Audit logs gather operational information about events occurring within a deployment to track processes and security data, including authentication mechanisms, system access, user and administrator activity, error messages, and configuration changes. Audit logs are commonly consumed by third-party SIEM and analytics solutions, such as FireEye®, Guardian Analytics®, Logstash and Splunk®.
The Identity Cloud audit log is accessed via a read-only API using API keys. Your Identity Cloud tenant administrators manage the creation and deletion of the API keys and how they are distributed.
Audit data is held for 30 days and is available to be downloaded via a REST API.