    to view the activity details by users in the system.
  2. Select [ ] the columns you want to display and their order.
  3. After selecting the columns, you can
    Download
    all administrator activity.
    The details are in a CSV format.
  4. View the data in the CSV file. The Prisma Cloud audit log includes the following fields, which are available for ingestion in to your security information and event management systems:
    Field Name
    Description
    action
    Contains the entire content of the audit log, which describes the actions performed by the Prisma Cloud user and details of the resource changed by the action.
    user
    Name of the Prisma Cloud user that performed the action.
    ipAddress
    IP address that the user logged-in with.
    If the action is a background process, which is not triggered by a user with an IP address, the placeholder
    Prisma Public Cloud Internal IP
    value is displayed.
    resourceName
    Prisma Cloud resource object that the activity was performed on.
    resourceType
    Category of the activity performed by the Prisma Cloud user.
    The values for this field are:
    • Account Group
    • Alert Config
    • Alert Rule
    • Alerts
    • Anomaly Settings
    • bridgecrew provision
    • CidrBlock
    • Cloud Account
    • Cloud Accounts
    • Data Pattern
    • Data Profile
    • Download Job
    • IaC Scan
    • iam provision
    • Integration
    • Investigate - Search
    • Login
    • Login Ip Whitelist Check
    • Notification Template
    • pcn provision
    • PublicNetwork
    • Saved Filter
    • Secure - Policy
    • Secure - Report
    • Security - SAML
    • Session Timeout
    • SSO Bypass Management
    • TenantConfig
    • twistlock provision
    • User Management
    • User Profile
    • User Role
    result
    Result of the action performed.
    The values for this field are:
    • Success
    • Successful
    • True
    • Failed
    • Failure
    • False
    timestamp
    Time that the Prisma Cloud audit event occurred, in epoch format and UTC timezone.

Recommended For You