Audit Logs

Overview

The Audit Logs module in LightBeam is a robust system for tracking and recording user activities across various components. It enhances security, accountability, and system management by providing detailed insights into user actions.

• Comprehensive activity tracking across multiple modules

• Advanced filtering options for efficient log analysis

• CSV export functionality for external reporting and analysis

• Secure access control to maintain data integrity

Supported Modules

Tracked Actions

The system logs various actions across all modules:

• User Actions: Login/Logout, Reset Password, Invite

• Data Actions: Create, View, Update, Delete, Approve/Reject, List, Mute, Resolve, Download, Export

• System Actions: Notify, Review, Classify, Annotation, Mask/Unmask

Enabling Audit Logs

To enable the Audit Logs feature:

1. Locate the configuration file for LightBeam.

2. Find the lbAudit setting.

3. Change the enabled value from false to true:

   Copy

   lbAudit:
     enabled: true

1. Save the configuration file and restart the LightBeam service for the changes to take effect.

Using the Audit Logs Module

Follow these steps to access and use the Audit Logs module effectively:

1. Accessing Audit Logs

• Click on the Audit Log icon (📋) on the left sidebar.

1. Viewing Log Entries

• View the list of recent activities or actions performed by users on all supported modules.

• Each log entry displays key information about the recorded action.

• Click on an entry to view more details about the specific action.

1. Filtering Logs

• Use the filter function to narrow down the log entries.

• Available filters include:

  • Date range

  • User

  • Action type

  • Object type

  • Attribute name

1. Analyzing Logs

• Review log entries to monitor user activities, investigate issues, or ensure compliance.

• Look for patterns or unusual activities that may require attention.

1. Exporting Logs

• To export log data, click on the "Export CSV" button.

• Use the exported file for further analysis or record-keeping.

Example:

Let's walk through an example of how the Audit Logs module tracks a data classification action:

1. User Action: An authorized user views the file "thanh-3-stages-25-pii-75-non-pii/0.pdf" from the Google Drive datasource in LightBeam.

2. Log Generation and Storage: The system automatically generates and stores a log entry for this view action.

3. Accessing and Reviewing the Log: Later, an administrator accesses the Audit Logs module:

   • Navigates to the Audit Logs section.

   • Checks recent logs for "View" action.

4. Log Entry Details: The administrator can see the following information in the log:

   • Module: Object

   • Action type: View

   • Timestamp of the view action

   • User who performed the action (the viewer's ID)

   • Object viewed: "thanh-3-stages-25-pii-75-non-pii/0.pdf"

   • Datasource: Lb-Google-Drive

5. Export Log: If needed, the administrator can:

   • Click on the Export CSV button to download the log.

   This example demonstrates how the Audit Logs module provides a clear trail of important actions, enabling effective oversight and compliance management.

Limitations

It's important to be aware of Audit Log's current limitations:

1. Historical data retention: Audit log data that has been rotated from the log file is not retained until a user-configured Security Information and Event Management (SIEM) tool is in place.

2. Report auditing: Audit logs for reporting events are not available.

3. Limited filter support: There is limited filter support for fields available in additional metadata such as attribute types, entities, and datasources.

4. SIEM tool configuration: Configuration of SIEM tools through the UI is not currently supported.

5. Terminal activities: Actions performed via terminal are not captured in the audit logs.

6. Kubernetes events: Changes in different resources on the Kubernetes cluster are not logged.

7. Login failures and password resets: Audit logs for login failures and password resets are not available.

About LightBeam

LightBeam automates Privacy, Security, and AI Governance, so businesses can accelerate their growth in new markets. Leveraging generative AI, LightBeam has rapidly gained customers’ trust by pioneering a unique privacy-centric and automation-first approach to security. Unlike siloed solutions, LightBeam ties together sensitive data cataloging, control, and compliance across structured and unstructured data applications providing 360-visibility, redaction, self-service DSRs, and automated ROPA reporting ensuring ultimate protection against ransomware and accidental exposures while meeting data privacy obligations efficiently. LightBeam is on a mission to create a secure privacy-first world helping customers automate compliance against a patchwork of existing and emerging regulations.