- 28 Nov 2023
- 1 Minute to read
- DarkLight
Work with audit logs
- Updated on 28 Nov 2023
- 1 Minute to read
- DarkLight
This article teaches you how to retrieve and consume audit logs in your SIEM or bucket using Torq workflows and steps. You have an option to use the Torq API.
Torq provides several templates to help you easily and efficiently manage your logs in Torq. Here are some of the most common use cases and templates that you can use. If a template doesn’t fit your stack precisely, you can quickly change to the appropriate vendor step.
Collect Torq audit logs
Torq’s Collect Torq audit logs template collects Torq workflow user audit logs (or activity logs) and returns the logs to the parent workflow. It’s meant to be used as a nested workflow.
How the template works
From the parent workflow, call this workflow and provide the required parameters.
Retrieve audit logs (or activity logs) based on the provided parameters.
Return the results in the exit of the workflow.
Vendors
This workflow only uses Torq steps, so you’ll need your Torq API key.
Workflow output
JSON array of the requested logs within the configured time.