The Cloud Security audit report provides administrators and auditors with complete visibility into all events and changes occurring in the platform. This audit trail allows for the tracking of all actions taken, ensuring accountability and facilitating fast identification of potential security or compliance issues. Key features and benefits of the report include: Detailed event logging, accurate change tracking, role-based access control (RBAC), and integration with SIEM servers.
The audit report is an essential tool for maintaining a secure and compliant cloud environment. By providing detailed visibility into all activities and changes, it enables organizations to proactively manage risk, ensure accountability, and streamline security operations.
For more information about the audit report, see Audit.
Audit events
The following table lists all audit events performed on Cloud Entitlements:
| Event | Audit level | Description |
|---|---|---|
| Acknowledge recommendation | Tenant | Acknowledged a recommendation. |
| Connect Account | Tenant | Connected an account. |
| Create AWS User | Tenant | Created an AWS user. |
| Create AWS User Access Key | Tenant | Created an AWS user access key. |
| Create Azure Application | Tenant | Created an Azure application. |
| Create Azure User | Tenant | Created an Azure user. |
| Create GCP Service Account Access Key | Tenant | Created a GCP service account access key. |
| Create Secret | Tenant | Created an Azure application secret. |
| Delete AWS User | Tenant | Deleted an AWS user. |
| Delete AWS User Access Key | Tenant | Deleted an AWS user access key. |
| Delete Azure Application | Tenant | Deleted an Azure application. |
| Delete Azure Application Secret | Tenant | Deleted an Azure secret. |
| Delete Azure User | Tenant | Deleted an Azure user. |
| Delete GCP Service Account Access Key | Tenant | Deleted a GCP service account access key. |
| Delete Inline Policy AWS + <Identity type> | Tenant | Deleted an AWS inline policy from an identity. |
| Detach AWS + <Identity type> + Policy | Tenant | Detached an AWS identity policy. |
| Disable Account Security Policies | Tenant | Disabled account security policies. |
| Just in Time Elevation Policy for AWS + <Identity type> | Tenant | Added a new temporary policy to an AWS identity. |
| Just in Time Elevation Role Assignment for Azure + <Identity type> | Tenant | Added a new temporary role to an Azure identity. |
| Remove Azure + <Role type> + from + <Identity type> | Tenant | Removed an Azure role from an identity. |
| Revoke Just in Time Elevation Policy for AWS + <Identity type> | Tenant | Revoked a new temporary policy from an AWS identity. |
| Revoke Just in Time Elevation Role Assignment for Azure + <Identity type> | Tenant | Revoked a new temporary role from an Azure identity. |
| Update Account | Tenant | Updated an account. |
| Update Account Security Policies | Tenant | Updated account security policies. |
| Update Security Policies | Tenant | Updated security policies. |