Skip to main content

Responses are generated using AI and may contain mistakes.

Log StreamLog Stream Guide

Table of Contents

Log Stream in Audit Logs

Information related to specific types of Log Stream activity is stored in audit logs in the New-Scale Security Operations Platform. These audit logs are accessible in the Search query interface. The easiest way to find them in Search is from the Audit Logs tab when using the Basic Search mode (see the procedure below). For more information about audit log types and visibility, see Audit Logs in theNew-Scale Security Operations Platform Guide.

Audit log are available for the specific activity and operation types listed below. For the activity types, links are provided for specific pages in the Common Information Model Library where you can find detailed information about the fields available for searching. (The links open a GitHub repository.)

For an easy way to access Log Stream audit logs:

  1. Log into the New-Scale Security Operations Platform and navigate to Search.

  2. Choose the Basic Search mode and click in the search bar at the top. Select the Audit Logs tab.

    audit-logs.png
  3. Select one of the following search fields, enter a specific Log Stream value, and click Add to Query.

    Search Field

    Log Stream Values

    app

    Log Stream

    activity_type

    audit-log (for all event enricher audit logs)

    parser-create

    parser-delete

    parser-disable

    parser-enable

    parser-import

    parser-modify

    operation

    Event Enricher create

    Event Enricher delete

    Event Enricher disable

    Event Enricher enable

    Event Enricher force update

    Event Enricher import

    Event Enricher modify

    Event Enricher reorder

    Parser create

    Parser delete

    Parser disable

    Parser enable

    Parser import

    Parser modify

    operation_type

    event-enricher-create

    event-enricher-delete

    event-enricher-disable

    event-enricher-enable

    event-enricher-force-update

    event-enricher-import

    event-enricher-modify

    event-enricher-reorder

    parser-create

    parser-delete

    parser-disable

    parser-enable

    parser-import

    parser-modify

    audit-logstream.png
  4. Select a time range for the query and run the search.