The Activity Log in Zecurit is a powerful auditing tool that tracks every key action taken within your organization’s environment. It helps administrators monitor system activity, trace security events, and ensure accountability across users, modules, and operations.
Only Admins and Super Admins can view and access the Activity Log.
Key Capabilities
- Complete audit trail of user and system actions
- Real-time visibility into who did what, when, and from where
- Supports filtering by module, user, log type, and date range
- Helps identify suspicious activities or unauthorized changes
- Logs can be exported in CSV/PDF for offline review or compliance reports
What is Logged?
Every log entry captures critical metadata for full traceability:
| Field | Description |
|---|---|
| Date & Time | When the action occurred |
| User | The user who performed the action |
| Module | The feature area involved (e.g., Enrollment, Settings, Reports) |
| Remarks | Description of the action taken |
| IP Address | Public IP of the user device |
| Log Type | Info, Warning, Critical (based on severity) |
Log Types and Severity
| Type | Meaning | Example |
|---|---|---|
| Info | Normal user actions and configuration updates | Role assignment, password change |
| Warning | Sensitive actions that may require attention | User deactivation, license deletion |
| Critical | Security-impacting or high-risk actions | MFA disabled, failed logins, agent uninstall |
Modules & Examples
Below are common examples of actions logged by module:
Settings
- User invited or deleted
- Role or group modified
- Rebranding or group changes
- Data cleanup setting updated
Accounts
- User activated/deactivated
- Password reset or changed
- Email address changed
- MFA enabled/disabled
- Login attempt failures and account locks
Enrollment
- Agent installed or removed
- Connector added or deleted
- Domain added, edited, or removed
- Manual uninstall by end user
Inventory
- Scheduled scan created/paused/edited
- On-demand scan initiated
- Software license added/edited/deleted
- Export of inventory data
Reports
- Exported report file types (XLSX, CSV, PDF)
- Filters or date ranges used during export
Filtering and Searching
Use filters to quickly locate specific events:
- By Module: Narrow down to actions within a feature
- By Log Type: Focus on warnings or critical events
- By Date Range: View activity within a specific period
- By User: Track actions of a particular user or technician
Exporting Logs
You can export logs in CSV or PDF format for:
- Internal audits
- Compliance evidence (GDPR, SOC2, etc.)
- Security investigations
Security & Governance
- All agent uninstall actions, logins, and security setting changes are tagged as Critical
- End-user actions (e.g., agent uninstall, password attempts) are also logged for accountability
- IP restrictions and session events are tracked in conjunction with user logs
Best Practices
- Regularly review the activity log to detect suspicious or unauthorized actions
- Use logs as evidence during compliance audits or security investigations
- Export monthly logs for backup or long-term record keeping
Summary
The Activity Log helps Zecurit customers maintain visibility, accountability, and control over their environment. It’s a critical tool for:
- Audit trails
- Security monitoring
- Change tracking
- Compliance evidence
Always monitor your Activity Log, especially after role changes, security setting modifications, or user onboarding.