Audit Logs for authorized user activity

The Automation Anywhere Enterprise platform provides a comprehensive and centralized audit logging of all automation activities to authorized users. Role-based access control to Audit Log is managed through the Control Room. More than 60 audit actions are logged.

All valid and invalid attempts of actions are logged. Events are logged by the following factors:
Doer of the action
For example, a username.
Source of the action
For example, Bot Runner or Control Room
Type of event
The description of the event.
When the event occurred
For example, the date and the time of the event.
Where the event occurred
The device.
Outcome of the event
Description and status of the event.

Some key audit actions include the following:

  • Log in and log out of the centralized Control Room.
  • Create, update, and delete Users.
  • Activate and deactivate the Control Room users.
  • Any change of password for any user
  • Create, update, and delete roles (helps in tracking changes to security policy, change in user access privileges)
  • Create, update, and delete schedules
  • Connection to the Credential Vault
  • Create, update, and delete credentials
  • Set the Production-ready version of the bots.
  • Deploy the bots from the Control Room to the remote Bot Runners.
  • Pause, resume, and stop the ongoing automations.
  • Any upload and download from Bot Creators and Bot Runners
  • Any check-in, check-out of bots from Bot Creators and Bot Runners
  • Update email, version control, and other settings
  • Enable and disable secure recording.
  • Change a license.

Create Bot Runner instance on BotFarm, release virtual machine, terminate virtual machine.

The Control Room can be configured to export audit logs to an external log consolidation and reduction server via the Syslog protocol. This enables integration with Security Event Incident Management (SEIM) systems, for example, Splunk or LogRhythm. Configure the Syslog integration from the Settings -> Syslog page in the Control Room.

Syslog integration uses either UDP or TCP, and is configured to use TLS encryption between the Control Room and the remote Syslog server.

RBAC on audit log

Audit is automated for all privileged and nonprivileged roles to conform to best practices as defined in NIST AC-6. Access is view-only based on a deny-all and allow by exception based on roles and domains as defined in the Audit Section 7 addressing Audit and Accountability (NIST AU 1 through 15) and as required by NIST AC-2 Automated System Account Management.

If a role does not have permission to view Audit Logs, the Audit Trail tab is not visible to all members of those roles. Audit automatically captures all events related to creation, modification, enable, disable, user removals, bots, Bot Creators, and Bot Runners.

Control Room Bot Creator and Bot Runner activity logging

For every Bot Creator and Bot Runner, the Automation Anywhere Enterprise platform does comprehensive activity logging for bots, workflows, and reports.

Some of the key activities logged include the following:

  • Task creation, update, deletion (task is a type of bot).
  • Task run
  • Workflow creation, update, deletion
  • Workflow run
  • Report creation, update, deletion
  • Report run
  • Change in bot properties

Audit of Bot Runner operations

Bot Insight captures additional Bot Runner events for review and analysis of audit records for indications of inappropriate or unusual activity. The Bot Insight logs can be exported for further analysis. Automated dashboards and reports are available and can be customized to identify and alert on anomalous activity. These capabilities conform to best practices as defined in NIST AU-6 Audit Review Analysis and Reporting.

Audit log nonrepudiation

The logs are protected against an individual (or process acting on behalf of an individual) falsely denying having done authorized actions through read-only privileges, automated event capture, and binds the identity of the user to the actions, in conformance with best practices as defined in NIST AU-10 Non-repudiation and AU-11 Association of Identities.

Export audit logs

All Control Room and Bot Insight Bot Runner logs are exported to a Security Event Information Management Systems for further analysis to support the organizations incident response efforts in accordance with the NIST AU-6 and IR-5 requirements.