View audit logs for all the activities performed on Prisma
As part of compliance requirement for organizations,
companies need to demonstrate they are proactively tracking security
issues and taking steps to remediate issues as they occur. The Prisma
Cloud Audit Logs section enables companies to prepare for such audits
so that they can demonstrate compliance. The Audit logs list all
actions initiated by Prisma Cloud administrators. It lists who did
what and when, to help you identify any configuration changes and
activity initiated on a cloud account of behalf of the administrator
who initiated the action. To access audit logs select
view the activity details by users in the system.
] the columns you
want to display and their order.
After selecting the columns, you can
The details are in a CSV format.
View the data in the CSV file. The Prisma Cloud audit
log includes the following fields, which are available for ingestion
in to your security information and event management systems:
Contains the entire content of the audit log,
which describes the actions performed by the Prisma Cloud user and
details of the resource changed by the action.
Name of the Prisma Cloud user that performed
IP address that the user logged-in with.
the action is a background process, which is not triggered by a
user with an IP address, the placeholder
Prisma Public Cloud
value is displayed.
Prisma Cloud resource object that the activity
was performed on.
Category of the activity performed by the Prisma
The values for this field are:
Investigate - Search
Login Ip Whitelist Check
Secure - Policy
Secure - Report
Security - SAML
SSO Bypass Management
Result of the action performed.
values for this field are:
Time that the Prisma Cloud audit event occurred,
in epoch format and UTC timezone.