search
Book a demo

Audit Logs

Audit logs display the results of recent logins, scans and other actions. From the menu pane, go to ADMIN > Audit Logs.

Use this page to:

  • monitor logins, scans and user actions

  • investigate unusual or unauthorized activity

hashtag
Prerequisites

You need read/write permissions to view audit logs.

hashtag
Audit log event types

For a list of log event types, see the article logType.

hashtag
Audit log details

The page includes the following elements:

  • Filters: Use the filter pane for single or multi-select filters. The filters display actions completed in the selected period.

  • Summary metrics: Shows the total log count.

  • Execution list: Displays details for each login or scan.

Element
Description

Period filter (in the header)

Filters the results to the selected period.

Total

Displays the total number of actions based on the applied filters.

Search bar

Enter text to search for a specific term.

Filters

Select one or multiple filters:

  • Action: Examples: Login, Scan Now. Slack Alert Sent, Jira Ticket Opened.

  • User

  • Log Type: Examples: Authentication, Scan

Log details

Use the tooltips to identify icons.

  • User: The name of the user.

  • Action: Login or Scan.

  • Additional Info: Shows additional details like the User Role or Scan ID.

  • Log Type

  • Date: The date of the action.

hashtag
Audit Log Export

In addition to viewing audit logs in the OX platform, you can export audit logs to an external Amazon S3 bucket. This supports long-term retention, automated analysis, and integration with external logging or compliance systems.

Audit log export is typically used when you need to:

  • Centralized logging: Consume audit logs using existing log processing pipelines.

  • Compliance and retention: Store audit logs in customer-managed, long-term storage.

  • Automation: Enable automated analysis outside the OX platform.

hashtag
How audit log export works

Audit logs are exported as JSON files to a customer-managed S3 bucket.

Each export includes all audit log events generated since the previous export.

If no user or system activity occurred during the export window, the exported file still contains a system-generated event indicating that the export ran successfully.

hashtag
Authentication and Permissions

Audit log export uses an AWS role-based connector.

During setup:

  • OX generates a unique external ID

  • An AWS IAM role is created with permission to write to the specified S3 bucket

The role ARN and external ID are used together to securely authenticate export operations.

hashtag
Audit log export configuration

Audit log export is configured from the Settings → Audit Logs → Configuration page after the relevant connector is enabled.

Setting
Description

S3 bucket

The Amazon S3 bucket where audit logs are exported.

S3 region

The AWS region where the bucket is located.

S3 bucket prefix

Optional folder inside the bucket where audit logs are stored.

Export frequency

Interval, in hours (1–24), at which audit logs are exported.

Note The first export runs at the beginning of the next full hour after the configuration is saved. Subsequent exports run according to the configured frequency.

hashtag
Exported file structure

Audit logs are written to the S3 bucket using a structured folder hierarchy that is created automatically by OX.

The folder structure and file naming convention are managed by the platform and cannot be customized.

Last updated