HomeBlogSupport
Guides/Docs
SignupChangelogGo To App

Audit Logs

Suggest Edits

Organization Audit Logs provide a log of events across your organization, such as creating/deleting a repository or modifications to repository settings/configuration.

1322

Organization Audit Logs

Key Concepts

Clicking on a row in your audit log will expand to show more details.

Expanded log entry

Expanded log entry

Each entry in the log represents an event or a state change and consists of four main components.

  • Actor: The object that performed the Action, such as a User, Service Account or System
  • Verb: The verb (phrase) identifying "what_happened", such as login, retention_settings_changed or token_created
  • Action Object:  The object which was created, deleted or updated by the action.
  • Target: (Optional) The object within which the Action was performed, such as a repository or account

Searching / Filtering

You can Search and Filter the Audit Log using the search box at the top. You can also use boolean logic (e.g. AND/OR/NOT) for complex search queries.

Search Terms

Search BySearch Terms Example
Actoractor:some-user
Actor Kindactor_kind:user (user)
actor_kind:service_account (service account)
actor_kind:system
Event Timeevent_at:>"1 day ago"
event_at:<"June 21, 2022 EST"
Event Kindevent_kind:action (action)
event_kind:create (create)
event_kind:read (read)
event_kind:update (update)
event_kind:delete (delete)
Event (Fuzzy)event:api_key (api key events)
event:entitlement (entitlement events)
event:login (login events)
event:package (package events)
event:retention (retention events)
event:service_account (service account events)

Field type modifiers (depending on the type, you can influence behaviour)

  • For all queries, you can use:
    ~foo for negation

  • For string queries, you can use:
    ^foo to anchor to start of term
    foo$ to anchor to end of term
    foo*bar for fuzzy matching

  • For number/date queries, you can use:
    >foo for values greater than
    >=foo for values greater / equal
    <foo for values less than
    <=foo for values less / equal

🔐 Audit Log Event Types (User and Organization)

Cloudsmith tracks a wide range of user and organization-level activities. The following audit events help you monitor security, access control, policy enforcement, and team collaboration across your organization.

