Accessing Audit Logs

Verkada logs user and device activities that occur within the Verkada Command platform. These logs are maintained at the organization level and at the individual camera level.

Note: If you are looking to access events prior to June 15, 2021, reference legacy audit logs here.

Verkada Audit Log Overview

Our audit log tracks system access and ties each action to a user. Examples of types of events that are logged are:

• User logins

• User management (add, edit, delete users)

• Organization, site, and group creation

• Cameras moved between sites

• Video footage (live, historical, archives) viewed

• Verkada Support actions

Events will contain specific information like:

• Timestamp of when the action took place

• IP address of the user or device that performed the action

• Username, phone number, or device that performed the action

Accessing the Org Audit Log

Users with Org Admin permissions can access the audit log by following the steps below:

1. Select the Admin page

2. Select Privacy & Security

3. Select the > next to Audit Log

4. Admins can view the audit log on screen and use the search bar to filter for events or download as CSV to create custom reports.

Accessing Per Camera Audit Logs

Users with Site Admin permissions to the camera's site can access the per camera audit logs by following the steps below:

1. Select a camera

2. Select Settings

3. Under General select the > next to Audit Log

4. Admins can view the audit log on screen and use the search bar to filter for events or download as CSV to create custom reports.

Exporting the Camera Audit Log for All Cameras

Organization Admins are able to export a single CSV of all the camera audit logs for their organization.

1. Select the Admin tab

2. Select Cameras

3. Under Export Camera Audit Log use the dropdown menu to set the timeframe

4. Select Export CSV

The export is limited to 30 days. To export a wider date range, multiple exports need to be performed.

Exporting Cameras List

Organization Admins are able to export a single CSV file of all the camera's info that includes:

• Name of the camera

• Site

• Location

• Model

• Serial number

• Date added to Org

• Device retention

• Cloud backup retention

• Firmware status

• Local IP

• MAC

• Status

• Last online date

Steps

1. Select the Admin page

2. Select Cameras

3. Select Export CSV under Export Camera List

Note: The export process can take up to one minute depending on the number of cameras in the organization and the time range selected.

List of all Audit Log Events

User logins

• User attempted login: Displays login success or failure, with reason.

• User attempted logout: Displays logout success or logout failure, with reason.

Verkada Support access

When a member of the Verkada Support team is granted access by a customer, the event along with the details (time, access window size, etc.) alongside the actions taken by the Support team member (i.e. configuration changes) are logged. Notifications can be set for when these actions are taken.

• Support Access: A Verkada Support team member was granted access to the organization by an admin user.

• Support Access Granted: An admin created or modified a Verkada Support access window. This event occurs when an admin creates or modifies the duration in which a Verkada Support Team member can access the organization.

User management

• User Created: New user created within the organization

• User Invited: A new user was invited to the organization

• User Login: A user attempted a login

• User Logout: A user logged out

• User Changed Password: A user changed their password

• User Permissions Modified: Permissions were modified for a user

• User Preference Set: User set or changed preferences

• Two-factor Reset: Two-factor authentication was reset

• SAML Config Created: New SAML configuration was created

• SAML Config Deleted: SAML configuration was deleted

• SAML IDP Initiated: SAML IDP was initiated

• SAML Config Updated: SAML configuration was updated

• SCIM Provider Created: New SCIM provider created

• SCIM Provider Deleted: SCIM provider was deleted

• SCIM Provider Modified: SCIM provider was modified

• SCIM Token Regenerated: SCIM token has been regenerated

• User Group Action Taken: A user group has been created, modified, or deleted

• Users Removed from Organization: A user or set of users were removed from the organization

• Force Logout Requested: An admin force logged out a user

Organization, Site, and Group actions

• Organization Modified: Organization renamed in Command

• Organization Property Modified: A property or setting of the organization was modified

• Site Action Taken: A site has been created, modified, or deleted

• Camera Site Changed: A camera site was modified

• Webhook Toggled: Webhooks were enabled or disabled

• API Key Modified: An API key was either created or modified

User actions

• Devices Installed: User added a new device to Command

• Devices Uninstalled: User removed a device from Command

• Camera Config Modified: User modified a camera configuration. See details for which configuration

• Profile Image Downloaded: User downloaded still image from camera footage

• Profile Image Uploaded: User uploaded an image

• Profile Photo Added: User added a profile photo

• Profile Created: User created and named a person in Command

• Profile Details Viewed: User viewed details of a profile/person

• Profile Viewed: User viewed a profile/person

• Profile Merged: User merged two profiles/people into a single profile

• Profile Searched by Uploading Image: A user uploaded an image to perform a search in Command

• Profile Suggestions Viewed: Suggested profiles/people were viewed by a user

• Profile Suggestions Updated: Suggested profiles/people were updated

• Profile Unmerged: User unmerged a profile

• Profile Updated: User updated a profile

• Profile Searched: User searched for a profile/person

• Profile Searched with Details: User searched for a profile/person with details

• Vehicle Searched: A user searched for a vehicle

Camera viewing actions

• Live Stream Started: User started a live video stream

• History Viewed: User viewed historical video

• Archive Action Taken: User created, modified, or deleted a video archive

• Embed Link Created: User created a video embed link

• Live Link Created: User created a shareable link

• Timelapse Action Taken: User created, modified, deleted, or downloaded a video timelapse

Access events

• ACU Commissioned: Access Control unit added to Command

• ACU Decommissioned: Access Control unit removed from Command

• Door Created: A new Access door was created

• Door Deleted: An Access door was deleted

• Access Group Created: A new group was created for Access

• Access Group User Added: A user was added to an Access group

• Access Group User Removed: A user was removed from an Access group

• Access Lockdown Created: A lockdown was initiated

• Access Lockdown Modified: A lockdown was modified

• Access Lockdown Deleted: A lockdown has been deleted/removed

• Access Schedule Created: User created an Access schedule

• Access Schedule Modified: User modified an Access schedule

• Access Schedule Deleted: User deleted an Access schedule

• Access Method Added: User was granted a new Access method

• Access Method Removed: Access method removed

• Access Method Modified: Access method modified

• Access Roles Granted: User granted Access roles

• Access Roles Revoked: User revoked Access roles

• Access Users Exported: User exported Access user list

Audit Log API

Command audit logs can also be retrieved via REST API call. The Get Audit Log API call returns audit logs for an organization within the time range specified. All audit logs include a timestamp in UTC format, user info, IP address, event info, and device info. See apidocs.verkada.com for more information.