Audit Log
An immutable record of security‑relevant actions in your organization — who did what, when, and whether it succeeded. Use it for incident review and compliance evidence.
What's logged
Sign‑ins (success / failed / blocked), user and role changes, device actions, setting changes, remote‑session events, and more. Each entry shows the actor, the action, a timestamp, and the outcome, color‑coded so problems stand out:
- Green — success
- Red — failed / blocked / denied
- Blue — created / enabled
- Amber — deleted / disabled
Using it
- Go to Admin → Audit Log.
- Scan the timeline; the color coding surfaces failed logins, denials, and destructive changes at a glance.
- During an incident, look for the red (failed/blocked/denied) and amber (deleted/disabled) entries around the time in question.
note
For remote session history (who connected to which device, with recordings), see Logs & Recordings. For operations run on a device, see a device's Ops Replay tab.