Skip to main content

Audit Log

An immutable record of security‑relevant actions in your organization — who did what, when, and whether it succeeded. Use it for incident review and compliance evidence.

What's logged

Sign‑ins (success / failed / blocked), user and role changes, device actions, setting changes, remote‑session events, and more. Each entry shows the actor, the action, a timestamp, and the outcome, color‑coded so problems stand out:

  • Green — success
  • Red — failed / blocked / denied
  • Blue — created / enabled
  • Amber — deleted / disabled

Using it

  1. Go to Admin → Audit Log.
  2. Scan the timeline; the color coding surfaces failed logins, denials, and destructive changes at a glance.
  3. During an incident, look for the red (failed/blocked/denied) and amber (deleted/disabled) entries around the time in question.
note

For remote session history (who connected to which device, with recordings), see Logs & Recordings. For operations run on a device, see a device's Ops Replay tab.