Hi @nora_ziani,
I see that you have been posting the same question in multiple threads. That is not recommended in the forum. It creates orphan threads and duplicates the topic. Can you help merge these threads @Palaniyappan /@loginerror ? Thanks.
Please review this post on how to ask a good question in this forum :
Documentation of Auditable entities in Orchestrator
- Audit
- Audit Logging
- Setting up Audit Logs : https://docs.uipath.com/process-mining/docs/set-up-audit-logs
Addressing your question : What are the risk of audit log in orchestrator
It depends how you define risk here. Risk management is all about trade-off between the probability of occurrence and severity of the event.
You will have to ask How probable it is that the audit log is leaked. Only certain roles in the tenant have the rights to see audit logs. So you will have to assume a number here which says how probably it is that this user credentials is takeover. Also you have to consider that the user might have enable two factor authentication or have a single sign on (for on-premises orchestrator). I think you get my point, the answer to the probability of occurrence will be depended on many factors.
On the consequence side of things, most assets and audit entities are not logged in this file. For example, a credential asset is not saved in free text in this audit file. So if a bad actor gets hold of this file, they first need access to your orchestrator and even if they do have access, it will probably not have critical consequences. On the other hand, if one of the team members did not oblige the need to save passwords in credential assets, it might be logged in this audit file.
If you want to know more about Risk Management, please go through this foundational paper from Prof. Aven and apply the principles to your case :