In accordance with security best practices, Red Canary records privileged activity for your review. 

Accessing the Audit Logs

Audit logs can be located by navigating to Administration and then Audit Logs. Note: You must have the Administrator role to access this page.

The following activity is recorded in the audit logs:

  • Allowed Email Domains Changed: A new user outside of your organization has been invited to the Portal, and their domain added to the Allowed Emails Domains list
  • Canary Exporter Keys Generated: Canary Exporter authentication keys have been generated
  • Email Prepared: An email (daily/weekly status, integration, notification) has been prepared to be sent
  • Email Sent: An email was sent to a specific email address
  • Endpoint Isolation Status Changed: An endpoint has been isolated or removed from isolation
  • Hash Banned: An MD5 hash has been banned in your EDR platform
  • Integration Successfully Triggered: A configured integration has successfully triggered
  • Integration Unsuccessfully Triggered: A configured integration failed to trigger due to an error
  • Live Response Command: A command was executed in a Live Response session in Cb Response
  • Live Response Isolation: An endpoint was isolated in a Live Response session in Cb Response
  • Live Response Log: Actions taken in a Live Response session
  • Login Failure: A user failed to log in successfully
  • Login Successful: A user logged in successfully
  • Multi Factor Auth Enabled: Multi-factor authentication was enabled for a user's account (on by default)
  • Password Reset: A user's account password was reset
  • Sso Login Failure: logging a failure with SSO authentication
  • Sso Login Successful: SSO authentication successes
  • User Invitation Accepts: An invited user has accepted their Portal invitation and set up an account
  • User Invitation Sent: A Portal invitation has been sent to a specific user
  • User Removed: A user account was removed
  • User Role Added: A new role was granted to an existing user account
  • User Role Removed: A role was removed from an existing user account
Did this answer your question?