Parascope Docs

Security Audit Log

Monitor authentication events, permission changes, token operations, and administrative actions for compliance and incident investigation.

The security audit log records every security-relevant event in Parascope — authentication attempts, permission changes, token operations, and administrative actions. This log is essential for security monitoring, compliance, and incident investigation. Only superadmins can access the audit log.

Accessing the Audit Log

Navigate to Settings → Audit Log (or Settings → Security).

What Gets Logged

CategoryEvents
AuthenticationLogin success, login failure, rate-limited login attempts
SessionsSession created, session revoked, logout
UsersUser created (JIT provisioning), user updated, user deactivated, user reactivated
PermissionsPermission granted, permission revoked, scope changes
TeamsTeam created, team updated, team deleted, member added, member removed, role changed
TokensAPI token created, API token revoked

Each event record includes:

  • Timestamp — When the event occurred
  • Event Type — Category and action (e.g., auth.login_success)
  • User — Who performed the action (email or system)
  • IP Address — Source IP of the request
  • Details — Additional context specific to the event type

Filtering Audit Events

The audit log supports filtering to help you find specific events:

  • Event type — Filter by category (authentication, users, teams, tokens)
  • User — Search for events by a specific user
  • Date range — Narrow to a specific time period
  • IP address — Filter by source IP

CSV Export

Click Export CSV to download the filtered audit log for:

  • Compliance reporting and regulatory submissions
  • External security analysis tools (SIEM integration)
  • Archival and long-term retention
  • Sharing with auditors who don't have Parascope access

Common Audit Scenarios

Investigating Failed Logins

Filter by event type auth.login_failure to identify:

  • Brute force attempts (many failures from the same IP)
  • Compromised accounts (failures followed by success from unusual IPs)
  • Misconfigured SSO (consistent failures for specific users)

Tracking Permission Changes

Filter by the permissions category to see:

  • When a user's permissions were elevated
  • Who granted the permission change
  • What scopes were added or removed

Token Lifecycle

Filter by the tokens category to audit:

  • Which tokens were created and by whom
  • When tokens were last used
  • Which tokens were revoked and why

User Account Changes

Filter by the users category to track:

  • New user accounts created via JIT provisioning
  • Users deactivated after leaving the organization
  • Superadmin promotions

Who Can Access the Audit Log

The audit log is restricted to superadmins only. Regular users and team admins cannot view security events, even if they have broad permissions on other resources.

This restriction ensures that security-sensitive information (login patterns, IP addresses, permission changes) is only visible to users with the highest trust level.

Managing Credentials

Create, update, and manage stored credentials used by collectors for authenticated target access.

Billing and Pricing

Understand how Parascope billing works, explore pricing tiers, and estimate costs with the interactive calculator.

On this page

Accessing the Audit LogWhat Gets LoggedFiltering Audit EventsCSV ExportCommon Audit ScenariosInvestigating Failed LoginsTracking Permission ChangesToken LifecycleUser Account ChangesWho Can Access the Audit LogRelated Documentation