Activity Logs

Required User Role: Administrator

In Tenable Web App Scanning, the activity logs record user events that take place in your organization's Tenable Web App Scanning account. For each event, the log includes information about:

  • The action taken
  • The time at which the action was taken
  • The user ID
  • The target entity ID

The activity log provides visibility into the actions that users in your organization take in Tenable Web App Scanning, and can be helpful for identifying security issues and other potential problems. On the Activity Logs page, you can view a list of events for all users in your organization's Tenable Web App Scanning account.

Important: Tenable currently retains activity log data for 3 years, after which it is deleted from the Tenable database.
Tip: To view the audit log via API, use the Audit Log endpoint as documented in the Tenable Developer Portal.

Activity log events include the following:

Action Description
audit.log.view The system received and processed an audit-log request.
session.create The system created a session for the user. A user login triggers this event.
session.delete The session aged out, or the user ended a session.
session.impersonation.end An administrator ended a session where they impersonated another user.
session.impersonation.start An administrator started a session where they impersonated another user.
user.authenticate.mfa Two-factor authentication was successful, and login was allowed.
user.authenticate.password The user authenticated a session start using a password.
user.create An administrator created a new user account.
user.delete An administrator deleted a user account.
user.impersonation.end An administrator stopped impersonating another user.
user.impersonation.start An administrator started impersonating another user.
user.logout The user logged out of their session.
user.update Either an administrator or the user updated a user account.

To view your activity logs:

  1. In the left navigation, click Settings.

    The Settings page appears.

  2. Click the Activity Logs tile.

    The Activity Logs page appears. This page shows a list of activities associated with your organization's Tenable Web App Scanning account.

  3. (Optional) Refine the table data. For more information, see Tables.

  4. (Optional) Apply a filter to the table:

    Filter Description
    Actor ID The ID of the account performing the action.
    Target ID The ID of the account affected by the action, if any.
    Action The type of action.
    Date

    The date the action was performed.

  5. (Optional) To refresh the activity logs table, in the upper-right corner, click the Refresh button.

  6. (Optional) Filter the table by a specific time period:

    • Last 7 Days

    • Last 14 Days

    • Last 30 Days

    • Last 90 Days

    • All

What to do next:

  • (Optional) Export one or more activity logs.