Probely

Audit logs contain the record of user activity in Probely, allowing the reproduction of the timeline of events originated by users, which can be useful for identifying and analyzing behaviors or issues and taking the necessary actions.

This article is divided into the following sections:

Understand the information in the audit log report.

Mapping of object model values and business names.

- Generate the audit log report.
- Understand the information in the audit log report.
- Mapping of object model values and business names.

To analyze the audit log, first, we need to generate the report: 

In the menu at the top-right corner of the Probely app, select Audit Log.

Fill in the criteria of the report. You can download the list of actions performed by a single user or by all users in a specific period. When you’re done, click on EXPORT.

1. In the menu at the top-right corner of the Probely app, select Audit Log. 
2. Fill in the criteria of the report. You can download the list of actions performed by a single user or by all users in a specific period. When you’re done, click on EXPORT.

Understand the information in the audit log report

Essentially, events listed in the report describe which action was done, on which object, when, and by whom. In update actions, there is also information about the fields that changed, the old and new values.

The report is in CSV format and can be opened in any application that handles spreadsheets.

The events are sorted by date (starting with the oldest event), and all event details are displayed in columns:

user_email - Email of the user that originated the event.

date - Date and time of the event, in ISO 8601 UTC format.

action - Action of the event, that can be:

- create - A new object was created.
- update - An existing object was updated.
- delete - An existing object was deleted.

object_model - Type of object. See the next section for more information.

object_id - Identifier of the object.

field - In update actions, this shows the name of the property/parameter for which the value changed.

old_value - In update actions, this shows the value before the change.

new_value - In update actions, this shows the new value of the property/parameter.

- user_email - Email of the user that originated the event.
- date - Date and time of the event, in ISO 8601 UTC format.
- action - Action of the event, that can be:
 - create - A new object was created.
 - update - An existing object was updated.
 - delete - An existing object was deleted.
- object_model - Type of object. See the next section for more information.
- object_id - Identifier of the object. 
- field - In update actions, this shows the name of the property/parameter for which the value changed.
- old_value - In update actions, this shows the value before the change.
- new_value - In update actions, this shows the new value of the property/parameter.

Mapping of object model values and business names

The following table contains the mapping of the object_model values to the business names:

Object_model value	Business Name
vulndb \| scope	Target
domains \| domain	Domain
vulndb \| assessment	Scan
vulndb \| asset	Extra Host
vulndb \| asset sequences	Navigation Sequence
vulndb \| finding	Finding