QUESTION

How do I enable Audit Logs in my Panther Console to see a history of activity within my account?

ANSWER

Audit logs are automatically generated, but must be enabled as a log source to write detections on them. The action of enabling or disabling audit logs is itself captured as an audit log (as either CREATE_LOG_SOURCE or DELETE_LOG_SOURCE). Only users with the Edit Settings & SAML Preferences permission can enable audit logs.

To enable:

  1. In the upper-right corner of your Panther Console, click the gear icon, then General.

  2. On the Main Information tab, to the right of Enable Panther Audit Logs, click the toggle ON.

  3. Click Save Changes.