The Audit Log allows you to obtain complete, uniform and searchable data access audits for all cloud data repositories with full user, access and data context.
Your audit data is retained in your account indefinitely and there is no retention or roll-off window for the data. On the audit page, you can query up to 90 days of audit data at a time.
You can monitor data access, generate compliance reports, investigate incidents and conduct access reviews for all data stores from the Satori management console.
Audit Log Functionality
The Audit Log provides you with the following capabilities:
- Search and Filter - See a list of available filters below
- Export to CSV - Download the complete report of the audit log for offline analysis or compliance.
- Share - Generates a URL that can be sent to other users of the account in the Satori management console to view the report.
- Columns Filter - Click on the settings icon on the top right corner of the filter toolbar and select which columns to show in the table.
- Show/Hide Administrative Queries - When using client tools such as an IDE or a BI tool, not all queries sent by the tool are driven from the user using the tool. For example, the tool may send multiple queries to read the schema of the data store.
To filter these "administrative queries" out and focus on queries sent by users, click on the Settings icon on the top right corner of the filter toolbar and use the toggle button.
Satori provides you with a powerful range of filter controls to view your data. The following list describes the available filter options in the Audit Log view:
- Time Frame - Displays the queries that were sent in the specified time frame.
- Data Store - Displays the queries that were sent to a particular data store.
- User Name - Displays the queries that were executed by a particular user.
- Role - Displays the queries that were executed using a particular role or IdP group.
- Client Tool - Displays the queries that were sent from a particular client tool. The complete list of client tools is available from the following link. Client tools List.
- Data Store Location - Displays the queries that accessed a specific table or column.
- Tags - Search for queries by tag. For a complete list of the available tags in Satori, go to Tag Reference.
- Action Type - Displays the queries that triggered a specific action. For more information about actions go to the Action section of the Custom Policy Engine chapter.
- Incidents - Displays the queries that generated an incident
- Incident ID - Search by specific incident ID