Audit Logs
The Audit Log feature is designed to provide visibility and governance to your company’s activities within the Lumu Portal. This feature records and displays a historical timeline of the activities and configurations made on the Portal, allowing administrators to keep track of the changes and ensure compliance with your company’s policies.
This feature includes the following key capabilities:
- Track Activity: Monitor actions related to collectors, configurations, and system settings.
- Detailed Records: View specific JSON data detailing the changes made.
- Search & Filter: Quickly locate specific events by user, time, or event type.
Availability and Access
Access to the Audit log is restricted based on user roles to ensure data security.
- Allowed roles: Admin and CM users can access the audit logs.
- Restricted roles: User roles do not have access to this feature.
This feature is available for all Lumu subscription tiers.
Event information
Each entry in the Audit Log represents a single event captured within the Lumu Portal. Event details provide the contextual and technical information required to understand what happened, who performed the action, when it occurred, and what was affected.
The exact details of the event are recorded and displayed in a JSON object. While the specific fields vary depending on the event type (e.g., a User Login event tracks different data than an Integration Created event) every log provides visibility into the Performer, the Timestamp, and the Context.
Key data fields
Regardless of the type of event, you can expect to find the following core information on each of them:
- Performer data: Information about the user who triggered the event, data like name, mail and role.
- Timestamp: The exact date and time of the event in UTC format.
- Context: Details and specifics of the action performed. For example, for an Integration Created event, you will find the name and description of the integration, and the threat types to be blocked.
Captured events
Lumu records events across four primary operational areas. The following table summarizes the types of activities tracked within the system
| User Management | Infrastructure & Agents | Integrations & Gateways | Reporting & Rules |
| User First Login, User Login, User Logged Out, User Password Updated | Collector Created, Updated, Deleted | Integration Created, Updated, Deleted | Incident Details Report Requested |
| User Created, User Updated, User Deleted, User Confirmed | Collector Agent Created, Updated, Deleted Custom Collector Created, Updated, Deleted, API Key Revoked
|
Integration Deletion Failed | Incident Report Sent, Scheduled Report Sent |
| User Activated, User Deactivated, User Invited, User Accepted | Appliance Created, Updated, Deleted, Activated, Revoked | Gateway Created, Updated, Deleted | Grouping Rules Updated Label Created, Updated, Deleted
|
| Log Forwarder Agent (Created, Updated, Deleted, Activated, Revoked) | Company Created, Updated, Deleted, Detached From MSP | Roaming Agent/Group Deleted, Autopilot Status Updated |
The Audit logs focus on configuration and administrative actions of the Portal. Incident operations are NOT included in these logs.
Reviewing the Audit log
To access the Audit log, log into the Lumu Portal with an Admin or CM account and follow these steps.
1. Using the left navigation menu in the Lumu Portal, go to Accounts under the Settings section.
2. Now in the Accounts Setting page, select the Audit Log (1) tab.
3. You will see a table listing the activities performed by the users of your company within the portal. Logs are sorted by date and time, with the latest activities shown first.
Even when a user has been erased from the system, its activity logs will show up for the following 180 days.
Using the Audit log interface
When reviewing the Audit log, you can perform the following actions:
Filter and Search
By default, it is set to show the activities of the last 7 days. You can filter the data shown as follows:
- Use the quick filters where you can select from: Today, Yesterday, last 7, 30, 60, 90, or 180 Days.
- Use the Custom range where you can specify the exact dates you want to cover in the filtering.
- Use the search field to filter logs by User Name, Email, or Event Name.
Keep in mind that when using the Custom range filter, you cannot select dates older than 180 days.
View log details
The main view only displays the summary of the activities within the Portal. You can click on any row to display the full log in JSON format.
Additionally, when you display the full log, you will see a Copy button within the expanded view to copy the log into your clipboard for further analysis.
Download and Refresh
- Refresh: You can manually refresh the data displayed in the table to reflect the latest activities by clicking the refresh icon located next to the search bar.
- Download: By clicking the download icon, you can export the current data shown into a CSV file. You can only export up to 10000 items, we recommend you to use the filters to export only the information needed.
Get an AI Summary
Related Articles
Lumu Traffic Logs
Powered by Lumu Playback®, Lumu stores essential Traffic Logs for up to two years, which you can access for independent analysis and compliance purposes. In this article, we are going to see how you can query and download these logs through the Lumu ...Lumu Portal
Lumu simplifies Continuous Compromise Assessment by consolidating its management, reporting, and related contextual intelligence within a single portal. Security teams no longer need to chase down data from multiple network monitoring tools. The Lumu ...Lumu Playback
The cybersecurity industry has developed numerous methods to defend against zero-day threats and emerging attacks. However, many attacks still slip through undetected due to the increasingly sophisticated evasion tactics employed by cybercriminals. A ...How to configure SSO in the Lumu Portal using Okta
Single Sign-on (SSO) allows you to log in to the Lumu portal through Identity Providers using their current credentials. Instead of requiring users to manage multiple usernames and passwords, SSO allows you to log in to multiple applications using ...Lumu Email Intelligence
Lumu simplifies Continuous Compromise Assessment by consolidating its management, reporting, and related contextual intelligence within a single portal. Security teams no longer need to chase down data from multiple network monitoring tools. In this ...