Audit Logging in Konnect
Audit logging enables administrators to better spot security risks and maintain compliance of their core infrastructure.
Audit logs can help you detect and respond to potential security incidents when they occur. Monitoring audit logs proactively can reduce the risk of outages and ensure continuous service for your users. No system can ever be completely secure, but audit logs can be a key part of your incident prevention infrastructure.
By tracking Konnect audit logs, you gain the following benefits:
Security: System events can be used to show abnormalities to be investigated, forensic information related to breaches, or provide evidence for compliance and regulatory purposes.
Compliance: Regulators and auditors may require audit logs to confirm whether certain certification standards are met.
Debugging: Audit logs can help determine the root causes of efficiency or performance issues.
Risk management: Prevent issues or catch them early.
Setting up audit logging in Konnect
Konnect administrators can track streams of security events and operational changes per organization.
You can do this by setting up a webhook to send data to any
log collection service that supports ArcSight CEF Format or JSON-formatted data.
Audit logging webhooks can be configured through the Organization menu, or
using the Audit Logs API.
Only Konnect org admins can configure and view audit log webhooks.
Audit information includes authentication attempts and authorization requests.
Each of the audit events contains a trace ID that allows events to be correlated to specific actions.
See the audit log reference for details on what is logged.
Note: You can’t customize the events that Konnect sends to the logs.