Appearance
Using audit trails for support and security
Audit trails answer: who accessed this device, when, and through which method?
When you need audit trails
- Customer security review or compliance questionnaire
- Incident investigation after an unexpected configuration change
- Internal security audit of remote access practices
- Onboarding a new support team member - review access patterns
What to review
- Remote shell sessions per device
- Remote shell and Wormhole access events where recorded
- Team membership changes
- Devices accessed outside normal support hours
Best practices
- Review audit trails monthly for production fleets
- Investigate unexpected access immediately
- Remove team members promptly when they leave
- Document your access policy for customer security reviews