Audit logs for MSP
The Audit Log feature is designed to provide visibility and governance to your company’s activities within the Lumu MSP Portal. This feature records and displays a historical timeline of the activities and configurations made on the Portal, allowing administrators to keep track of the changes and ensure compliance with your company’s policies.
This feature includes the following key capabilities:
- Track Activity: Monitor actions related to collectors, configurations, and system settings.
- Detailed Records: View specific JSON data detailing the changes made.
- Scope selection: Select specific tenants to view their activity.
- Search & Filter: Quickly locate specific events by user, time, or event type.
Availability and Access
Access to the Audit log is restricted based on user roles to ensure data security.
- Allowed roles: Admin and Supervisor users can access the audit logs.
- Restricted roles: Analyst roles do not have access to this feature.
This feature is available for all Lumu subscription tiers.
Event information
Each entry in the Audit Log represents a single event captured within the Lumu Portal. Event details provide the contextual and technical information required to understand what happened, who performed the action, when it occurred, and what was affected.
The exact details of the event are recorded and displayed in a JSON object. While the specific fields vary depending on the event type (e.g., a User Login event tracks different data than an Integration Created event) every log provides visibility into the Performer, the Timestamp, and the Context.
Key data fields
Regardless of the type of event, you can expect to find the following core information on each of them:
- Performer data: Information about the user who triggered the event, data like name, mail and role.
- Timestamp: The exact date and time of the event in UTC format.
- Context: Details and specifics of the action performed. For example, for an Integration Created event, you will find the name and description of the integration, and the threat types to be blocked.
Captured events
Lumu records events across four primary operational areas. The following table summarizes the types of activities tracked within the system:
| User Management | Infrastructure & Agents | Integrations & Gateways | Reporting & Rules |
| User First Login, User Login, User Logged Out, User Password Updated | Collector Created, Updated, Deleted | Integration Created, Updated, Deleted | Incident Details Report Requested |
| User Created, User Updated, User Deleted, User Confirmed | Collector Agent Created, Updated, Deleted Custom Collector Created, Updated, Deleted, API Key Revoked
|
Integration Deletion Failed | Incident Report Sent, Scheduled Report Sent |
| User Activated, User Deactivated, User Invited, User Accepted | Appliance Created, Updated, Deleted, Activated, Revoked | Gateway Created, Updated, Deleted | Grouping Rules Updated Label Created, Updated, Deleted
|
| Log Forwarder Agent (Created, Updated, Deleted, Activated, Revoked) | Company Created, Updated, Deleted, Detached From MSP | Roaming Agent/Group Deleted, Autopilot Status Updated |
The Audit logs focus on configuration and administrative actions of the Portal. Incident operations are NOT included in these logs
Reviewing the Audit log
To access the Audit log, log into the Lumu MSP Portal with an Admin or Supervisor account and follow these steps.
1. Using the left navigation menu in the Lumu Portal, go to Accounts under the Settings section.
Supervisor users will see Audit Log under the Settings section since they do not have access to the accounts information of the company.
2. Now in the Accounts Setting page, select the Audit Log tab.
3. You will see a table listing the activities performed by the users of your company within the portal. Logs are sorted by date and time, with the latest activities shown first.
Even when a user has been erased from the system, its activity logs will show up for the following 180 days.
Using the Audit log interface
When reviewing the Audit log, you can perform the following actions:
Select the scope
You can filter the logs by selecting the scope of the data, you can opt to select the data from specific tenants or the activities within the portal. By default, the table shows all the data.
Supervisor users will only see information about the Portal activities and the tenants assigned to them.
Filter and search
By default, it is set to show the activities of the last 7 days. You can filter the data shown as follows:
- Use the quick filters where you can select from: Today, Yesterday, last 7, 30, 60, 90, or 180 Days.
- Use the Custom range where you can specify the exact dates you want to cover in the filtering.
- Use the search field to filter logs by User Name, Email, or Event Name.
Keep in mind that when using the Custom range filter, you cannot select dates older than 180 days.
View log details
The main view only displays the summary of the activities within the Portal. You can click on any row to display the full log in JSON format.
Additionally, when you display the full log, you will see a Copy (1) button within the expanded view to copy the log into your clipboard for further analysis.
4. Download and refresh
- Refresh: You can manually refresh the data displayed in the table to reflect the latest activities by clicking the refresh icon located next to the search bar.
- Download: By clicking the download icon, you can export the current data shown into a CSV file. You can only export up to 10000 items, we recommend you to use the filters to export only the information needed.
Get an AI Summary
Related Articles
Lumu MSP - Getting Started
Managed Service Providers (MSP) are one of Lumu’s finest partners when it comes to bringing proficient operation of cybersecurity to customers everywhere. It is for this reason that the Lumu Portal for MSP was created; there, MSPs can find all the ...Lumu Portal for MSP Navigation
The Lumu Portal for MSPs offers everything you need to manage your tenants and efficiently monitor the cybersecurity status of your customers. In this article, we will take a look at the different sections the Lumu Portal for MSP has, and how your ...How to Configure SSO in the Lumu MSP Portal using CyberArk
Learn how to Configure SSO in the Lumu MSP Portal using CyberArk by following this article. Requirements Before you can configure Single Sign-On (SSO) integration with the Lumu Portal using CyberArk, ensure that you have the following: Administrator ...How to Configure SSO in the Lumu MSP Portal using Keycloak
Prerequisites Before you can configure Single Sign-On (SSO) integration with the Lumu Portal using Keycloak, ensure that you have the following: Administrator access to your Keycloak app. Communication with Lumu Support to help you set up the SSO. ...Lumu Portal for MSP - Two-Factor Authentication (2FA)
The Lumu Portal for MSP offers secure login alternatives through the use of two-factor authentication (2FA), in this case, One-time Password (OTP) on top of your account password. You can use the Authenticator app you prefer, such as Google ...