You are currently viewing Structure, Event Types Recorded, UI Operations, and Security & Compliance Benefits

Structure, Event Types Recorded, UI Operations, and Security & Compliance Benefits

  • Post author:
  • Reading time:4 mins read

Audit logs capture and record administrative activities within your organization’s cloud infrastructure. They offer a detailed record of user activities, system events, and resource changes across an organization’s cloud infrastructure.

This article helps understand the structure of the log, the type of events recorded in the log, sample use case, UI operations that include search, filter, and export options, and lastly security and compliance benefits of cloud audit logging.

Structure of the Cloud Audit Log

Each entry in the log typically contains:

Job Code

A unique identifier or range representing a specific logged action or event.

Date & Time

A timestamp (with timezone) indicating exactly when the event occurred.

Organization

The business or security domain under which the activity was executed.

Account

The specific cloud account involved in the action.

User

The identity (human or service account) that initiated the activity.

Message

A descriptive statement outlining what happened, including affected resources, scan statuses, or configuration changes.

Categories of Events Captured in Audit Log

Audit log codes for cloud security are categorized into functional groups, each assigned a specific range of codes and corresponding events that capture particular actions or outcomes in cloud security operations.

Here’s a real-time assignment of Job Code and Event Categorization Across Different Tools.

CodeCategoryCoverage
51000Profile ManagementCovers activities related to creating, updating, and deleting cloud profiles
52000Scan ManagementFocuses on cloud scan scheduling and resource discovery
53000CSPM (Cloud Security Posture Management)Logs posture management scan events and benchmark configurations
54000CSAE (Cloud Security Asset Exposure)Includes scan execution, cloud resource group management, watchlist configuration, and cloud resource tags
55000CIEM (Cloud Infrastructure Entitlement Management)Captures entitlement scan activities
56000CSPA (Cloud Security Posture Anomaly)Covers scan and whitelist operations
57000CSRM (Cloud Security Remediation Management)Tracks remediation job creation, updates, rollbacks, and execution

Click here for more information.

Types of Events Recorded

The sample log showcases a range of event types, including:

Cloud Resource Creation

The creation of Route53 Hosted Zones or resource groups are shown as an example.

Security Scans

Completion and initiation of CSPM (Cloud Security Posture Management), CSPA (Cloud Security Posture Assessment), CIEM (Cloud Infrastructure Entitlement Management), and CSAE (Cloud Security Assessment Engine) scans.

Configuration Changes

Watchlist modifications such as adding or deleting monitored resources.

These logs capture both start and completion events, ensuring traceability of processes from initiation to closure.

Sample Use Case

As per the given log:

  • At 2025-08-13 12:07:32 PM IST, a Route53 Hosted Zone resource group was created by the user xxx under the Cloud_Demo_AWS_Account.
  • Within the same minute, a CSPM scan completed successfully for xxx_AWS.
  • A little after, watchlist configurations were both added and deleted, followed by a series of security scans across CSPM, CSPA, CIEM, and CSAE modules.

Such sequential visibility ensures that if an unauthorized configuration change occurred, investigators can trace it to a precise user action and time.

Search, Filter, and Export Operations in Saner Cloud Audit Logs

The audit log interface offers several options for efficiently locating and analyzing data. Users can perform searches by entering keywords such as names, job codes, or other identifiers. The filtering feature allows for refining results based on criteria like organization, account, users, tools, actions, date range, or activity lines. Furthermore, logs can be exported in CSV format for comprehensive offline analysis.

Security & Compliance Benefits

Maintaining detailed audit logs supports:

Incident Investigation

When a security alert is raised, these logs help pinpoint the exact action, user, and resource involved.

Compliance Audits

Many frameworks (e.g., ISO 27001, SOC 2) require demonstrable activity records.

Operational Transparency

Stakeholders gain visibility into cloud security posture checks and configuration changes.

Privilege Monitoring

Detects high-privilege operations, such as watchlist deletions or resource provisioning.

Go Further

Saner Cloud is a comprehensive solution designed to help organizations effectively manage their cloud operations. Key features of the product include asset exposure, posture management, posture anomaly detection, identity and entitlement management, and remediation management.

Documentation is organized to help you quickly and efficiently find the information you need, whether you’re troubleshooting, learning how to use specific tools, or seeking in-depth knowledge about the product suite.

Discover how to troubleshoot issues with Saner Cloud Audit Logs. Schedule your trial today for a more comprehensive experience!