Audit Log

This feature is currently available in Beta version

📘

This article described the OLD version of the Audit log. This version is still active on our shared instance. If you are using the private or exclusive instance, please refer to the New Audit log article.

Audit logging offers chronological records of user activity in the Exponea application, including information about a user and a detailed overview of actions performed by the user. Using Audit logging provides proof of GDPR compliance, operational integrity and it can also serve as a source of information for audit investigations. Moreover, it allows you to identify the origin of any security incident.

The access to the Audit Log is restricted, and only authorized users can search, filter, or download logs for a specific time period. Audit log records will contain logs that include interaction with the application and with customer accounts.

While the Audit log is operational in all instances, access to log reports is only available on Private and Exclusive instances. If you want to use these features, contact your CSM.

Audit log at the account level

Audit log on account level tracks all activities for a specific account. When you have several projects under one account all activities are aggregated to this audit log. Every activity is linked to the user/API who performed it. For each user/API, we track the properties described below:

Property

Description

Data type

Example

subject_type

Type of access used (existing user or API access)

string

existing_user/api_token

subject_identifier

Username (usually email) used during login

string

[email protected]

subject_remote_addr

IP address of user/API when when triggered the action

string

32.68.182.60

resource_project_id

Project token where user/API triggered action

string

a2a36816-c025

resource_account_id

Account id where user/API triggered action

string

a2a36816-c025

subject_provider

The authentication provider that was used during login

string

google

resource_project_slug

Page slug of the resource project

string

/media_project

resource_identifier (optional)

ID changed as a result of the action made.

string

ID of the original campaign.

resource_query (optional)

Query made.

string

Customer filter used during the deletion of customers.

resource_snapshot (optional)

The status of the campaign at the time of the action.

string

Running

resource_before/after_status (optional)

How the status of the campaign changed as a result of the action.

String

Running/stopped

Property

Description

Data type

Example

subject_user_id (for existing user)

UUID of a user

string

a2a36816-c025

subject_access_group_id (for API access)

UUID of a group

string

a2a36816-c025

subject_access_key (for API access)

Access key

string

Key123

subject_permissions (for API access)

Permission for the given API token

string

The user's/API's activities trigger an audit event. Attributes of the audit event provide more details for the audit log:

resource_type describes the location/part of the application where the activity was triggered
action_type describes the action for the resource_type

Tracking activities when resource_type = customer

action_type

Resource_type

Description

create

customer

Create customer from interface

update

customer

Update customers attributes from interface

delete

customer

Deletion of customer from interface. This action also includes bulk deletion of customers.

In case of bulk deletion, attribute object_id stores the link to the file with filter. This filter was applied to customer during bulk deletion.

anonymize

customer

Anonymization of customer from interface

read

customer

View customer in Exponea CRM. This actions also includes bulk download of customers.

In case of bulk download, attribute object_id stores the link to the file with filter. This filter was applied to customers during download action.

Tracking activities when resource_type = {others}
In this case, we are talking about activities all over the application. These activities usually have among the actions either create, update, or delete. The resource_types provided below are just examples, much more locations are being tracked.

action_type

resource_type

Description

create

trend

Trend was created

update

campaign_design

Campaign was updated

delete

aggregate

Aggregate was deleted

🚧

Data expiration time period for the audit event is set to 3 years.

Audit log at the instance level

Tracks all activities, that don't belong to any account/project as the actions login/log out. On the instance level under the event access, the audit log tracks all customers who logged in/logged out.

action_type

action_success

Description

login

false/true

The user was/was not logged in

logout

false/true

The user was/was not logged out

The project for looking into the instance-level audit log is named Audit Log - Instance. The example of this would is https://app.exponea.com/p/audit-log-instance1/crm/customers/pages/1.

Updated 25 days ago

Audit Log


This feature is currently available in Beta version

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.


We rely on cookies

to optimize our communication and to enhance your customer experience. By clicking on the Accept and Close button, you agree to the collection of cookies. You can also adjust your preferences by clicking on Manage Preferences. For more information please see our Privacy policy.

Manage cookies
Accept & close

Cookies preferences

Accept & close
Back