LogoLogo
  • Introducing dope.swg
    • Changing the Rules...
    • Quick Start Guide
      • Create a dope.swg Account
      • Get Started with the dope.endpoint
      • Import User and Group Data
      • Create a dope.swg Web Policy
    • Mitre ATT&CK and Nist CSF
  • dope.console
    • Analytics
      • Overview dashboard
      • Policy View
      • Productivity
      • Shadow IT
      • Detail View
    • dope.swg Policy
      • Editing the Base Policy
      • Adding Policy Exceptions
      • Assigning a Block Page
      • Creating Custom Categories
      • URL Bypass List
      • Application Bypass List
      • Default Bypass List
      • Cloud Application Control (CAC)
        • Microsoft O365
        • Google
        • Box
        • Salesforce
        • Dropbox
        • Slack
        • WebEx
      • Custom Policy
      • Policy Assignment
      • Policy Inheritance and Customization
    • CASB Neural
      • Microsoft 365 - Authentication
      • Google - Authentication
      • CASB DLP
        • DLP Files Table
    • Endpoint Manager View
      • Searching the View
      • Filtering and Sorting the Endpoint View
      • Endpoint Count
      • Running Diagnostics
      • Disable Endpoint
    • Settings
      • General
      • Block Pages
      • Endpoints
      • Users
        • Importing from Google
        • Why not SAML & SCIM?
      • Audit Log
      • SIEM Integration
        • Category & Verdict Mappings
      • API Client Credentials
      • Billing Details
    • Notifications
      • SSL Errors
  • dope.endpoint
    • Trusted Process Names
    • Generate Diagnostics
    • Disable Endpoint
    • Installing using MDM on Mac
      • Using JAMF
      • Using Kandji
      • Using Intune
    • Installing using Intune on Win
    • Mac Installer
      • Installation Process - Silent
      • Uninstall
      • Endpoint Authentication
    • Windows Installer
      • Installation Process - Silent
      • Uninstall
      • Endpoint Authentication
    • dope.endpoint UI
      • Windows UI
      • macOS UI
    • Automatic Updates
  • Release Notes
  • DOPE.APIs
    • Public API Specification
Powered by GitBook
On this page
  • Audit Log Actions
  • Audit Log Format
  • Audit Log Search
  • Search by action
  • Search by time
  1. dope.console
  2. Settings

Audit Log

PreviousWhy not SAML & SCIM?NextSIEM Integration

Last updated 1 year ago

If you need to see what has been happening within dope.swg console, then go to the Audit Log. The Audit Log works as a log of actions that have occurred within an account over the last 30 days.

To view the Audit Log go to Settings -> Audit Log

Audit Log Actions

The Audit Log will report on the following dope.swg console events

Settings

Admin Management

  • New Admins

  • Admin Removal

  • Logins

  • Logout

User/Group Updates

  • Initial import — No. of users/groups added/removed

  • Delta import — No. of users/groups added/removed

  • Errors — update user/group fails e.g. authorization failure

Endpoint Configuration

  • Anti-uninstall password configured/changed

  • Fail closed ON/OFF

OIDC Configuration

  • OIDC Configuration enabled/disabled

  • Config update i.e. domains edited

Block Pages Updates

  • New custom page added/deleted/changed

Security Information and Event Management (SIEM) Integration

  • SIEM Integration enabled/disabled

Policy

  • Policy created/deleted/updated

Cloud App Control (CAC) Policy Updates

Application and Domain Bypass Updates

Policy Assignments

  • User/group assigned to a policy

  • Policy Clashes i.e. a user(s) associated with two groups assigned to different policies

Endpoint Manager

  • New endpoint registered with the dope.cloud

  • Endpoint uninstalled

  • Dormant endpoint deleted after 35 days

  • Admin enabled endpoint to Debug Mode

  • Admin disabled endpoint from Debug Mode

Analytics

  • Export to CSV

Audit Log Format

As well as recording the action, the log will record the admin responsible for the action and the timestamp for the action.

Audit Log Search

Search by action

You have the option of searching by email or by specific action. When selecting the search icon, different groups of actions will appear as a dropdown.

Select the type of Audit group action to search. On selection, a deeper breakdown of actions will be presented specific to the group.

For example, selecting the group Policy will result in the following Audit Log Actions to be presented:

Selecting the Action from the list will filter the Audit Log to show only these actions.

Search by time

On the left-hand side of the Audit Log, there’s a date widget showing the last 30 days.

Selecting a specific date will scroll the Audit Log’s position to that date, providing an easy way to jump to a date where an action of interest may have happened.

Automatic actions are assigned to the user dope.cloud

Audit Log Example