An audit log in Protect contains information about the queries that were run to access the data and the data that was accessed.
This topic describes how to generate an audit log for Protect and what is shown in an audit log.
Tip
The information in this topic varies depending on the data source that you select.
Data source
Generate an audit log
You can generate an audit log of access records from the data source on the Audit page.
Note The time that it takes for the actions performed in a data source to appear in an audit log in Protect varies from several minutes to hours, depending on the data source.
Before you begin
You have a global role that has the Protect > Edit or Protect > Administration global permission.
Steps
- Open Protect.
- Click the Audit tab.
- Click BigQueryDatabricks
- In the AWS Region field, select the hosting region for your Amazon Web Services.
- Click one of the following buttons: Today, Yesterday, A week ago, 30 days ago.Tip The start date corresponding to the button that you clicked is shown in the Start Date field. Alternatively, you can enter or select a date in the Start Date field.
- Click Generate Log.
The audit log is generated.
Important
- The generation of an audit log may take up to a minute. After clicking Generate Log, do not navigate away from the Audit page because doing so cancels the audit log generation.
- The audit log contains the first 1,000 records from the selected start date. If you want to view the remaining records, contact your data source administrator.
Audit log data
The following table describes the columns that are shown in an audit log.
| Column | Description |
|---|---|
| Query ID | The ID of the query in Snowflake. |
| Query Start Time | The date and time of the query in Snowflake. |
| Source User Name | The name of the user in Snowflake who ran the query to access the data. |
| Direct Objects Accessed | The database object (a table or a view) that was used to access the data. |
| Base Objects Accessed | The database object that was accessed. |
| Event Name | The name of the event in AWS Lake Formation. |
| Date | The date and time of the event in AWS Lake Formation. |
| Source User Name | The name of the user in AWS Lake Formation who ran the event to access the data. |
| Event Source | The source of the event, for example, AWS Athena. |
| Resources | The resources that were accessed. |
| Method Name | The name of the method in BigQuery. |
| Date | The date and time of the method in BigQuery. |
| Principal | The name of the user in BigQuery who ran the method to access the data. |
| Resource Name | The resource that was accessed. |
| Action Name | The name of the action in Databricks. |
| Objects Accessed | The objects that were used to access the data. |
| The email address of the user in Databricks who ran the action to access the data. | |
| Query Start Time | The date and time of the action in Databricks. |