Audit logs

The Automation 360 platform provides a comprehensive and centralized audit logging of all automation activities to authorized users. Role-based access control to Audit Log is managed through the Control Room. More than 60 audit actions are logged.

All valid and invalid attempts of actions are logged. Events are logged by the following factors:

Doer of the action: For example, a username.
Source of the action: For example, Bot Runner or Control Room
Type of event: The description of the event.
When the event occurred: For example, the date and the time of the event.
Where the event occurred: The device.
Outcome of the event: Description and status of the event.

Some key audit actions include the following:

Log in and log out of the centralized Control Room.
Create, update, and delete Users.
Activate and deactivate the Control Room users.
Any change of password for any user
Create, update, and delete roles (helps in tracking changes to security policy, change in user access privileges)
Create, update, and delete schedules
Connection to the Credential Vault
Create, update, and delete credentials
Deploy the bots from the Control Room to the remote Bot Runners.
Pause, resume, and stop the ongoing automations.
Any upload and download from Bot Creators and Bot Runners
Any check-in, check-out of bots from Bot Creators and Bot Runners
Update email and other settings
Enable and disable secure recording.
Change a license.

Nota:

The audit log information is viewed for at least 90 days in the Control Room. These 90 days are based on the date on which you are checking the logs. The audit log information beyond 90 days cannot be viewed in the Control Room.
For audit logs information beyond 90 days and to avoid loss of audit logs, you must have self-configured the Security Information and Event Management server (SIEM) or Syslog server (managed by customers) integrated with the Control Room as:
- SIEM server for Cloud deployment. For more information, see Configure integration with SIEM.
- Syslog server for On-Premises deployment. For more information, see Syslog server integration.
The Control Room audit logs are sent to the configured SIEM or Syslog server (managed by customers) based on the deployment. For more information, see Automation 360 Cloud Data Retention Policy.

RBAC on audit log

Audit is automated for all privileged and nonprivileged roles to conform to best practices as defined in NIST AC-6. Access is view-only based on a deny-all and allow by exception based on roles and domains as defined in the Audit Section 7 addressing Audit and Accountability (NIST AU 1 through 15) and as required by NIST AC-2 Automated System Account Management.

If a role does not have permission to view Audit Logs, the Audit Trail tab is not visible to all members of those roles. Audit automatically captures all events related to creation, modification, enable, disable, user removals, bots, Bot Creators, and Bot Runners.

Control Room Bot Creator and Bot Runner activity logging

For every Bot Creator and Bot Runner, the Automation Anywhere Enterprise platform does comprehensive activity logging for bots, workflows, and reports.

Some of the key activities logged include the following:

Task creation, update, deletion (task is a type of bot).
Task run
Workflow creation, update, deletion
Workflow run
Report creation, update, deletion
Report run
Change in bot properties

Audit of Bot Runner operations

Bot Insight captures additional Bot Runner events for review and analysis of audit records for indications of inappropriate or unusual activity. The Bot Insight logs can be exported for further analysis. Automated dashboards and reports are available and can be customized to identify and alert on anomalous activity. These capabilities conform to best practices as defined in NIST AU-6 Audit Review Analysis and Reporting.

Audit log nonrepudiation

The logs are protected against an individual (or process acting on behalf of an individual) falsely denying having done authorized actions through read-only privileges, automated event capture, and binds the identity of the user to the actions, in conformance with best practices as defined in NIST AU-10 Non-repudiation and AU-11 Association of Identities.

Export audit logs

All Control Room and Bot Insight Bot Runner logs are exported to a Security Event Information Management Systems for further analysis to support the organizations incident response efforts in accordance with the NIST AU-6 and IR-5 requirements.