Description
- Type: OPERATIONAL
- Severity: ERROR
This Operational Check attempts to determine if audit log entries are still being received.
Why this check?
An important way Attic detects and investigates suspicious behavior in your Tenant is through the Audit Log. Therefore, we check whether the Audit logging functionality is enabled (in CHK-1002) AND whether audit logs have actually been received in the last 24 hours, as an extra precaution.
What possible outcomes does the check have?
This check has two possible outcomes. In Attic, this is expressed as follows:
- Okay: new audit log entries have been created in the last 24 hours
- Error: no new audit log entries have been created in the last 24 hours
How should this be followed up?
If the check results in an Error output, the outcome of CHK-1002 must first be validated. If the status of CHK-1002 is Okay, then through a ticket, in consultation with us, it will be examined whether something else is going on and appropriate follow-up actions will be coordinated.
Comments
0 comments
Please sign in to leave a comment.