Follow

Audit data and user activity in Cognito

Vectra platform logs user activity in syslog. This empowers organizations to track usage of critical systems such as Cognito.  These logs can be fed directly into log management solutions and used during internal audits.  These logs are currently available only via syslog at this time.

For more information on how to configure syslog:  https://support.vectranetworks.com/hc/en-us/articles/360047317593-Cognito-Detect-Syslog-Guide#configure 

Syslog are currently generated for audit purposes:

  • Login events (success & failures)
  • RBAC changes (create / edit / delete roles)
  • User management (add user / delete user / change user role / edit roles / password change)
  • Triage filters (create / edit / delete)
  • Marking Detections as Fixed
  • Settings (System, Notifications and Services)

Syslog entries include: Timestamp, Username, Event type, Modified field, New value (if it is an edit). 

Example of syslog audit entry:

Vectra Networks|X Series|4.3|audit|user_action|0|dvc=10.10.10.10|dvchost=vectra.vectra.io suser=vadmin spriv=Super Admin src=10.10.10.1 deviceFacility=13 cat=user_action outcome=success msg=change Sensor settings from {"password": "***********", "autopair_enabled": "on"} to {"password": "***********", "autopair_enabled": "on"}

 

Was this article helpful?
0 out of 0 found this helpful

Download PDF

0 Comments

Article is closed for comments.