Audit Log
When a user performs an action in the ESET PROTECT Web Console, the action is logged. Audit logs are created if a ESET PROTECT Web Console object (for example, computer, policy, detection, etc.) is created or modified.
Audit Log is a new screen available in the ESET PROTECT On-Prem. Audit Log contains the same information as the Audit log report, but it allows convenient filtering of the displayed data. You can also directly view the filtered audit log for various Web Console objects by clicking the Web Console object and selecting Audit Log.
Audit Log allows the Administrator to inspect the activities performed in the ESET PROTECT Web Console, especially if there are more Web Console users.
To view the Audit log, the Web Console user must have a permission set with the Audit log functionality. |
The Audit log permissions enables the user to view logged actions of all other users and domains, even those related to assets the user does not have sufficient rights to view. |
Click a line in Audit Log and you can perform the following actions:
Show Object Details |
Show the details of the audited object. |
Click a Policy Audit Log and select Show changes to see the visualized comparison of the policy changes: •Settings that have been added to the policy •Settings that have been removed from the policy •Settings that have been changed in the policy |
|
Show User Details |
Show details of the user who performed the action on the object. |
Audit Log |
Show the Audit Log for the selected object. |
Audit Log for selected User |
Show the Audit Log for the selected user. |
Time window for selected object |
Show the Audit Log for the selected object with an activated filter of time occurrence. |
Filtering the view
To filter, click Add Filter:
1.In some filters, you can select the operator by clicking the operator icon next to the filter name (the available operators depend on the filter type):
equals
doesn't equal
greater than
greater or equal
less than
less or equal
contains
starts with
ends with
is one of
has no value
has value
2.Select one or more items from the list. Type a search string or select the items from the drop-down menu in the filter fields.
3.Press Enter. Active filters are highlighted in blue.
You can filter the table view by various criteria:
•<= Occurred - Set the date and time before which the action occurred.
•>= Occurred - Set the date and time after which the action occurred.
•Action - Select the performed action.
•Audit Domain - Select the modified Web Console object.
•Audit User - Select the Web Console user who performed the action.
•Result - Select the action result.