How does Whatfix handle security monitoring and logging?

Whatfix uses Security Information and Event Management (SIEM) tools to monitor and detect potential security incidents. Whatfix follows the ISO 27001 guidelines and has a formal incident management policy in place to ensure a structured response to such events. Read on to learn more about event monitoring and logging.

What types of events are logged?

Logging is enabled at both the application and infrastructure levels to capture key events, including:

• Login or Logout activities

• Data modifications

• File changes

• Service updates

How are logs stored and protected?

All logs, including security and audit logs, are centrally stored with restricted access and tamper detection measures with Whatfix. These logs include various data points such as firewall activity, intrusion detection system events, VPN usage, and antivirus logs. A dedicated team monitors these logs 24/7.

What tools are used for log management?

A centralized log management system with tamper detection capabilities is used for managing and analyzing logs. A few examples of SIEM tools are Elastic, Splunk, Amazon CloudWatch, and Solar Winds.

Can you access logs related to your Whatfix account?

As Whatfix is a SaaS platform, security events may occasionally reference other clients. For this reason, Whatfix does not share raw logs. However, you can request activity or access logs specific to your account. The Whatfix Support team can provide the logs using internal APIs. Contact support@whatfix.com to access the event logs.