Skip to content

Using audit trails for support and security

Audit trails answer: who accessed this device, when, and through which method?

When you need audit trails

  • Customer security review or compliance questionnaire
  • Incident investigation after an unexpected configuration change
  • Internal security audit of remote access practices
  • Onboarding a new support team member - review access patterns

What to review

  • Remote shell sessions per device
  • Remote shell and Wormhole access events where recorded
  • Team membership changes
  • Devices accessed outside normal support hours

Best practices

  • Review audit trails monthly for production fleets
  • Investigate unexpected access immediately
  • Remove team members promptly when they leave
  • Document your access policy for customer security reviews