Orgvue Log Management

Owned by Paul Coleman
Last updated: 11 Nov 2022
1 min read

How is Orgvue user activity logged?

Orgvue user activity is logged in the application and Event Store. The Event Store holds an immutable log of all data mutations, while the application logs an immutable log of all application events. These logs are retained for the lifetime of the tenant and are stored within the encrypted customer tenant, accessible by customer tenant Administrators only.

Orgvue records the outcome of every operation, inclusive of authentication and authorization failures, by user identity, time and IP address, providing an audit log of all changes, identifying who made each change, when, and the content of the change. Tenant Administrators can also see ‘recent activity’ in a dataset.

Can a customer export their Orgvue application logs to their own SIEM (Security Information and Event Management) solution?

This is not currently supported. Typically customers have a limited number of staff using Orgvue, so the risk of not ingesting Orgvue log data is limited.

How is Orgvue AWS infrastructure activity logged? Activity by Orgvue DevOps staff for example?

Orgvue infrastructure security log events are centrally consolidated. Alerts are generated from automated queries. Logs are retained for a minimum of 12 months. These logs are not available to Orgvue customers due to the multi-tenanted nature of the platform.