System Audit Report

The enhanced System Audit Report, previously the Workflows Audit Report, features a more intuitive way to display audit information, including easier access to data and more filter options. This report consolidates system-wide information for audit purposes, including users, devices, groups, and workflows.

The System Audit Report includes audit records for when users, devices, groups, workflows, HTTP triggers, and custom steps are added, modified, or deleted. Company supervisors can use the report to review and troubleshoot changes to the users and workflows in their system.

Each record in the report indicates the name of what was changed, when the change occurred, details about the change (including before and after values, where available), where the change was made, and who made the change. For more details, see How to read changes in an audit record.

Use the System Audit Report

The following sections describe actions you can perform in the System Audit Report:

In the Reports menu, under Audit, click System Audit Report.

To more easily view data in the report, do one or more of the following:

  • To sort the content of a column in chronological order, click the column header. (Click the header again to reverse the sort order.)
  • To change the width of a column, move the pointer over the edge of the column and when the re-size icon appears, click and drag the column to the desired size.
  • To rearrange the columns, click and drag a column header to a new location on the table.
  • If the list contains more entries or columns than can be displayed on your screen, scroll horizontally or vertically. The system automatically loads more data as you scroll the page.
  • To include or exclude columns, click the Columns drop-down menu and select or clear the columns that are included. When you've hidden a column and want to see it again, it is added as the last column of the table.

See Available data columns for descriptions of each column.

You can quickly search for audits that contain the search term. Start typing in the search bar and the report automatically updates the list to display audits that contain the search term.

The report displays data for a specific timeframe. You can select particular timeframes (Past 24 Hours, Past 7 Days, Past 30 Days, Past 60 Days, or Past 90 Days), or specify a date range using the calendar and time pickers and click Apply. The results in the report update to match your timeframe or date range.

The available filters allow you to narrow the audits list based on matching specific criteria. For example, you can use filters to locate audit records for changes made to a particular workflow by a specific person or people (e.g., audit records for changes made to the Incident Resolution workflow by Mary McBride or Aarohi Kaur).

You can apply one or more filters to narrow down the list of audit records. If you apply multiple filters, xMatters only returns record that match all of the specified filter criteria. For detailed instructions on how to use filters, see Filtering data tables.

The following table describes the available filters on the System Audit Report and their values:

Filter Values
Name
  • Show All: All audit records, regardless of user, device, group, workflow, custom step, or HTTP trigger.
  • Search to select other options: Type a search term to populate a list of matching users, devices, groups, workflows, custom steps, or HTTP triggers you can select from.
Changed
  • Workflow: Audit records for workflow changes.
  • Custom Step: Audit records for custom step changes.
  • HTTP Trigger: Audit records for HTTP trigger changes.
  • User: Audit records for user changes.
Changed By
  • Show All: All audit records, regardless of who made the change.
  • Me (First Last): Changes you made. For example, "Me (Mary McBride)".
  • Search to select other options: Type a search term to populate a list of users you can select from.

Click Export to open or save the report's currently displayed results as a spreadsheet.

Understand the System Audit Report

The following sections provide more information on how to navigate the System Audit Report and interpret the data within each audit record:

The Workflows Audit Report includes the following columns:

Column Description
Time The date and time of the change.
Changed What was changed: User, Device, Group, Workflow, Custom Step, or HTTP Trigger. For more information on each change, see Data components.

Name

 The name of the user, device, group, or workflow, or the name and version of the custom step or HTTP trigger.
Changes Details about the change. To learn how to interpret the data in this column, see How to read changes in an audit record.
Changed By

The first name, last name, and user ID of who made the change.
Interface The product interface where the change was made: Web UI, API, or Not Available.

The Workflow Audit Report records changes to the following components:

Changed Component
User
  • First and last name

  • User ID

  • Active/inactive status

  • Login credentials

  • Roles

  • Sites

  • Time zones

  • Languages

  • Custom user properties
Device
  • Name

  • Type

  • Contact information

  • Active/inactive status

  • Priority threshold

  • Device delay

  • Device order

  • Device timeframe

  • Test status

  • Failsafe status
Group
  • Name
  • Description

  • Type

  • Active/inactive status

  • Allow Duplicates setting

  • Use Failsafe Devices setting

  • Site to use for holidays

Workflow
  • Name
  • Description
  • Enabled/disabled status
  • Notification flood control status
  • Permissions

  • Forms

  • Form properties

  • Flow canvases

HTTP Trigger
  • Name
  • Permissions
  • Settings
  • Inputs
  • Outputs
  • Script

Custom Step
  • Name
  • Permissions
  • Settings
  • Inputs
  • Outputs
  • Script

When constant changes occur within your organization, it may be difficult to find the audit record you need in the System Audit Report even after you've utilized the filter, sort, and search functions to narrow down the list. Learn how to read and interpret the data in the Changes column of an audit record to quickly find what you're looking for:

Added

When a component is added, the Changes column records the name of the component and any corresponding settings that have been configured for it during creation. For example, if you add a user, you would see the following in an audit record:

  • Changed column: The type of change, which in this case is "User".
  • Name column: The first name, last name, and user ID of the new user.
  • Changes column: The action that occurred, which in this case is adding a user. The column lists the name of the new user and the settings that were configured at the time of creation.

Deleted

When a component is deleted, the Changes column records the name of the component that was removed. For example, if you delete a workflow, you would see the following in an audit record:

  • Changed column: The type of change, which in this case is "Workflow".
  • Name column: The name of the deleted workflow.
  • Changes column: The action that occurred, which in this case is deleting a workflow.

Updated

When a component is updated, the Changes column records the name of the component and the changed setting's old value for reference along with the newly updated value. For example, if you update a trigger in a workflow, you would see the following in an audit record:

  • Changed column: The type of change, which in this case is "Workflow".
  • Name column: The name of the updated workflow.
  • Changes column: The action that occurred, which in this case is updating a flow trigger in a workflow. The column lists the name of component (the flow trigger) and the settings that were configured during the update, including old and new values when applicable. (e.g., If you disabled the flow trigger, the change would look like: 'Is Enabled: Enabled ➔ Disabled'. The updated setting is "Is Enabled", the old value is "Enabled", and the new value is "Disabled".)

Multiple changes

When multiple components are updated at the same time (e.g., a team member relocates and they update their sites, languages, and time zone), the report lists them all in one record when possible. Some changes may be listed in separate records due to how the data is processed. To confirm if multiple records were changed at the same time by the same user, check if the Time and Changed By column values are the same for the records you're looking at.

We are continuously adding xMatters components to the System Audit Report. If the report hasn't started capturing data for a specific component at the time of a change, the information cannot be retrieved and it is shown as Not Available on the audit record. This may also apply to data that appear as [none]—if you search or filter for a change that occurred before the component was added to the report, you will not be able to access the data.