System Logs and Auditing
Data guardians use logs to ensure that all data is provisioned in compliance with company policies and to audit changes to demonstrate data compliance. System administrators also use them to query logs and check for errors.
The platform records all changes to any object (policies, projects, requests) in addition to other important events, such as user logins. See the list of audit events.
You can forward audit records to your preferred security information and event management (SIEM) solution. For example Splunk or QRadar.
Logs:
are JSON files
are Splunk compliant
record all changes to any object, such as policies, projects, and requests
can only be appended to, never modified (Changes to any object do not delete or modify existing log information)
can be exported and filtered on audit events, object type, dates, and user ID
can be archived on an unscheduled or scheduled basis