Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. IT Analytics Help
  3. Section XVI. System Administration
  4. System Configuration in the Portal
  5. Events captured for audit

Events captured for audit

Event audit logging is always enabled by default in IT Analytics and can be edited by an admin user from Admin > Advanced > System Configuration > Portal tab. When enabled, the events captured can be viewed on the Audit Events Summary and Audit Event Details reports. You can trace the user actions and object value changes using this feature.

Events that fit the following criteria are captured:

  • Only selected audit events (or user actions) are audited.

  • For template events (create/modify/delete) attribute changes are not captured.

  • Attribute changes (such as create/modify/delete) must not be for template events

  • Attribute changes (such as create/modify/delete) must not belong to Veritas Backup Exec policy.

Event audit logging captures the following events:

Table: Events captured

Event group

Event

Event description

User Management

Add user

A new user is added.

Delete user

An existing user is deleted.

Modify user details

Existing user details are modified.

User Group Management

Add user

A user is added to a user group.

Remove user

A user is removed from a user group.

Security

User login succeeded

A successful user login.

User login failed

User login has failed.

User logged out

User has successfully logged out.

User switched ID

User has successfully switched the ID.

Unauthorized action

User has performed an unauthorized action.

API key created

API key generated successfully.

User Actions

Collector added

User has added a collector.

Collector details modified

User has modified collector details, such as host name, servers, and password.

Collector key file generated

Collector key file was successfully generated.

Collector deleted

User has deleted a collector.

Policy added

User has added a policy.

Policy details modified

User has modified the policy details.

Policy deleted

User has deleted a policy.

Policy portability

User has moved a policy from one collector to other.

Report template created

User has created a report template.

Report template modified

User has modified a report template.

Report template deleted

User has deleted a report template.

Report instance created

User has created a report instance.

Report instance modified

User has modified a report instance.

Report instance deleted

User has deleted a report instance.

Feedback

Was this page helpful?
Previous

Host discovery: Host

Next

Custom parameters

Feedback

Was this page helpful?