Administration: Security - Audit

Note: Your organization must be licensed for the Audit feature to make use of the Tenant Auditor role. If you don't have Audit enabled, you can view and assign the Tenant Auditor role, but Tenant Auditors will have no authorizations until Audit is enabled.

If you have access to Anaplan Audit, you can track audit events from your Anaplan tenant into technology such as a SIEM (Security Information and Event Management) product for alerting and tracking purposes.

Anaplan Audit provides:

  • Encryption logs — available if your organization uses Bring Your Own Key (BYOK).
  • User activity audit logs — available if your organization has access to Anaplan Audit.
  • Access control audit logs — available if your organization has access to Anaplan Audit.
  • Workflow activity audit logs — available if your organization has access to Anaplan Audit and Workflow.

Anaplan enables you to pull audit event information from the Anaplan public REST APIs and the Anaplan Administration app. Anaplan Audit is intended as a delivery mechanism for audit logs and is designed for audit information to be pulled frequently so that you can leverage your own technology for filtering, analysis and storage.

Note: Anaplan Audit is not designed to be a permanent repository of audit events.

The content of each log varies, however Anaplan Audit provides:

  • audit logs via an API and the Anaplan Administration app;
  • up to 30 days of logs;
  • filtering of logs by time period and application; and
  • information about who carried out an operation, when it was done and what was done.

You can view the audit events in the Anaplan Administration app or you can export them as a file in Common Event Format (CEF). For information about CEF, see the ArcSight Common Event Format (CEF) Guide.

You can also use the Audit API to obtain audit events. See Audit API documentation in Apiary.

Note: To access the Audit section of the Administration app, and use the Audit API, you must be assigned the Tenant Auditor role and Anaplan Audit must be enabled on your tenant. Your Tenant Administrator can assign users the Tenant Auditor role.

Audit section of Administration app with all Audit events for the last 24 hours shown

Audit Log Event Information
Column Description
ID ID of the audit event.
Type Internal type of the event.
Message Information that describes the action that was undertaken.

ID of the user who carried out the action.

Tenant ID ID of the tenant on which the action was carried out.
Object ID ID of the object on which the action was carried out.
Event Date Date on which the event occurred in UTC (Coordinated Universal Time).