Auditing the plugin

This feature allows you to audit user actions that interact with LLMs. Such user actions include:

  • Generating Graph reports.

  • Programmatically interacting with LLMs via the Siren API scripting environment.

Configuring Auditing

To enable auditing for these user actions, you will need update the investigate.yml with the following:

  1. siren_audit.enabled is set to true.

  2. llmPrompt is added to logged_types.

siren_audit:
  enabled: true                       # The value is false by default.
  logged_types:                       # The entry types that are logged.
    - llmPrompt

For more information on configuring and accessing audit logs, please refer to Auditing user sessions.

Additional configuration

After Generating a graph report , it is also possible to Download Report, this can be audited by adding reportExportToDoc as a new logged_type to investigate.yml:

siren_audit:
  enabled: true
  logged_types:
    - llmPrompt
    - reportExportToDoc