Understanding the Admin audit log
Who can use this feature
- Supported on Enterprise plans
- Accessible to org admins and business admins
Maintain transparency and control with our new Admin audit log: a centralized record of all system-level activity.
In this article:
- Accessing the Admin audit log
- Understanding the Admin audit log
- Configuring the audit log
- Frequently asked questions
Accessing the Admin audit log
To access the Admin audit log, go to Org settings > Reporting > Admin audit log.
The Admin audit log provides admins with the information they need to track system-level activities like:
- Configuration changes
- User management updates
- Security-related activities
Understanding the Admin audit log
The Admin audit log records actions occurring in the WRITER app and via API. For a full list of events recorded, see the chart below.
Each recorded action includes key metadata, including:
- Actor (user email)
- IP address
- Product area (the part of the product in which the action occurred, e.g. style guide, settings, sign-in, etc)
- Action taken
- Result (whether the attempt was successful or not successful)
You can conduct a search to narrow down the events on display. You can search by:
- Event
- IP address
You can filter by:
- Area
- Event
- Actor (email address)
- Result (whether the attempt was successful or not successful)
You can sort by the most recent or least recent events.
Events captured in the Admin audit report
| Product Area | Action |
| Sign in | Enable password |
| Sign in | Disable password |
| SAML/Domain discoverability | Enable SAML domain |
| SAML/Domain discoverability | Disable SAML domain |
| SAML/Domain discoverability | Update domain discoverability settings |
| Security | Updated domain management settings |
| Billing groups | Create a billing group |
| Billing groups | Update a billing group |
| Billing groups | Delete a billing group |
| ServiceAccount | Created service account |
| ServiceAccount | Deleted service account |
| OAuthApp | Created OAuth app |
| OAuthApp | Updated OAuth app |
| OAuthApp | Deleted OAuth app |
| Team | Created team |
| Team | Updated team |
| Team | Deleted team |
| Style guide | Created style guide page |
| Style guide | Updated style guide page |
| Style guide | Deleted style guide page |
| Style guide | Published style guide |
| Style guide | Unpublished style guide |
| Style guide | Updated style guide settings |
| Style guide | Updated style guide appearance |
| People | Invited WRITER app user |
| People | Invited AI Studio user |
| People | Deleted user |
| People | Updated user billing group |
| People | Updated user organization role |
| People | Updated user organization console role |
| Suggestion | Updated suggestion Punctuation settings |
| Suggestion | Updated suggestion Style settings |
| Suggestion | Updated suggestion Clarity settings |
| Suggestion | Updated suggestion Delivery settings |
| Suggestion | Updated suggestion Inclusivity settings |
| Suggestion | Updated suggestion Compliance settings |
| Suggestion | Updated suggestion Plagiarism settings |
| Suggestion | Updated suggestion General settings |
| Suggestion | Updated suggestion Grammar checker settings |
| Suggestion | Updated suggestion Terms settings |
| Term | Created term |
| Term | Updated term |
| Team | Deleted term |
| Snippet | Created snippet |
| Snippet | Updated snippet |
| Snippet | Deleted snippet |
| Voice | Created voice |
| Voice | Updated voice |
| Voice | Deleted voice |
| Team prompt | Created team prompt |
| Team prompt | Updated team prompt |
| Team prompt | Deleted team prompt |
| Knowledge Graph | Created knowledge graph |
| Knowledge Graph | Updated knowledge graph |
| Knowledge Graph | Deleted knowledge graph |
| Knowledge Graph | Added knowledge graph files |
| Knowledge Graph | Deleted knowledge graph files |
| Magic link | Added magic link website |
| Magic link | Deleted magic link website |
| Teammate | Added teammate |
| Teammate | Removed teammate |
| Teammate | Updated teammate role |
Configuring audit log export
You can ingest data from our admin audit log into your SIEM of choice via S3 export, allowing you to query and integrate WRITER audit log data into your preferred platforms.
To get started, select Configure logs from the top right corner of the page.
Next, setup an S3 bucket and corresponding IAM policy on AWS.
Enter your S3 bucket name and role name (ARN) copied from your IAM policy into your Writer settings and select Next.
Copy the âRole Trust Policyâ. In your AWS console, navigate to IAM > Roles, âTrust relationshipsâ and then âEdit trust policyâ and paste the policy.
Copy the âS3 Bucket Policyâ. In your AWS console, navigate to your IAM policy and add this as a permission in the policy editor.
Click âTest & Saveâ and youâll see a successful authentication notice if configured correctly.
Frequently asked questions
Can I export the Admin audit log?
Yes, you can select the â¢â¢â¢ menu next to the search bar to export as a CSV or an XLSX file. You can also set up S3 export as described above to automatically export log events.
How far back does the Admin audit log data extend?
The Admin audit log retains data up to 2 years and 1 month old.