Audit Log
The SenseOn platform maintains a comprehensive audit trail of all significant actions taken by users and automated processes. The audit log is intended to support compliance requirements, post-incident reviews, and accountability for administrative changes.
Accessing the Audit Log
Navigate to Settings > Audit Log. The log is available to users with the Admin role.
What Is Logged
The audit log captures all of the following categories of activity:
User management
| Action | Description |
|---|---|
| User created | A new user account was added |
| User updated | A user's name, email, job title, or role was changed |
| User enabled | A disabled account was re-activated |
| User disabled | An account was deactivated |
| User deleted | An account was permanently removed |
| Password reset sent | An admin triggered a password reset email |
| Invitation resent | An invitation email was resent to a pending user |
Authentication
| Action | Description |
|---|---|
| Login succeeded | A user successfully authenticated |
| Login failed | A failed login attempt (incorrect password or expired account) |
| Step-up authentication completed | A user completed step-up re-authentication |
| Step-up authentication failed | A failed step-up attempt |
| TOTP device enrolled | A user added a new MFA device |
| TOTP device removed | A TOTP device was removed from a user account |
Personal Access Tokens
| Action | Description |
|---|---|
caa__pat_created |
A new Personal Access Token was created |
caa__pat_deleted |
A Personal Access Token was revoked |
Active Response (REMEDA)
| Action | Description |
|---|---|
remeda__generate_auth_token |
A REMEDA session token was generated for a user |
remeda__generate_auth_token_failure |
A REMEDA token request failed (permission or step-up check) |
remeda__stage_action_submitted |
An action group was scheduled on one or more endpoints |
remeda__permission_failure |
A user attempted an Active Response action without the required permission |
Case notes
| Action | Description |
|---|---|
user_note__create |
A note or comment was added to a case |
Filtering the Audit Log
Use the filter controls at the top of the log page to narrow the results:
- Date range — filter to a specific time window
- Action type — select one or more action categories from the dropdown
- User — filter to actions performed by a specific user
The filtered log can be exported to CSV for use in compliance reports or external tooling.
Log Retention
Audit log entries are retained for a minimum of 12 months. Contact support@senseon.io if your compliance requirements mandate a longer retention period.
Active Response Session History
The Active Response audit trail (session-level detail including scripts executed and files transferred) is separate from the main audit log and is accessible at Digital Estate > Session History. It is only visible to users with the Active Response role. See Active Response for more information.