How do I enable Audit Logs in my Panther Console to see a history of activity within my account?
Audit logs are automatically generated, but must be enabled as a log source to write detections on them. The action of enabling or disabling audit logs is itself captured as an audit log (as either CREATE_LOG_SOURCE
or DELETE_LOG_SOURCE
). Only users with the Edit Settings & SAML Preferences permission can enable audit logs.
To enable:
In the upper-right corner of your Panther Console, click the gear icon, then General.
On the Main Information tab, to the right of Enable Panther Audit Logs, click the toggle ON
.
Click Save Changes.