System

List view

Quick Start
Welcome
Console & Settings
Release Notes
October 9, 2025 WitnessAI Update
October 23, 2025 WitnessAI Update
October 2, 2025 WitnessAI Update
September 30, 2025: WitnessAI Update
September 23, 2025: WitnessAI Update
August 12, 2025: WitnessAI Update
July 31, 2025: WitnessAI Update
July 18, 2025: WitnessAI Update
June 23, 2025: WitnessAI Update
June 9, 2025: WitnessAI Update
April 11, 2025: WitnessAI Release v2.0
Copy August 12, 2025: WitnessAI Update
Supported Applications & LLMs
User Guide
Lists - OLD
Private Applications
Home
Discovery
Discovered Apps
App Catalog
Analytics
Conversations
Users
Alerts
Policies
Lists
Settings
Configuration
Access Control
System
Secure AI Portal
User Menu
Policies & GuardRails
Policy Creation
Policy Precedence
GuardRail: Behavioral Activity
GuardRail: Data Protection
GuardRail: Harmful Response Prevention (Beta)
GuardRail: Model Identity Protection
GuardRail: Model Protection
GuardRail: Organizational Behavior (Beta)
GuardRail: Risk Analysis
Witness Anywhere: Remote Device Security
Witness Anywhere Overview
Witness Anywhere with Stunnel
Witness Anywhere: Azure VDI - Intune
Witness Anywhere: CrowdStrike (Windows)
Witness Anywhere: GPO (Windows)
Witness Anywhere: Jamf (macOS) (Beta)
Witness Anywhere: SentinelOne
Witness Anywhere: FAQ
Witness Attack
Witness Attack: AI Red Teaming 
Administrator Guide
Integrations: Identity Providers
Identity: Microsoft Entra ID (Azure AD)
Identity: Okta Identity
Integrations: Network Security
Netskope SWG
Palo Alto Networks NGFW
Prisma Access: DNS Sinkhole
Prisma Access: Explicit Proxy
Zscaler Internet Access
Zscaler Beta
Status Page
API Reference
Input API
Complete API
Text-Completion API
Prompt-Protect API
Encryption

Audit Logs

Audit Logs capture WitnessAI object creations, deletions, updates, and User logins. Full details of “before” and “after” are included.
Audit logs can be viewed, searched, filtered, and exported in JSON format.
Only Users with “User Admin” roles and above can access Audit Logs. Currently this only applies to “User Admin” and “Super Admin” roles. Only “Super Admin” roles can view actions by “VIP” Users.

Navigation

Access the Audit Logs by clicking on the Settings menu or icon.
Audit Logs are below the System menu
notion image
 

Log Filters

Time Range Filter

  • Allows precise temporal scoping of log entries
  • Multiple selection methods:
    • Preset ranges (e.g., last 3 days)
    • Custom date and time range selection
  • Interactive update button to apply selected time range
  • Supports granular filtering down to specific hours and dates
  • Critical for narrowing down log investigations to specific time periods
notion image

User Filter

  • Filter by user email
  • Display user details including:
    • Name
    • Role (e.g., Super Admin)
    • Email address
notion image

Action Type Filters

Action Type filter restricts view to only the action type chosen.
  • Created
  • Deleted
  • Login
  • Updated
notion image

Object Type Filters

Object Types filter restricts view to only the object type chosen.
  • Catalog items
  • Lists
  • Policies
  • Orders
  • User changes
  • Groups
notion image

Viewing Audit Logs

Columns

  • User action
  • Action type
    • Created
    • Deleted
    • Login
    • Updated
  • Object modified
  • Object type
  • Status (success/failure)
  • Timestamp
  • Note: Columns are currently not sortable

Detail View

  • Displays detailed change information
  • Change visualization:
    • Minus (-) indicates old value
    • Plus (+) indicates new value
  • Shows version numbers for tracked changes

Pagination

  • Page size options: 25, 50, 100 items
  • Total action count display
  • Navigation controls between pages

Exporting Audit Logs

Selecting Logs for Export

Exporting all logs in your filtered view
Exporting individual records
Exporting multiple records
Selection state persists across pages
Exporting all records on current page
Exporting all records on selected pages

Sending Audit Logs to SIEMs

The Audit Logs feature supports forwarding to Security Information and Event Management (SIEM) systems, enabling comprehensive security monitoring and compliance reporting.
Configure Audit Log forwarding in the SIEM Settings, by clicking the checkbox next to “Include Audit Logs”.
notion image