When to use
Audit Log is needed to control changes, check operator actions and post-incident analysis.
What the audit record contains
- Time of the event.
- Type of action (
action). - Executive (
actorType,actorId). - Target resource (
resourceType,resourceId). - IP address and metadata (when available).
Steps
- Open Audit within the desired cluster.
- View records by period and required page.
- Match actions to incidents, alerts, and operational changes.
What to check
- Critical actions (terminal, acknowledge, access changes) have a clear chain of responsibility.
- There are no unexplained actions outside the agreed change windows.
- IP and event context are consistent with access policy.