If you have access to Anaplan Audit, you can track audit events from your Anaplan tenant into technology such as a SIEM (Security Information and Event Management) product for alerting and tracking purposes.
Anaplan Audit provides:
- Encryption logs — available if your organization uses Bring Your Own Key (BYOK).
- User activity audit logs — available if your organization has access to Anaplan Audit.
- Access control audit logs — available if your organization has access to Anaplan Audit.
- Connection management audit logs — available if your organization uses single sign-on (SSO).
Anaplan enables you to pull audit event information from the Anaplan public REST APIs and the Anaplan Administration console. Anaplan Audit is intended as a delivery mechanism for audit logs and is designed for audit information to be pulled frequently so that you can leverage your own technology for filtering, analysis and storage.
The content of each log varies, however Anaplan Audit provides:
- audit logs via an API and the Anaplan Administration console;
- up to 30 days of logs;
- filtering of logs by time period and application; and
- information about who carried out an operation, when it was done and what was done.
You can view the audit events in the Anaplan Administration console or you can export them as a file in Common Event Format (CEF). For information about CEF, see the ArcSight Common Event Format (CEF) Implementation Standard.
You can also use the Audit API to obtain audit events. See Audit API documentation in Apiary.
|ID||ID of the audit event.|
|Type||Internal type of the event.|
|Message||Information that describes the action that was undertaken.|
ID of the user who carried out the action.
|Tenant ID||ID of the tenant on which the action was carried out.|
|Object ID||ID of the object on which the action was carried out.|
|Event Date||Date on which the event occurred in UTC (Coordinated Universal Time).|