Resources

/

Podcasts

/

Product Talk

Automox Audit Trails for Compliance and to See Who’s Doing What, Where

Episode 06   Published June 25, 2024 13 minute watch

Product Talk

Product Talk, hosted by Peter Pflaster and Steph Rizzuto, takes you inside the Automox platform feature by feature. Recent topics include automated vulnerability remediation, custom roles, third-party patching, the Splashtop-powered Resolve, and integrations with Zendesk and VulnCheck. You'll hear the reasoning behind each release and where endpoint management is heading as it grows more autonomous.

Host

Steph Rizzuto

Guest

Peter Pflaster

RECENT EPISODES

CISA's BOD 26-04 Directive Explained

[Nothing Weaponized, Everything Exposed]

[AI Hits the Hat Trick], Ep. 32

[Emergency Episode: DirtyFrag Exploit Before Patch], Ep. 31

The Math of Modern Attacks

View all episodes

Available wherever you get your podcasts

Youtube

Apple Podcasts

Spotify

Overcast

Pocket Casts

Amazon Music

Castro

Goodpods

Castbox

Podcast Addict

Player FM

Deezer

Summary

Audit Trail records who did what, when, and where inside the Automox platform, capturing worklet creation, worklet edits, policy additions, and authentication attempts as events. The demand came from two places: compliance teams that need to prove to auditors they track configuration changes, and security teams watching for activity like repeated failed authentication attempts. The first release is API-first and exports events in the Open Cybersecurity Schema Framework so you can pull them into a SIEM, with a console view to search, filter, and group events planned next. Brandon Shopp, VP of Product, and David Riott, Senior Engineer, discuss the feature with host Steph Rizzuto.

Takeaways

  1. Audit Trail records who did what, when, and where inside Automox – worklet creation, worklet edits, policy additions, and other configuration changes are all captured as events.

  2. The first release is API-first and reaches general availability by the end of June 2024, with API documentation at launch and no early access or beta period.

  3. Events are exported in the Open Cybersecurity Schema Framework (OCSF), an open-source standard, adapted to Automox concepts so the data ingests cleanly into a SIEM or logging tool.

  4. The demand came from two groups. Compliance teams prove to auditors that changes are tracked, and security teams spot repeated failed authentication attempts that show up as failure events.

  5. A console experience comes next, letting you search, filter, and group Audit Trail events directly in Automox instead of only through the API.

Topics

Patching & Endpoint Mgmt

See for yourself how policy-driven IT Automation saves time and eliminates risk.

Dive deeper into this topic

From Click to Fix: Bringing Automox Actions to...

Podcast

Automated Patching Solutions Compared: 2026...

Compare automated patching solutions for 2026. Find the best...

Black background with white text "AUTONOMOUS IT LIVE" in green circle and rectangle, and smaller text "FROM AUTOMOX" beneath.
AI, Humans, and the Hybrid Reality of IT in 2026

Blog

How To Build a Patch Compliance Dashboard That...

The power of IT automation is useless if you can’t prove to...