Using the Keepit Audit Log : Help Center

Help

Browse our troubleshooting tutorials to get step-by-step solutions for many
common problems. Are we missing something you think would be helpful for
others? Let us know!

Using the Keepit Audit Log

Modified on: Thu, 3 Oct, 2024 at 11:27 AM

How do I access the audit log?

Master Admin, Compliance Admin, and Audit users have access to the audit log.

The audit log page can be opened by clicking on Audit Log in the left-hand menu.

What does the audit log show?

The following information is included for each event recorded by the audit log:

User: User who initiated the event
Area: Type of event
Event: Event that was initiated
Event status: Status which indicates whether the event succeeded or failed
IP address: IP address of the user who initiated the event
Time: Date and time the event was initiated

What types of events does the audit log track?

The log is categorized by user, account, connector, recovery, compliance, and security events.

User events track all events related to account sign-ins, tokens, users
Account events track all events related to the account
Connector events track changes to connectors
Recovery events track all browsing activity, restore and download jobs
Compliance events track RTBF label activity
Security events track all changes to SSO, MFA, and SIEM integrations

What events does the audit log record?

The audit log records every time a user:

User events

Creates a secondary token (e.g., signs in or creates an API token)
Deletes a secondary token (e.g., signs out or deletes an API token)
Signs out everywhere
Has failed authentication attempt (e.g., has a failed sign-in attempt)
Creates or deletes a new user
Changes username, email, role, password, or expiration date of a user

Account events

Changes company name
Changes account language
Changes contact email
Agrees to updated Terms of Service

Connector events

Creates a new connector
Changes connector name
Updates a backup configuration
Changes connector snapshot retention
Changes the number of API requests (Salesforce connector)
Changes connector geo location
Deletes a connector
Revives a connector
Adds or removes a user from connector access list
Generates or downloads a compliance report
Schedules a backup (a backup is scheduled the first time a user creates a connector - the next backups run automatically and are not recorded in the logs)

Recovery events

Schedules a restore (includes import)
Schedules an item restore
Creates or deletes a shared link
Adds a password to a shared link
Downloads a file
Downloads a folder as a .zip file
Downloads a folder as a .pst file
Previews a file
Views the dashboard page of a connector
Browses data (i.e., opens folders in a connector)
Browses a shared folder (an outside user)

Security

Creates, edits, or deletes a new SSO configuration
Enables or disables an SSO configuration
Enables, updates, or disables MFA
Adds or deletes a SIEM integration
Creates or updates a public links policy

Compliance

Assigns or removes an RTBF label

Filtering audit logs

You can enter terms in the filter field to narrow down the audit data.

You can also use the available filter categories by selecting the filter icon. Make your selections and then select Apply filters.

Downloading the audit log

You can download a CSV file of the audit log by selecting the download icon in the toolbar.

If you filter the list before starting the download, the CSV file is also filtered this way.

Did you find it helpful? Yes No

Related Articles