# Audit logs Audit logs serve as an effective tool to understand changes made within your workspace. This feature documents a detailed record of actions taken by users, allowing you to track who made specific changes, when they were implemented, and what entity was altered. Audit logs are a great way to track changes, identify discrepancies, and gain a holistic view of changes that have been made in your workspace. You can access the audit log through the Cortex UI or the public API endpoint. ## Managing audit logs ### Managing audit logs via the API Audit logs can also be accessed through the public API endpoint. Please refer to our [Audit Logs API documentation](https://app.gitbook.com/s/nPgS8L9MAPtoOtdWdeDp/readme/audit-logs) to learn how to retrieve audit logs. ### View audit logs in the Cortex UI You must have the `View audit logs` permission. You can access audit logs under [**Settings > Audit logs**](https://app.getcortexapp.com/admin/settings/audit-logs).
From the audit log page, you will see a list of user activities. Each log includes information categorized in the following columns: * **Actor:** The user or API key who performed the action. * N/A indicates that the change is attributed to GitOps or the auto-import of entities. * **Action type:** The action that was performed - "created", "deleted", or "updated". * **Object type:** The object that changed. * See the full list of possible [object types below](#object-types). * **Object identifier:** The unique identifier of the object. * **Date:** When the action occurred. You can click into any row to open a side panel with more details about the change. ### Filtering audit logs Click **Filter** in the upper right corner to select and apply filters to narrow the scope of your list. You can apply filters for: * API key identifier * Action type * Actor IP address * Actor email * Actor type * Anonymous request type * Date range * Entity * Object type ![Select filter options for the audit log list.](https://826863033-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FJW7pYRxS4dHS3Hv6wxve%2Fuploads%2Fgit-blob-549b99dfbf6b39703b7263011ed45d63418491ef%2Ffilter-audit-logs.jpg?alt=media) #### How the filters work When filtering by email address or You can select one or more items from the dropdowns for each field. When multiple items are selected for a given field, Cortex queries with an `OR` operator. When multiple field filters are applied, Cortex separates the queries with an `AND` operator. For example: * If `CREATE` is selected for Action type and `SCORECARD` is selected for Object type, the backend query is `create AND scorecard`. * If both `CREATE` and `DELETE` are selected for Actions and `SCORECARD` is selected for Types, the query would be `(create OR delete) AND scorecard`. This would show all Scorecards that have been created or deleted within the selected timeframe. ## **Audit log reference** ### **Object types** The following object types are included in audit logs: * `ACCOUNT_FLAG` * `ALLOW_LIST_ENTRY` * `API_KEY` * `CATALOG` * `CATALOG_FILTER` * `CORTEX_USER` * `CUSTOM_ROLE` * `DOMAIN` * `ENTITY_TYPE_DEFINITION` * `INITIATIVE` * `OAUTH_CONFIGURATION` * `OPENAPI_DEFINITION` * `PERSONAL_API_KEY` * `RESOURCE` * `SCORECARD` * `SECRET` * `SECRET_GROUP` * `SERVICE` * `TEAM` * `WORKFLOW` * Integrations * Configuration (e.g. `OKTA_CONFIGURATION`) * OAuth configuration (e.g. `BITBUCKET_OAUTH_CONFIGURATION`) * OAuth registration (e.g. `JIRA_OAUTH_REGISTRATION`) * On-prem configuration (e.g. `JIRA_ONPREM_CONFIGURATION`) * On-prem webhook secret (e.g. `BITBUCKET_ONPREM_WEBHOOK_SECRET`) * Personal configuration (e.g. `BITBUCKET_PERSONAL_CONFIGURATION`) * SAST configuration (e.g. `MEND_SAST_CONFIGURATION`) GitHub also has some unique types associated with it: `GITHUB_APP_CONFIGURATION`, `GITHUB_APP_INSTALLATION`, `GITHUB_PERSONAL_TOKEN`, and `GITHUB_WEBHOOK_SECRET`. ### **Actors** **Actors** include the following information: * **Actor Types:** `ANONYMOUS`, `API_KEY`, `BACKSTAGE`, `OAUTH2`, or `PERSONAL_API_KEY` * **API Key Identifiers:** When filtering by this field, enter API key names or the last 4 characters of an API key. * **Emails:** When filtering by this field, the email address must be an exact match to the user's email. * **IP Addresses** * **Anonymous Request Types:** * `API_KEY_ENTITY` * `BRAIN_AI` * `CUSTOM_INTEGRATION` * `SCORECARD_BADGES` * `SLACK_COMMAND` * Integration webhooks (e.g. `ATLASSION_WEBHOOK`)