Audit Logs

The Audit Logs section provides a detailed history of the actions taken on the objects associated with the alert. It displays a timeline of events, including the Time & Date of each action, the number of Objects involved, the specific Action performed (e.g., Muted, Permit List, No Scan List, Reassigned, Resolved), and the user(Action Taken By) who performed the action. The Audit Logs enable users to track and review the complete lifecycle of the alert, from its creation to the various actions taken to manage and resolve it. This information is crucial for auditing, compliance, and accountability purposes.

Audit Log Enhancements

The audit logs in LightBeam Playbooks Alerts 2.1 have been enhanced to provide a more comprehensive and user-friendly view of the actions performed on sub-alerts.

Workflow:

1. Whenever an action is performed on a sub-alert (e.g., resolving, reassigning, adding to permit list), LightBeam Playbooks captures the relevant details in the audit log.

2. The audit log now includes the following information for each action:

   • User: The name or email address of the user who performed the action.

   • Timestamp: The date and time when the action was performed.

   • Action: The specific action that was taken (e.g., resolved, reassigned, added to permit list).

   • Objects Affected: The number of objects impacted by the action.

3. Administrators and authorized users can access the audit log from the alert details page in LightBeam Playbooks.

4. The audit log provides a chronological view of all the actions performed on sub-alerts within a specific alert.

5. Users can review the audit log to understand the history of actions taken, who performed them, and when they occurred.

6. The enhanced audit log details facilitate accountability, traceability, and compliance reporting.

The audit log enhancements in Alerts 2.1 provide a more granular and informative view of the actions performed on sub-alerts. By capturing key details such as the user, timestamp, action, and affected objects, the audit log enables effective tracking and monitoring of alert-related activities. This information is valuable for security investigations, compliance audits, and understanding the lifecycle of sub-alerts within the system.