Risks Of audit Logs

Hello all

what are the risk of audit log in orchestrator ?

best regards

1 Like

Hey @nora_ziani

There is no risk, Its a must need for security and safety.

Thanks
#nK

What exactly are you asking? You mean the information stored when you use Log Message?

1 Like

what are the factors of success please

Thank you

@postwick in generaly the risks when we use the audit logs uipath architecture

Best regards

What do you mean by “audit logs uipath architecture?”

Are you talking about when you use the Log Message activity?

1 Like

@postwick no , i talk about audit log from ochestrator in order to see what the others users are done (updates, actions )

Thank you lot

Ahhh ok. The potential risk would be that this info is stored in the database and contains user information such as usernames.

Hi @nora_ziani,

I see that you have been posting the same question in multiple threads. That is not recommended in the forum. It creates orphan threads and duplicates the topic. Can you help merge these threads @Palaniyappan /@loginerror ? Thanks.

Please review this post on how to ask a good question in this forum :

  1. How to ask a good question?

  2. Forum FAQ - Beginner’s guide

Documentation of Auditable entities in Orchestrator

  1. Audit
  2. Audit Logging
  3. Setting up Audit Logs : https://docs.uipath.com/process-mining/docs/set-up-audit-logs

Addressing your question : What are the risk of audit log in orchestrator
It depends how you define risk here. Risk management is all about trade-off between the probability of occurrence and severity of the event.

You will have to ask How probable it is that the audit log is leaked. Only certain roles in the tenant have the rights to see audit logs. So you will have to assume a number here which says how probably it is that this user credentials is takeover. Also you have to consider that the user might have enable two factor authentication or have a single sign on (for on-premises orchestrator). I think you get my point, the answer to the probability of occurrence will be depended on many factors.

On the consequence side of things, most assets and audit entities are not logged in this file. For example, a credential asset is not saved in free text in this audit file. So if a bad actor gets hold of this file, they first need access to your orchestrator and even if they do have access, it will probably not have critical consequences. On the other hand, if one of the team members did not oblige the need to save passwords in credential assets, it might be logged in this audit file.

If you want to know more about Risk Management, please go through this foundational paper from Prof. Aven and apply the principles to your case :

2 Likes

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.