What Gets Logged
| Category | Events |
|---|---|
| Sessions | Session started, session ended, session terminated |
| Accounts | Account created, updated, deleted |
| Folders | Folder created, updated, deleted |
| Templates | Template created, updated, deleted |
| Memberships | Membership added, updated, removed |
| Product Access | Product member added, removed, role changed |
- Timestamp — when it happened
- Actor — who did it (user, email, IP address)
- Action — what was done
- Target — what was affected
- Details — relevant context (e.g., what changed)
Viewing Audit Logs
- Go to Privileged Access Management → Audit Logs
- Browse the log (newest first) or use filters
Audit Logs vs Session Recordings
These are complementary: Audit logs track metadata — who accessed what account, when, from where. They tell you that something happened. Session recordings capture content — the actual queries and commands. They tell you what was done during the session. For a complete picture, you need both. The audit log tells you Alice accessed the orders-db at 2pm; the session recording shows you exactly what queries she ran.Retention
Audit logs are retained according to your organization’s policy. Events are immutable — they can’t be modified or deleted.Common Use Cases
Access reviews — Filter by date range to see who accessed what during a specific period. Incident investigation — Search for a specific account or user to trace actions before or after an incident. Change tracking — Filter by event type to see configuration changes (template updates, membership changes). User activity reports — Filter by actor to see everything a specific user did.Next Steps
Sessions
View session recordings for detailed activity.
Architecture
Understand how PAM works under the hood.