Activity Logs

The activity logs in Tenable Identity Exposure allow you to view the traces of all activities that occurred on the Tenable Identity Exposure platform related to specific IP addresses, users, or actions.

Note: Due to technical limitations, activity logs concerning specific views, such as Tenant Management (including adding, editing, or removing), are not currently visible.

SAML Authentication and Impersonation Entries

Because Tenable Identity Exposure uses SAML authentication to connect with Tenable Cloud, actions performed by Tenable Identity Exposure are logged as impersonation events.

Each request that Tenable Identity Exposure sends to Tenable Cloud appears in the Activity Logs as if it were performed by the service account established for the SAML connection.

In these entries:

  • Actor – the Tenable Cloud account used to log into Tenable Identity Exposure through the target account

  • Target – shows the account associated with the SAML redirection

As a result, the Activity Logs may display a large number of impersonation events. This behavior is expected and reflects how the SAML integration manages authentication, not an issue with account security.