The Audit Log enables you to track, audit, and export your workspace events. All events can be sent as notifications. The Audit Log supports the workspace events listed at the bottom of this page.
Events recorded in your Audit Log do not expire. You can view the full history of events in your workspace from when it was first created.
Viewing the Audit Log
In the Fireblocks Console, go to Settings > Audit log.
Searching, filtering, and sorting Audit events
Enter any text in the search bar to filter results dynamically.
Select the filter icon in a column header to filter for specific values in that column.
Select the sort icon in a column header to change the sorting order of the records. By default, events are listed with the most recent events first.
Viewing Audit event details
Select > on the left side of any event to view additional information about the event.
Each row of the Audit Log is an independent event that includes the creation time, subject, event description, and the user or entity that triggered the event.
Exporting Audit events
Go to Settings > Audit log and then select Export.
Note: Downloading reports requires authentication into the relevant workspace.
Indexing Audit events
Learn more about Fireblocks API endpoints that you can use to directly integrate with your security information and event management (SIEM) system.
Audit Log categories and events
This is a complete list of all Audit Log categories, related subjects, and events.
Administration
Event subject
Event type
Sign-in Events
Successful sign-in
Failed sign-in
Password change requested
Password changed
2FA reset
Access denied
User Management
New user: Submitted request, Approved, Canceled, Rejected
Re-enroll mobile device: Approved, Canceled, Completed, Recovered, Rejected, Submitted request
User: Mobile device recovered, Mobile device reset
Linked User Migration
Initiated by user
User paired successfully
Activated
Deactivated
Whitelisted IP
List updated
Admin Quorum
Approved
Canceled
Rejected
Submitted request
Threshold changed
One-Time Address
Approved
Canceled
Rejected
Submitted request
Turned off
Turned on
User Group Management
Created
Changes: Requested, approved, rejected, in effect, cancelled
Edited
Approved
Approved and created
Rejected
Deleted
Discarded edits (Deprecated)
Edited (Deprecated)
Email Notification
Created
Enabled
Disabled
Edited
Slack Notification
Created
Enabled
Disabled
Edited
Webhooks Notification
Created
Enabled
Disabled
Edited
Deleted
Assets
Event subject
Event type
Asset listed
Asset set price
Automation
Event subject
Event type
Automation rule
Created
Edited
Enabled
Disabled
Deleted
Compliance
Event subject
Event type
Transaction AML
Registration completed
Registration started
Screening completed
Screening failed
Screening in background
Screening started
Transaction Screening
Completed
Started
Update completed
Transaction Travel Rule Screening
Completed
Failed
Started
Update completed
Update started
Developers
Event subject
Event type
Webhooks
Updated URL list updated
Webhook endpoint
Added
Deleted
Activated
Deactivated
Updated
Suspended
Suspension warning sent
Connected accounts
Event subject
Event type
Exchange account
Linked
Unlinked
Approved
Canceled
Rejected
Submitted
Fiat account
Approved
Rejected
Submitted
Canceled
Linked
Unlinked
Keys
Event subject
Event type
Validation key
Submitted request
Approved
Rejected
Activated
Deactivated
Signing key
Submitted request
Linked to user
Enabled
Assigned to vault account
Deleted
MPC key set
Created
Enabled
Activated
Policies
Event subject
Event type
Policy states
Rejected policy
Signed policy
Deleted policy
Published policy
Discarded policy draft
Reverted policy draft
Put policy into effect
Draft marked as ready to publish
Requested policy draft publishing
Edited draft
IP address allowlist activation
Submitted
Approved by quorum
Approved by user
Rejected
Canceled
Failed
IP address allowlist deactivation
Submitted
Approved by quorum
Approved by user
Rejected
Canceled
Failed
IP address allowlist
Approval submitted
Approval approved by quorum
Approval approved by user
Approval canceled
Approval rejected
Approval failed
Changes submitted
Changes approved by quorum
Changes approved by user
Changes canceled
Changes rejected
Changes failed
Deletion submitted
Deletion approved by user
Deletion canceled
Deletion approved by quorum
Deletion rejected
Deletion failed
P2P Network
Event subject
Event type
Network connection
Added
Created
Removed
Removed by counterparty
Network connection invitation
Approved by admin
Cancelled
Received from counterparty
Rejected
Network connection request
Approved by admin
Cancelled
Rejected
Submitted
Network connection routing change
Approved
Approved by admin
Rejected
Request submitted
Routing changed
Network discoverability
Turned on
Turned off
Network profile
Created
Removed
Network profile name change
Profile renamed
Request submitted
Network profile routing change
Approved
Approved by admin
Rejected
Request submitted
Routing changed
Waiting for approval
Transactions
Event subject
Event type
Incoming Transaction
Association failed
Completed
Submitted
Failed to associate incoming tx hash
Internal Transaction
Completed
Submitted
Outgoing Transaction
Completed
Submitted
External Transaction
Completed
Submitted
Transaction (General)
Alerted by AML
AML failed
AML screening blocking period timed out
AML result rescreened
Approved by second tier
Authorization request initiated
Blocked by Policy
Bypassed AML
Cancelled
Completed
Confirmation threshold overridden
Declined by second tier
Funds unfrozen
Transaction note changed
Rejected
Rejected by AML
Signed
Submitted
Transaction Screening (Incoming)
Started
Completed
Transaction AML (Incoming)
Started
Completed
Failed
In background
Transaction Travel Rule (Incoming)
Started
Completed
Failed
Wallets
Event subject
Event type
Vault Account
Account added
Bulk accounts added
Archived / unarchived
Renamed
Auto Fueling: enabled, disabled
UI Visibility: set hidden, set visible
Deposit address description changed
Wallet added
Bulk wallets added
Wallet: archived, unarchived
Backup and Recovery
Passphrase: Sent Verify Alert, Verified
Hard Key Recovery Process Request Submitted
Mobile Key Backed Up
Workspace Key Backup: Request Submitted, Initiated by workspace owner, Pending approval, Approved by admin / Approved by admin quorum, Rejected by one of the admins, Cancelled, Internal error during generation, Marked as incomplete / Marked as completed, Backup sent