Gerenderte Dokumentation
Diese Seite rendert das Markdown und Mermaid des Moduls direkt aus der offentlichen Dokumentationsquelle.
Overview#
Argus provides comprehensive access logging and forensic analysis capabilities that capture every authentication, authorization, and data access event across your organization. These logs enable real-time suspicious activity detection, rapid incident investigation, and automated compliance reporting -- giving security teams full visibility into who accessed what, when, and from where.
Key Features#
-
Comprehensive Event Capture - Every authentication attempt, authorization decision, data access operation, administrative change, and security event is logged with full context including actor identity, resource details, and network information.
-
Real-Time Suspicious Activity Detection - Automated pattern detection identifies threats such as brute force attacks, credential stuffing, privilege escalation, data exfiltration, and insider threats as they occur, with high accuracy and low false positive rates.
-
Forensic Search and Analysis - High-performance search across your entire access log history enables security analysts to investigate incidents quickly, with entity-centric investigation, temporal analysis, and automated timeline reconstruction.
-
Automated Compliance Reporting - Generate audit-ready reports for multiple compliance frameworks with a single action, including executive summaries, access statistics, high-risk activity highlights, and remediation recommendations.
-
Immutable Audit Trail - Write-once storage with cryptographic integrity verification ensures access logs cannot be tampered with, providing a trustworthy evidence chain for compliance audits and legal proceedings.
-
Tiered Storage Management - Automatic lifecycle management moves logs from high-performance storage to cost-optimized archival storage based on age and access patterns, maintaining long-term retention at reduced cost.
How It Works#
When any user, service account, or API key interacts with the Argus platform, the access logging system captures the event with microsecond precision. Each event records the actor's identity and authentication context, the resource being accessed, the action performed, the authorization decision, and relevant security context including risk scoring.
Events flow through the real-time detection engine, which evaluates them against configurable detection rules and behavioral baselines. The system recognizes patterns across multiple event types -- for example, detecting impossible travel by correlating login locations with time gaps, or identifying data exfiltration by monitoring for unusual download volumes.
Security teams can search and analyze logs through the forensic search interface. Investigations can pivot across entities, trace event causation chains, reconstruct attack timelines, and export evidence packages with chain-of-custody tracking.
Suspicious Activity Detection#
The detection engine monitors for the following categories of threats:
- Authentication Abuse - Brute force attacks, credential stuffing, password spraying, impossible travel, session hijacking, and concurrent session anomalies
- Authorization Abuse - Privilege escalation, horizontal privilege violations, permission enumeration, policy violations, after-hours access, and dormant account activity
- Data Exfiltration - Volume anomalies, bulk exports, sequential scanning, off-hours downloads, external transfers, and sensitive data access spikes
- Insider Threats - Pre-resignation activity, policy circumvention, unusual interest patterns, access pattern changes, and concurrent external activity
- System Abuse - Excessive API usage, resource enumeration, unauthorized configuration changes, backdoor creation, audit tampering, and lateral movement
Access Event Types#
The system captures five categories of events:
- Authentication Events - Login attempts, multi-factor challenges, password resets, SSO federation, session lifecycle, and device trust decisions
- Authorization Events - Permission checks, RBAC evaluations, ABAC policy enforcement, privilege escalation attempts, delegation events, and policy violations
- Data Access Events - Read and write operations, bulk operations, search queries, report generation, and API calls
- Administrative Events - Configuration changes, user management, permission modifications, system settings, integration management, and audit configuration changes
- Security Events - Suspicious activity detections, anomaly alerts, security policy violations, compliance violations, failed authorizations, and rate limit violations
Compliance#
Access logging supports compliance with the following frameworks:
| Framework | Key Requirements Addressed | Retention Support |
|---|---|---|
| SOX | Financial data access tracking, privileged user monitoring | 7 years |
| HIPAA | PHI access logging, BAA compliance, breach notification | 6 years |
| PCI-DSS | Cardholder data access, administrative activity logging | 1-3 years |
| GDPR | Personal data processing records, right to erasure | Configurable |
| SOC 2 | Security control effectiveness, access log completeness | Per policy |
| FedRAMP | Government system access monitoring | 1-3 years |
Integrations#
Access logs integrate with leading security platforms including SIEM solutions, log management tools, compliance and GRC platforms, and forensic investigation tools. Export options include CSV, JSON, and PDF report formats.
Availability#
- Enterprise Plan: Included
- Professional Plan: Core access logging included; advanced forensic search and compliance reporting available as add-on
Last Reviewed: 2026-02-05