Activity Logs
In Tenable Vulnerability Management, user events are recorded in the activity log. To view the activity log, you must have the Administrator role.
Activity log events may include the following (subject to change):
| Action | Description |
|---|---|
| audit.log.view | The system received and processed an audit-log request. |
| session.create | The system created a session for the user. A user login triggers this event. |
| session.delete | The session aged out, or the user ended a session. |
| session.impersonation.end | An administrator ended a session where they impersonated another user. |
| session.impersonation.start | An administrator started a session where they impersonated another user. |
| user.authenticate.mfa | Two-factor authentication was successful, and login was allowed. |
| user.authenticate.password | The user authenticated a session start using a password. |
| user.create | An administrator created a new user account. |
| user.delete | An administrator deleted a user account. |
| user.impersonation.end | An administrator stopped impersonating another user. |
| user.impersonation.start | An administrator started impersonating another user. |
| user.logout | The user logged out of their session. |
| user.update | Either an administrator or the user updated a user account. |
You can use the Activity Log API endpoint to view audit events programmatically within an instance. You can also use PyTenable to interact with the audit log.