Audit Logs
Audit Logs
Embedded Files
Audit logs in Google Vault provide a comprehensive, immutable record of all actions performed by Vault users. They are crucial for accountability, compliance, and security.
Supported editions for this feature: Frontline Standard and Frontline Plus; Business Plus; Enterprise Standard and Enterprise Plus; Education Fundamentals, Education Standard, Teaching and Learning Upgrade, and Education Plus; Enterprise Essentials and Enterprise Essentials Plus; G Suite Business.
What Audit Logs Track: Vault audit logs record a wide range of actions, including but not limited to:
Creation, modification, and deletion of retention rules.
Creation, modification, and deletion of legal holds.
Execution of search queries (including the parameters of the search).
Initiation and completion of data exports.
Viewing of search results or exported data.
Changes to matter status (e.g., creating, closing, or deleting matters).
Changes to Vault user privileges.
Google Vault Audit action types
Vault log events
Vault log events
Run a search in the Admin console
To run a search in the security investigation tool, first choose a data source. Then, choose one or more conditions for your search. For each condition, choose an attribute, an operator, and a value.
Sign in with an administrator account to the Google Admin console.
If you aren’t using an administrator account, you can’t access the Admin console.Go to Menu Security > Security center > Investigation tool.
Requires having the Security Center administrator privilege.Click Data source and select Vault log events.
Click Add Condition.
Tip: You can include one or more conditions in your search or customize your search with nested queries. For details, go to Customize your search with nested queries.Click Attribute, select an option.
For a complete list of attributes, go to the Attribute descriptions section.Select an operator.
Enter a value or select a value from the list.
(Optional) To add more search conditions, repeat steps 4–7.
Click Search.
You can review the search results from the investigation tool in a table at the bottom of the page.(Optional) To save your investigation, click Save, enter a title and description, and click Save.
Report abuse