EventIdentifierDescriptionContent Type
API Token Refresheduser.api_token.refreshedA user refreshed their API token.User
API Token Refresh Enforceduser.api_token.enforced_refreshAn API token refresh was enforced.User
API Token Expiry Notifieduser.api_token.expiring_soonUser notified of upcoming API token expiration.User
API Token Expired Notifieduser.api_token.expiredUser notified that their API token has expired.User
Password Updateduser.password.updatedUser password was updated.User
User Loginuser.loginUser successfully logged in.User
Service Createduser.service.createdCreated a new service user.User
Service Deleteduser.service.deletedDeleted a service user.User
Service Key Refresheduser.service.key_refreshedRefreshed the key for a service user.User
User Deactivateduser.deletedA user account was deactivated.User
User Restoreduser.restoredA previously deactivated user account was restored.User
Member Invitedorg.invite.invitedInvited a new member to the organization.Org
Invitation Canceledorg.invite.canceledCanceled an organization invitation.Org
Invitation Extendedorg.invite.extendedExtended an existing invitation.Org
Invitation Acceptedorg.invite.acceptedA user accepted an organization invitation.Org
Member Addedorg.member.addedA user was added to the organization.Org
Member Removedorg.member.removedA user was removed from the organization.Org
OIDC Settings Createdorg.oidc.createdCreated OpenID Connect (OIDC) settings.Org
OIDC Settings Updatedorg.oidc.updatedUpdated OIDC settings.Org
OIDC Settings Deletedorg.oidc.deletedDeleted OIDC settings.Org
Organization Deletedorg.deletedDeleted an organization.Org
Organization Renamedorg.renamedRenamed an organization.Org
Repo Creation Enabledorg.create_repos_enabledEnabled repository creation in the organization.Org
Repo Creation Disabledorg.create_repos_disabledDisabled repository creation.Org
Team Creation Enabledorg.create_teams_enabledEnabled creation of new teams.Org
Team Creation Disabledorg.create_teams_disabledDisabled creation of new teams.Org
Invite Collaborators Enabledorg.invite_collaborators_enabledEnabled collaborator invites.Org
Invite Collaborators Disabledorg.invite_collaborators_disabledDisabled collaborator invites.Org
Invite Users Enabledorg.invite_users_enabledEnabled user invites.Org
Invite Users Disabledorg.invite_users_disabledDisabled user invites.Org
Unredacted Email View Enabledorg.view_unredacted_members_enabledEnabled viewing member emails without redaction.Org
Unredacted Email View Disabledorg.view_unredacted_members_disabledDisabled viewing member emails without redaction.Org
SCIM Provisioning Allowedorg.scim_allowedAllowed SCIM provisioning.Org
SCIM Provisioning Blockedorg.scim_blockedBlocked SCIM provisioning.Org
SAML Login Enabledorg.saml_enabledEnabled SAML-based login.Org
SAML Login Disabledorg.saml_disabledDisabled SAML-based login.Org
SAML Enforce Enabledorg.saml_enforce_enabledEnforced SAML login for all users.Org
SAML Enforce Disabledorg.saml_enforce_disabledDisabled SAML enforcement.Org
SAML Group Sync Enabledorg.saml_group_sync_enabledEnabled SAML group synchronization.Org
SAML Group Sync Disabledorg.saml_group_sync_disabledDisabled SAML group synchronization.Org
Enforce 2FA Enabledorg.enforce_2fa_enabledEnforced Two-Factor Authentication.Org
Enforce 2FA Disabledorg.enforce_2fa_disabledDisabled 2FA enforcement.Org
License Policy Createdorg.policy.license.createdCreated a package license policy.Org
License Policy Updatedorg.policy.license.updatedUpdated a package license policy.Org
License Policy Deletedorg.policy.license.deletedDeleted a package license policy.Org
Vulnerability Policy Createdorg.policy.vulnerability.createdCreated a vulnerability policy.Org
Vulnerability Policy Updatedorg.policy.vulnerability.updatedUpdated a vulnerability policy.Org
Vulnerability Policy Deletedorg.policy.vulnerability.deletedDeleted a vulnerability policy.Org
API Key Policy Createdorg.policy.api.policy_createdCreated an API key policy.Org
API Key Policy Deletedorg.policy.api.policy_deletedDeleted an API key policy.Org
API Key Auto-Refresh Enabledorg.policy.api.enforce_refresh_enabledEnabled automatic API key refresh.Org
API Key Auto-Refresh Disabledorg.policy.api.enforce_refresh_disabledDisabled automatic API key refresh.Org
API Key Max Age Updatedorg.policy.api.max_age_changedChanged maximum allowed API key age.Org
Package Deny Policy Createdorg.policy.deny.createdCreated a package deny policy.Org
Package Deny Policy Updated (Name)org.policy.deny.name_updatedUpdated deny policy name.Org
Package Deny Policy Updated (Desc)org.policy.deny.description_updatedUpdated deny policy description.Org
Package Deny Policy Updated (Query)org.policy.deny.query_updatedUpdated deny policy query.Org
Package Deny Policy Enabledorg.policy.deny.enabledEnabled a deny policy.Org
Package Deny Policy Disabledorg.policy.deny.disabledDisabled a deny policy.Org
Package Deny Policy Deletedorg.policy.deny.deletedDeleted a deny policy.Org
Team Createdorg.team.createdCreated a team.Org
Team Deletedorg.team.deletedDeleted a team.Org
Team Renamedorg.team.renamedRenamed a team.Org
Team Slug Renamedorg.team.renamed_slugChanged the team’s slug.Org
Added to Teamorg.team.member_addedAdded a user to a team.Org
Removed from Teamorg.team.member_removedRemoved a user from a team.Org
Team Role Changedorg.team.role_changedUpdated a team member’s role.Org

Updated 3 months ago

Cloudsmith is the new standard in Package / Artifact Management and Software Distribution

With support for all major package formats, you can trust us to manage your software supply chain.


Start My Free Trial Now
Cookie Declaration (Manage Cookies)