This capability is available only for users with Customer Admin role.
About audit logs
Hunters maintains an audit log of various events performed by users within the platform. These logs include the following information:
Time - The time at which this action was performed
Email - The email associated with the user who performed the action
Action - The action performed by the user
Severity - The severity of the action performed by the user
IP Address - The recorded IP that the action originated from
Description (Available in CSV download only) - Additional information about the event
User Agent (Available in CSV download only) - The user agent of the browser used to perform the event
📘 Note
Description and User Agent are available only in downloaded CSV files.
You can search for logs within the platform, or download them as CSV to interpret with spreadsheet software.
Monitored Actions
The following actions are monitored and generate log events:
Action Name | Description |
|---|---|
Activated account | The user activated their account. |
Add new custom Detector | The user added a custom detector to the account. |
Added user | A new user was added to the platform. |
Assigned roles | New roles were assigned to a user (additional details in the Description column). |
Changed password | The user changed their password. |
Created API key | The user created an API key. |
Deleted API key | The user deleted an API key. |
Disabled MFA | The user disabled multi-factor authentication on their account. |
Edit custom Detector | Custom Detector X configuration was changed from Y to Z. |
Enabled MFA | The user enabled multi-factor authentication on their account. |
Login | The user logged in to the platform. |
Logout | The user logged out of the platform. |
New Incident | A new incident report was created by the user. |
New Investigation | A new investigation report was created by the user. |
New Report | A new report was created by the user. |
Removed roles | Roles were removed from a user (additional details in the Description column). |
Removed user {{user}} from account | This user was removed from the account. |
Reset password | The user's password was reset. |
Update Detector | This detector was updated with the following modifications (see Description column). |
Update Drilldown Formatters | The following drilldown formatters were updated. |
Update Drilldown Settings | The following drilldown settings were updated. |
Update Report | The following report was updated. |
Update Report Status | The report's status was updated. |
Update toGraph | More information in the description field. |
Updated profile | The user's profile was updated. |
User failed to login | A failed authentication attempt was detected for this user. |
User logged in | A successful authentication was performed by this user. |
Created ignore rule | The mentioned user created a new ignore rule. |
Updated ignore rule | The mentioned user updated an existing ignore rule. |
Deleted ignore rule | The mentioned user deleted an ignore rule. |
Added custom scoring rule | The mentioned user created a new custom scoring rule. |
Updated custom scoring rule | The mentioned user updated an existing custom scoring rule. |
Deleted custom scoring rule | The mentioned user deleted a custom scoring rule. |
Added an asset tag | The mentioned user added an asset tag. |
Edited an asset tag | The mentioned user edited an asset tag. |
Deleted an asset tag | The mentioned user updated an asset tag. |
Added an asset annotation | The mentioned user added an asset annotation. |
Edited an asset annotation | The mentioned user edited an asset annotation. |
Deleted an asset annotation | The mentioned user deleted an asset annotation. |
Added a data source | The mentioned user added a data source. |
Edited a data source | The mentioned user edited a data source. |
Deleted a data source | The mentioned user deleted a data source. |
Inspect audit logs
On the Hunters platform
From the platform top bar, click your name and then click Administration.
The Administration window opens.
Navigate to Audit log.
💡Save time
Use the search bar to find specific actions or users.
In a CSV file
After downloading, a CSV will be generated and downloaded to your machine with all recorded logs since the creation of the organization. In addition to the fields displayed in the platform, the following additional fields are downloaded:
Description - Additional information about the event
User Agent - The user agent of the browser used to perform the event
To download the audit log as a CSV file:
From the platform top bar, click your name and then click Administration.
The Administration window opens.
Navigate to Audit log.
Click Download.