Documentation

Audit Log

The audit log in the Censys Platform web console provides a record of user and organization events for the Platform and user, organization, and workspace events for Attack Surface Management (ASM).

As of January 2026, the Censys team has started migrating ASM customers to the Platform for organization management. Contact your Censys team representative to learn more about migrating your team.

Access and use the audit log

Organization users with the admin role can access the audit log. Users without admin the role cannot access the audit log.

To access the audit log in the Platform console:

  1. In the left side navigation panel, hover your cursor over the organization icon. Click the Settings button.
  2. Go to Organization Settings > Audit Log.

Use the time range, Event Name, and Actor filters to find events of interest. Event names include actions like user login, Personal Access Token (PAT) creation and deletion, user role changes, and user MFA and password changes. Actors are Censys users or, in some cases for automated events, Censys systems.

The Subject is the object modified or used by the action.

📘

Note

Events occurring on or after January 1, 2026 are available in the audit log.

Hover your cursor over an icon next to an actor or subject to see its type.

The Source column indicates whether the action was executed in the UI or via the API. Note that if an ASM user makes a change via API, the username will not be shown, as ASM APIs are executed at a workspace level.

Click Download CSV in the top right corner at any time to download your filtered audit log results.

Audit log events

The table below lists all audit log events and which products they apply to.

Event information

Click the > arrow next to any event entry to see additional details, such as the login method and whether MFA was enabled for login events.

Actor and subject information

Click the name of an actor or subject to see additional information about them, including their name, user ID, and email.

User actions and organization information

Any time that a user performs an event that affects themselves like logging in, changing their settings, or creating a PAT, Censys records which organizations they were members of at the time of the event. Admins of any of those organizations can see those events in their audit log.

Audit log API

Organization admins can also retrieve audit log events via the list audit log events API endpoint.