Admin auditing for the security center
Many security center tasks are recorded in the Admin audit log. This log enables you to track the history of tasks performed in your Google Admin console, including which administrator performed the tasks.
For example, as a super admin, you might want to view what a delegated admin has done with drill-downs on the security center dashboard. You can go to the Admin audit log and search for the admin's name. Using the results of this search, you can see which charts the admin has generated, and which filters were used on those charts.
Parameters for audit log events include the admin's name, the chart's name, and the range of dates queried. A new log event is created each time a user adds or removes a filter. If multiple filters are present, they are listed in a comma-delineated format.
In the Admin audit log, you can find details about these security center events:
- Security Chart Drill-down—When an admin drills down on charts in the security dashboard
- Security Chart Export—When an admin exports a chart in the security dashboard
- Security Chart Drill-down Export—When an admin exports the drill-downs on charts in the security dashboard
Note: Admin activity on the security health page isn't audited. However, actions resulting from the information on the security health page are audited in that specific setting’s existing audit logs.
For more details and instructions, see Admin audit log.