For Admins, Security and Compliance Officers
As an Admin, Security Officer, or Compliance lead, you may need visibility into user activity within One Model to:
- Monitor system usage and changes
- Meet regulatory compliance requirements
- Investigate security breaches.
One Model now supports exportable Audit Logs in JSON format. We recommend uploading the JSON files into your Security Information and Event Management (SIEM) system or any secure platform for detailed querying and analysis. We currently do not offer search, filtering or querying capabilities within One Model for Audit Logs.
Getting Started
Permission
Enable the Application Access permission - CanViewAuditLogs for Admins to download the Audit Log Report in Admin Reports.
How Audit Logs Work
Scope of Tracking
The audit logging system is designed to enhance visibility into platform changes and user activity beyond what is available in Usage Statistics. The logs will include the following information:
- Event type
- Date and Time of activity ( UTC )
- Who is performing the activity (name and person ID, and proxy if a proxy account is being used)
- A manual or automated activity
- Data before and after the activity
- Category and sub-category of activity (this is to help with searching the logs)
Sample log below:
|
"EventId": "17472736439764621904", "AuthEvent": "Password Reset Request", "EventTS": "15/05/2025 1:47:23 AM", "Hostname": "onemodeldev.dev.onemodel.us", "IP": "172.31.247.190", "AppId": "OneModel", "Result": "success", "Actor": "Unidentified", "Changes": {}},{ "EventId": "17472710113556153103", "AuthEvent": "Modify User Account", "EventTS": "15/05/2025 1:03:31 AM", "Hostname": "onemodeldev.dev.onemodel.us", "IP": "172.31.245.223", "AppId": "OneModel", "Result": "success", "Actor": { "email": "qa-automation@onemodel.co", "personId": "000000012"}, "Changes": { "QueryRowLimit": { "OldValue": "1000", "NewValue": "500" } }},{ "EventId": "17472737646115607705", "AuthEvent": "Password Reset Request", "EventTS": "15/05/2025 1:49:24 AM", "Hostname": "onemodeldev.dev.onemodel.us", "IP": "172.31.240.60", "AppId": "OneModel", "Result": "success", "Actor": "Unidentified", "Changes": {} |
Key Capabilities Include:
- Tracks events from the date of activation onward (no historical data prior to feature enablement).
- Collects detailed logs on specific events as listed below.
- Events are batched daily into downloadable JSON files. Partial days will be provided when logs are requested at times in-between complete days.
- Files are retrievable through the Admin Reports page. Downloads do not appear on the Export page and will be automatically deleted after 14 days.
How to Retrieve Audit Logs
- Logs are stored as JSON files and are available to download from Admin>Admin Reports for Admins with the permission CanViewAuditLogs. Learn more about Admin Reports here.
- Please note that JSON files were selected for the first iteration of Audit Logs delivery as the preferred method of ingestion into SIEMs.
- We strongly recommend downloading the files regularly i.e. every 7 days and uploading them into your security management system for searching, filtering etc. as the older the logs and the larger the volume, the harder they will be to retrieve and may be slow to download.
Audit Log Events
Logging Now:
| Event | Example |
| Users |
User added, User edited, User deactivated, User password reset, Enable account, Account lockout User logins and logouts, User logins with SSO. Failed Login attempts, Related IP addresses Proxy |
| User Roles |
User Application Access Role added or edited User Data Access Role added or edited |
| Application Access Roles | Role added, edited, deleted. Permissions added or edited. |
| Data Access Roles |
Role added, Role edited, Role deleted Metric added, Metric edited Storyboard added, Storyboard edited Dimensions added, Dimensions edited Columns added, Columns edited Rules added, Rules edited, Rules deleted Publish to Roles added, Publish to Roles edited |
| Data Sources | Data Source added, Data Source edited, Data Source deleted |
| Exports |
What was exported, when and by whom Export tile, Export drill-through |
| Downloads |
What was downloaded, when and by whom* *Excludes Entity Relationship Diagrams |
| Build / Edit Metric | Metric created, Metric edited, Metric deleted |
| Storyboards | Storyboard copied, Storyboard Settings edited, Storyboard Sharing edited, Storyboard deleted, Storyboard modified, Replace Storyboard * Storyboard View to come |
| Metadata |
Who gave permission to see the logs, when. Tracked under AAR permissions - CanViewAuditLogs Who downloaded the logs, when |
Coming Soon:
| Event | Example |
|---|---|
| Data Destinations | Data Destination added, Data Destination edited, Data Destination deleted |
What’s Coming Next
- Expanded tracking for additional system and user events.
- Integration into Data Destinations for automated log delivery.
Feedback Form
We encourage our users to complete this Feedback Form to let us know what’s working well, report any issues encountered, and share ideas for future enhancements.
Comments
0 comments
Please sign in to leave a comment.