Skip to main content

Cyware Fusion and Threat Response

View Audit Logs

Audit Logs displays all the activity and API request logs of all users in one place. The logs help the administrators to track the activity of each user and the updates of each module. You can refer to the logs to trace a specific change to a specific module.

Note

You can view the logs that you have permission to as defined in your user account and your user groups. For more information, see Configure Role-Based Access Control (RBAC) in CFTR.

Activity Logs

Activity logs are system logs that are automatically generated when the data of a module is updated. Each log entry in the activity logs refers to one activity and displays the following details:

  • Activity type, such as updated, created, and deleted.

  • Username of the user who performed the activity.

  • Affected module with the module ID.

  • Activity date and time

Manage Activity Logs

You can perform the following activities to manage the activity logs:

  • Filter activity logs using the following criteria:

    • Action: Filters activity logs based on the action that is performed, such as Create, Update, Delete, and more.

    • Component: Filters activity logs based on the module on which the action is performed, such as Incident, Action, OpenAPI, Configuration, and more.

    • Created: Filters activity logs based on the actions performed within a specific date range.

    • User: Filters activity logs based on the user who performed the action.

  • Search activity logs by username and the updated field values.

  • Export activity logs in PDF format.

    Note

    You can export a maximum of 5000 logs in one export request.

API Request Logs

Each log entry in the API request logs refers to one activity that is performed on the CFTR application. The logs provide the following information:

  • API requests across the CFTR application

  • Open API requests sent to the CFTR instance

Using the API logs, administrators can analyze and gather insights into the API requests. You can view the following details of the API requests:

  • API Request: Displays the API endpoint.

  • IP Address: Displays the IP address of the device where the API is executed.

  • HTTP Method: Displays the HTTP method that is requested.

  • Response Status: Displays the response status of the API request. Some of the common response statuses are:

    • 200: Success

    • 404: Not found

    • 401: Unauthorized

    • 500: Internal server error

  • User: Displays the CFTR username of the user who executed the API.

  • Ran On: Displays the date and time when the API is requested.

  • Duration: Displays the time taken to execute the API request.

Note

API request logs older than six months are automatically deleted.

Manage API Request Logs

You can perform the following activities to manage API request logs:

  • Filter API request logs using the following criteria:

    • Ran on: Filters API request logs based on the API requests executed within a specific date range.

    • Request Method: Filters API request logs based on the HTTP request method, such as GET, PUT, POST, DELETE, and more.

    • Response Status: Filters API request logs based on the API response status, such as 200, 201, 401, and more.

    • User: Filters API request logs based on the user who executed the API request.

  • Search API request logs by the API request.

  • Sort API request logs based on the duration and execution time.

  • Export API request logs in XLS, XLSX, and CSV formats.

    Note

    You can export a maximum of 5000 logs in one export request.