Skip to main content

Audit logs

Audit logs capture user management and authentication events for your organization in Imply Polaris. You can use audit logs to detect anomalous activities and investigate potential misuse of privileges or security incidents.

This topic explains how to view audit logs in the Polaris UI. To retrieve audit logs through the Polaris API, see the Audit API documentation.

Prerequisites

Users with the AccessAuditLogs permission and members of the Organization Admin group can view audit logs in Polaris. For information on permissions, see Permissions reference.

Access audit logs

Polaris retains audit logs for a minimum of 31 days.
You cannot modify or delete audit logs.

To view audit logs in the Polaris UI, click the gear icon in the top right corner to open the Administration console. Click Audit logs in the left navigation pane to access the main Audit logs page:

Audit logs main

Audit logs provide contextual information based on the category and type of action. Logged events contain the following fields:

  • Time: date and time the event occurred
  • Actor: user that triggered the event
  • Summary: description of the event
  • Category: category of the event
  • IP address: IP address of the user that triggered the event (when applicable)

Logged events

This section describes the events captured by Polaris, grouped by event category.

Authentication events

Logs in the Auth category are user authentication events. Polaris provides logs for the following types of authentication events:

  • Successful user login
  • Failed user login
  • Logout
  • Password reset requested
  • Password updated
  • User impersonated
  • User invite accepted

Polaris doesn't log API key access events at this time.

Search audit logs

You can use the search bar to narrow down events according to your specified criteria.

Filter by date range

To find events within a date range, click the date drop-down and select one of the available options:

  • Last day
  • Last 3 days
  • Last 7 days
  • Last 14 days
  • Custom

Audit logs range

To use a custom range, select Custom from the date drop-down and enter the start and end dates.

Other filters

You can apply additional filters to refine your results. Click the Filters drop-down to view available options. You can filter by user email, event category, or IP address.

Audit logs filters