Audit Logs and Activity Tracking

True Protection by Jag maintains comprehensive audit logs that record all significant actions taken within the Management Console and on managed devices. These logs are essential for security investigations, compliance audits, and operational troubleshooting.

What Is Logged

Administrator Actions: Policy changes, user management, device enrollment and removal, remote actions, and configuration changes.
Device Events: Threat detections, scan completions, update installations, policy applications, and protection status changes.
Authentication Events: Successful and failed login attempts, password changes, two-factor authentication events, and session management.
System Events: Service restarts, license changes, integration configuration updates, and scheduled task executions.

Viewing Audit Logs

Step 1: Navigate to Reports > Audit Logs in the Management Console.
Step 2: Use the filters to narrow results by date range, event type, user, or device.
Step 3: Click any log entry to view the full event details including before and after values for configuration changes.

Log Retention

Audit logs are retained according to your plan level: Business plans retain 90 days of logs, and Enterprise plans retain up to 1 year. Logs can be exported to CSV or forwarded to an external SIEM system for long-term archival. Log retention cannot be reduced below regulatory minimums for organizations using compliance features.