SendSafely Audit Log API

logging-api

SendSafely's new Audit Log API provides security and compliance teams broader visibility into events occurring in the SendSafely platform. Authorized users can perform targeted searches of log data as part of ad-hoc incident investigation, or ingest the audit feed into existing SIEM platforms for unified monitoring and alerting.

The API captures important metadata related to activity like file uploads and downloads, admin tasks and user activity. Customers can query audit logs via the SendSafely Rest API and optionally configure automated logs exports to Amazon S3 so they can easily be ingested by other systems. 

Every Audit Log entry includes a standard set of searchable fields and a custom LogDetail (in JSON format) that captures detail data specific to the event. See field description below:

Field

Description

eventId

Unique identifier for the event

timestamp

Timestamp of when the event occurred in ISO 8601 format (UTC)

eventType

The event that triggered the log entry. The following event types are currently supported:

PACKAGE_EVENT - Logged each time a file upload or download is performed (Secure Transfer, Dropzone or Workspace)
ADMIN_EVENT - Logged each time an admin action, such as deactivate user is carried out by an Admin user.
USER_EVENT - Logged each time a user action is performed (e.g. login, reset password) 

action

Actions are more granular than events. Each eventType has a defined list of valid actions. For example, the ADMIN_EVENT type captures actions like:

- Activating & Deactivating Users
- Enabling/Disabling User 2FA
- Granting/Revoking Privileges 
- and more...

ipAddress

The source IP address of the device that triggered the event

authenticatedUser

The identity of the logged in user who performed the event.

impersonatedUser

If the authenticated user was an admin impersonating another user, then this is the person they were impersonating. 

LogDetails

Additional data elements specific to the Event Type and Action. LogDetails are in JSON format.  (see example record below)

Example Record

Below is an example record for the PACKAGE_EVENT, PACKAGE_FILE_DOWNLOAD action. In this example, user@example.com downloaded a file named example.pdf from Package ID JEPT-YZ7X, which was sent by user@example.com

{
   "eventId": "643ff796b9eb7544f4008724",       
   "timestamp": "2023-04-14T19:29:15.898Z"      
   "eventType": "PACKAGE_EVENT",
   "Action": "PACKAGE_FILE_DOWNLOAD",
   "ipAddress": "127.0.0.1",
   "authenticatedUser": "user@sendsafely.net",
   "impersonatedUser": null,
   "logDetails": {
      "packageId": "JEPT-YZ7X",
      "packageType": "TRANSFER",
      "fileName": "example.pdf",
      "fileSize": "19924",
      "packageOwner": "user@example.com"
   },
}

Accessing Audit Log Data 

There are two options for accessing the Audit Log data: 

  • Direct queries using the SendSafely Rest API
  • Automated export to an S3 bucket in your AWS environment

In order to access the Audit Log API, this feature must be enabled for your organization and you must have Administrative rights in your SendSafely portal. Detailed information on record formats and how to get access to the Audit Log API is available in this help center article.

Data Retention

All Audit Logs are accessible through the SendSafely Rest API for 90 days. Customers that wish to retain log access for extended periods of time should use the S3 Export Feed, as the exported files can be retained in S3 indefinitely.

The Audit log API is available on the SendSafely Enterprise plan. Please contact sales@sendsafely.com for information regarding opting in to Audit Logging

 

 


 

 

 

 SendSafely: Integrated File Transfer for the Apps you Love 

If you are looking for a secure way to transfer files with customers or business partners, our platform might be right for you. Contact us today to request a demo and free trial subscription.