Audit logs
The View Audit Logs page provides a centralized view of activity logs across the Portal instance, allowing Organization administrators to review, filter, investigate, and export audit events. From this page, they can access detailed event information to understand who performed an action, what happened, which resources were affected, when the event occurred, where it originated from, and why it was triggered in the first place.
Organization administrators can also use this page to:
- Gain complete visibility into user activity to understand who performed specific actions across the Portal instance and when those actions occurred
- Use flexible search and filtering to promptly identify relevant audit events using custom filters and time ranges
- Perform targeted investigations to efficiently identify suspicious activity, configuration changes, access events, or operational issues that require attention
- Export audit records for sharing with security, compliance, or support teams, or for retaining logs for reporting and further analysis. Audit records can be exported from the Portal or via the Portal API
- Access a centralized audit history, providing a single place to review activity across the Portal instance
- Enable faster troubleshooting and compliance support by helping teams trace changes, investigate incidents, and maintain accountability with detailed historical records
Navigating the Audit pageโ
The View Audit Logs page is divided into two main parts:
Audit Exportsโ
The Audit Exports section is an expandable part of the page that contains a table displaying all exported logs.
In the header, you can see how many exports have been generated.
You can also use the Show/Hide Exports button to expand or hide the exports table.
The table contains the following information:
- a custom name for the exported collection of logs
- NDJSON download link (if it exists)
- CEF download link (if it exists)
- Actions menu, from which you can choose to Delete Export
Clicking on any download link in the table downloads a ZIP file with the exported logs. Exports expire 7 days after they're generated. After the link expires, you can no longer download the generated file. The system checks for expired jobs on a daily basis and deletes them automatically from the table. Manually, only the Delete Export action completely removes the export from the table.
Audit Logsโ
The Audit Logs section contains a table displaying all logs that match the currently applied filters.
Above the table, there is a header that shows:
- the Export button, from which you can export the filtered logs in NDJSON, CEF, or both formats
- the active time range used to filter the logs displayed in the table; you can select a time range of up to 30 days
- amendable list of filters currently applied to the search
- the Add Filter button, from which you can add more filters to narrow down your search
- the total number of entries that have been found
From the table, you can get the following information:
- Info, with additional information on the logged activity. Besides the information common to all logs, like an IP address or a user, additional context or changes may be listed depending on the action. If the action had an unsuccessful outcome, the additional information will contain an error message explaining what went wrong
- Timestamp, when the action was performed (date and time)
- User, which user performed the action
- Action, what was performed. A list of supported actions can be found here
- Target, which entity in the Portal was affected by the action. Can be one of the following:
organization,group,project,package,version,filestream_file,user - Outcome, whether the action was successful or unsuccessful
Audit logs in the table are automatically refreshed every time a filter is added or removed, or a time range is updated. By default, the logs are sorted by Timestamp from newest to oldest and cannot be re-sorted in any way.
Logs cannot be updated or removed from the table.
Filtering logsโ
To narrow down your activity logs, you can select any combination of the following filters:
- Action - choose an action users perform from the dropdown list. A list of supported actions can be found here
- Outcome - choose whether the action was successful or not
- User Email - choose the email address of the user who performed the action
- Authentication Context - choose whether the action was performed from the Portal instance or via the Portal API
- Target Type - choose the category of the target the action was performed on. Accepted values:
organization,group,project,package,version,filestream_file,user - Target Name - choose the name of the specific resource the action targeted. Accepted values:
organization,group,project,package,version,filestream_file,user. Can only be selected ifTarget typeis used - Group Name - choose the Portal group the user who performed the action is a part of
- Project Name - choose the project on which the action was performed
- Package Name - choose the package on which the action was performed
By default, logs are filtered to the last 24 hours, but you can select a time range of up to 30 days. If you need logs older than that, use the Start an audit log export endpoint in the Portal API. It supports a time range of up to 365 days.
Depending on the filter, the following Operators are available:
- is
- is not
- is any
- is not any
Existing search filters can be updated at any time by selecting the desired filter above the Audit Logs table.
Supported actionsโ
Supported Audit Actions
filestream_file.approval.updated
filestream_file.deleted
filestream_file.downloaded
filestream_file.imported
filestream_file.moved_to_project
filestream_file.report.cyclonedx.exported
filestream_file.report.rl-cve.exported
filestream_file.report.rl-summary-pdf.exported
filestream_file.report.rl-uri.exported
filestream_file.report.sarif.exported
filestream_file.report.spdx.exported
filestream_file.updated
filestream_file.uploaded
filestream_file.upload_quota.spent
group.created
group.deleted
group.licensing.limit.updated
group.policy_configuration.updated
group.profile_configuration.exported
group.profile_configuration.imported
group.updated
organization.audit_export.created
organization.audit_export.deleted
organization.licensing.cli_site_key.deleted
organization.licensing.cli_site_key.updated
organization.licensing.quotas.reallocated
organization.pat.all_revoked
organization.policy_configuration.updated
organization.profile_configuration.imported
organization.profile_configuration.exported
organization.session_lifetime.updated
organization.sso.disabled
organization.sso.oidc.setup.applied
organization.sso.oidc.setup.created
organization.sso.saml.setup.applied
organization.sso.saml.setup.created
organization.sso.saml.setup.pending
package.created
package.deleted
package.updated
project.created
project.deleted
project.updated
user.invite.accepted
user.invite.resent
user.invite.sent
user.login
user.logout
user.password_changed
user.password_reset_completed
user.password_reset_initiated
user.pat.all_revoked
user.pat.created
user.pat.revoked
user.removed
user.sso.oidc.login
user.sso.saml.login
user.scim.created
user.scim.deleted
user.scim.updated
user.scim.search
user.updated
version.approval.updated
version.deleted
version.downloaded
version.imported
version.release_status.updated
version.report.cyclonedx.exported
version.report.rl-checks.exported
version.report.rl-cve.exported
version.report.rl-diff.exported
version.report.rl-json.exported
version.report.rl-safe.exported
version.report.rl-summary-pdf.exported
version.report.rl-uri.exported
version.report.sarif.exported
version.report.shared_report_created
version.report.shared_report_deleted
version.report.shared_report_edited
version.report.shared_report_sent
version.report.shared_report_unshared
version.report.spdx.exported
version.updated
version.uploaded
version.upload_quota.spent
Exporting logsโ
Audit logs can be exported by using the Export button in the Audit Logs section of the page. Selecting the button opens a dialog, from which you can:
- see that the download link you're generating is live for 7 days
- type in the name for the export, which will be shown in the Audit Exports table
- select the type of the export, where you can choose between NDJSON and CEF formats, or simply choose both
- read details on the applied filters
Once the export is generated, it is visible in the Audit Exports table at the top of the View Audit Logs page.
Audit logs can also be exported via the Portal API.