From bb17583ce698427cd5bf3bce274519983074b1b4 Mon Sep 17 00:00:00 2001 From: atkkyamasaki Date: Mon, 18 Mar 2024 13:42:03 +0900 Subject: [PATCH] Update view-audit-logs.adoc This description was added the following commit, however now there is no info in the current document. https://github.com/PaloAltoNetworks/prisma-cloud-docs/pull/1543/commits Please refer to the following ticket and document. - PCSUP-18459 - Audit log Integration https://redlock.atlassian.net/wiki/spaces/PCSCRE/pages/4256563784/Audit+log+Integration#Successful-login-Messages-are-not-forwarded-to-External-integration-. --- .../content-collections/administration/view-audit-logs.adoc | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docs/en/enterprise-edition/content-collections/administration/view-audit-logs.adoc b/docs/en/enterprise-edition/content-collections/administration/view-audit-logs.adoc index d1f0da2f6..11fc1f3ba 100644 --- a/docs/en/enterprise-edition/content-collections/administration/view-audit-logs.adoc +++ b/docs/en/enterprise-edition/content-collections/administration/view-audit-logs.adoc @@ -134,3 +134,8 @@ Follow the steps below to enable audit log forwarding: + All new audit logs that are generated after you enable the integration will be sent to this channel. You can view the audit logs on *Settings > Audit Logs* on Prisma Cloud. +[NOTE] +==== +To minimize "noise" and log flooding, Prisma Cloud does not forward "Successful login" type audit log messages to external integrations. All other audit log types can be sent to any supported external integration such as Webhook or SQS. For example, the following audit log message will not be forwarded. screen:['xxx@paloaltonetworks.com'(with role 'System Admin':'System Admin') logged in via password] +==== +