1. Administration and security
  2. Administration
  3. Administration: Security - Audit
Note: Your organization must be licensed for the Audit feature to make use of the Tenant Auditor role. If you don't have Audit enabled, you can view and assign the Tenant Auditor role, but Tenant Auditors will have no authorizations until Audit is enabled.

If you have access to Anaplan Audit, you can track audit events from your Anaplan tenant into technology such as a SIEM (Security Information and Event Management) product for alerting and tracking purposes.

Anaplan Audit provides:

  • Encryption logs — available if your organization uses Bring Your Own Key (BYOK).
  • User activity audit logs — available if your organization has access to Anaplan Audit.
  • Access control audit logs — available if your organization has access to Anaplan Audit.
  • Connection management audit logs — available if your organization uses single sign-on (SSO).

Anaplan enables you to pull audit event information from the Anaplan public REST APIs and the Anaplan Administration console. Anaplan Audit is intended as a delivery mechanism for audit logs and is designed for audit information to be pulled frequently so that you can leverage your own technology for filtering, analysis and storage.

Note: Anaplan Audit is not designed to be a permanent repository of audit events.

The content of each log varies, however Anaplan Audit provides:

  • audit logs via an API and the Anaplan Administration console;
  • up to 30 days of logs;
  • filtering of logs by time period and application; and
  • information about who carried out an operation, when it was done and what was done.

You can view the audit events in the Anaplan Administration console or you can export them as a file in Common Event Format (CEF). For information about CEF, see the ArcSight Common Event Format (CEF) Implementation Standard.

You can also use the Audit API to obtain audit events. See Audit API documentation in Apiary.

Note: To access the Audit section of the Administration console, and use the Audit API, you must be assigned the Tenant Auditor role and Anaplan Audit must be enabled on your tenant. Your Tenant Administrator can assign users the Tenant Auditor role.

Audit section of Administration console with all Audit events for the last 24 hours shown

Audit Log Event Information
Column Description
ID ID of the audit event.
Type Internal type of the event.
Message Information that describes the action that was undertaken.
User

ID of the user who carried out the action.

Tenant ID ID of the tenant on which the action was carried out.
Object ID ID of the object on which the action was carried out.
Event Date Date on which the event occurred in UTC (Coordinated Universal Time).