SNC Access Control Plugin has been activated. Info Sec Team would like to be able to search the log files to identify any Service Now users that have accessed our system and what actions have been taken. Which log file would be best suited to access?

Go to solution
marceiseman
Kilo Contributor

‎03-01-2022 06:58 AM

We have recently activated the SNC Access Control Plugin. Our Info Sec Team would like to be able to search the log file best suited to identify the support personnel that have accessed the system and what action were taken when they did,

Any suggestions as to the correct log file to access?

Thx in advance for your help.

Labels:
0 Helpfuls
  • 1,585 Views
1 ACCEPTED SOLUTION

Go to solution
Jeff Boltz1
Mega Guru

‎03-01-2022 07:02 AM

Events and Transactions:

(just some ideas)

https://[instance].service-now.com/sysevent_list.do?sysparm_query=sys_created_onONToday%40javascript%3Ags.daysAgoStart(0)%40javascript%3Ags.daysAgoEnd(0)%5EnameSTARTSWITHlogin%5Eparm1LIKEsnc&sysparm_view=

https://[instance].service-now.com/syslog_transaction_list.do?sysparm_query=urlSTARTSWITH%2F%5Esql_count%3E0%5Eresponse_time%3E25%5Esys_created_byLIKEsnc&sysparm_view=

View solution in original post

5 REPLIES 5

Go to solution
Paul Curwen
Giga Sage

‎12-03-2024 02:06 AM

There is no easy/quick way of tracking exactly what was done by anyone using snc access, you need to look in two locations: 

 

  • Event logs: The event logs show all Customer Service and Support logins to an instance.
  • Transaction logs: The transaction logs show all activity on the instance, including any efforts to delete logs.
***If Correct/Helpful please take time mark as Correct/Helpful. It is much appreciated.***

Regards

Paul
0 Helpfuls