Audit Logs

Updated

This article describes what is contained inside the Audit Logs, as well as how to access and search for this information in Mimecast Email Security Cloud Integrated. It is intended for Administrators.

Introduction

Audit Logs allow you to review logs regarding account access and configuration changes made by administrators.

Accessing Audit Logs

You can access the Audit Logs, by using the following steps:

  1. Log in to Mimecast Email Security Cloud Integrated.
  2. Click on the menu Screenshot 2022-08-10 at 12.09.34.png icon.
  3. Select Audit Logs.

Log Events 

Event Information Description
User Displays the email address of the user who triggered the event.
Category Displays the category of event that generated the log file (e.g. Search).
Action Displays the type of event that generated the log file (e.g. Query).
Details Displays brief details about the event or changes made. The details displayed depend on the type of event. While the below list is not all-inclusive, some common examples include:
  • From
  • To
  • Subject
  • Message ID
Date / Time Displays the date and time that the Audit Log was created.

Log Event Types 

There are different event types captured in the Audit Log. The following describes some of the different event types.

This is not a comprehensive list of all Audit Log Events.

Viewed Detection Event 

When a detection is viewed in the system, this is tracked to allow administrators to monitor activity related to threat investigation and ensure accountability.

The following details are captured when a detection is viewed: 

vieweddetectionevent.png

  • User details 
  • Category: Entity 
  • Action: Viewed Detection 
  • Details: From, To Subject, Message ID 
  • Date/Time 

BEC Content View Event 

When a user views the content of a Business Email Compromise (BEC) detection, this is tracked for administrators to monitor sensitive investigations and ensure compliance.

Every toggle switch is captured. 

The following details are captured when BEC content is viewed: 

viewedbecevent.png

  • User details 
  • Category: Entity 
  • Action: Viewed BEC Content 
  • Details: From, To, Subject, Message ID 
  • Date/Time

Logout Event 

When a user logs out of the system, this is tracked for administrators to maintain a comprehensive record of user sessions for security and auditing purposes.

The following details are captured when a logout occurs:

logoutevent.png

  • User details 
  • Category: Authentication
  • Action: Admin Logout
  • Details: -
  • Date/Time 

Manual logout and session timeout are treated similarly.

Export Event 

When users export logs, this is captured to maintain visibility of audit activity.

The following details are captured when an export occurs:

export.png

  • User details 
  • Category: Account 
  • Action: Export 
  • Details: -
  • Date/Time

 

Related to

Was this article helpful?
1 out of 2 found this helpful

Comments

0 comments

Please sign in to leave a comment.