Actions taken by Nebula users are logged on the Investigate > Activity Logs > Audit Log page for auditing purposes. This activity is recorded and displayed for 90 days, helping administrators identify which user made changes in Nebula and what those changes were.
The table on this page contains the following columns of data:
- Timestamp: Time the change was made. Click on the timestamp to view more details about the history of changes made, including which specific policy or schedule setting was modified.
- Click View Related Logs in the slideout to filter the Audit Log page for events with the same Record Name.
- Record Type: Type of Nebula record created, read, updated, or deleted. The following record types are available:
- Policy
- Schedule
- Group
- Exclusion
- Record Name: Name of the item modified, such as the policy or schedule name.
- Action Type: Displays whether an item was created, updated, deleted, or if a tamper protection password was revealed.
- User: Displays which Nebula User made the modification.
- IP Address: Displays the IP address of the user when they were logged in and took any actions in Nebula. Comparing this IP with other activities by the user helps identify potential account compromise. Multiple users changing settings from the same IP may also be suspicious. It's recommended to verify with users if they made changes from an unusual location.
The view of columns can be customized by clicking Add / Remove Columns.