Audit log

This page includes:

• Audit log
  • About the audit log
  • Showing the audit log
  • Searching the audit log
  • Downloading the audit log
  • Action types

About the audit log

You can view the "Acronis Email Security" audit log. The audit log lets you see what actions were performed by your admin users - and by the "Acronis Email Security" IR Team - in "Acronis Email Security", in your organization. The audit log includes actions such as changing a verdict, previewing an email, and viewing a screenshot. Transparency is important to Fortinet. The audit log enhances transparency by enabling you to see the actions that were performed on the data in your organization.

• You can use the filter feature in the audit log to show all the actions that include the specified text in the Description or Action columns. For example, you could look for events performed by a specific user, "John".

• Data retention: Data in the audit log is maintained for 180 days.

The Audit Log page is available to admin users with the "Administrator" role only.

Showing the audit log

To show an audit log:

1. In "Acronis Email Security", in the left navigation menu, select Security Operations > Audit Log.

   All actions that were performed in the last day will be shown.

2. Use the Date Range selector and the Search feature [see below] to change the list of displayed actions.

Searching the audit log

When you use the Search functionality to filter the log entries that are displayed, the following fields are included in the search:

• Action

• Description

• Admin

Downloading the audit log

You can download the audit log - in csv format. This is typically done for investigation purposes. The downloaded file will include all events and data currently displayed in the audit log - based on the current Date Range and Search settings.

Note: In the downloaded CSV files, all dates and times are in UTC format. This can't be changed. Times may therefore differ from the times that appear in the UI of the Audit Log page. You can include a maximum of 5,000 events in any download of the audit log.

To download the audit log:

1. In "Acronis Email Security", in the left navigation menu, select Security Operations > Audit Log.

2. Use the Date Range selector and the Search feature to change the list of displayed actions.

3. Click Download CSV - in the top-right corner.

   

Action types

Below are the available action-types that may appear in the audit log, in alphabetic order.

Note: The action types will appear slightly modified in the Audit log in "Acronis Email Security". For example, export-scans will appear as Export Scans. When filtering the Audit log entries that are displayed, it is recommended that you use the versions of the action types as they appear in the table below [and not as they appear in the UI].

	Available action types
	acronis-login acronis-user-created add-screenshot-to-blacklist analyze-sample changes_monitor copy-scan-to-demo create-new-organization-domain delete-email-from-inbox delete-user disable-decision django-admin download-scans download-scan-sample enable-decision export-scans handle_case handle_event handle_scan highlight-scan login logout malicious-file-reported-by-endpoint,30 modify-user organization-change-audit organization-created	organization-domain-deleted organization-mailboxes-billing-method-changed organization-number-of-mailboxes-changed organization-number-of-seats-changed organization-seats-billing-method-changed organization-organization-name-changed organization-organization-type-changed organization-was-changed-on-organization-domain protected-user-added protected-user-changed protected-user-deleted release-email report-sent request-investigation rescan resend-email resend-user-invitation saml-token-created send-user-invitation setup-email settings-add settings-change settings-delete update-smtp-record watch-scan-screenshots

See also: 

• Setup