Auditing
User activity and access auditing in NetSuite.
Learning Objectives
After this module, you will be able to:
- Access and interpret login audit trails
- Track role and permission changes
- Monitor record-level changes
- Create audit reports and alerts
Audit Types
AUDIT CAPABILITIES
===============================================================================
┌───────────────────┐ ┌───────────────────┐ ┌───────────────────┐
│ LOGIN AUDIT │ │ ROLE AUDIT │ │ RECORD AUDIT │
├───────────────────┤ ├───────────────────┤ ├───────────────────┤
│ ├─ Login attempts │ │ ├─ Role changes │ │ ├─ Field changes │
│ ├─ Failed logins │ │ ├─ Permission mod │ │ ├─ Who changed │
│ ├─ IP addresses │ │ ├─ Who modified │ │ ├─ When changed │
│ ├─ Session length │ │ └─ When changed │ │ └─ Old/new values │
│ └─ Role at login │ └───────────────────┘ └───────────────────┘
└───────────────────┘
Login Audit Trail
Navigation
Setup > Users/Roles > View Login Audit Trail
Information Captured
| Field | Description | Use Case |
|---|---|---|
| Date/Time | When login occurred | Timeline analysis |
| User | Who logged in | User activity tracking |
| Role | Which role used | Permission analysis |
| IP Address | Source IP | Location verification |
| Status | Success/Failure | Security monitoring |
| Detail | Reason for failure | Troubleshooting |
Filtering Options
LOGIN AUDIT FILTERS
===============================================================================
Filter By:
├── Date Range: Last 7 days, Last 30 days, Custom
├── User: Specific user or all
├── Status: Success, Failure, All
├── Role: Specific role or all
└── IP Address: Contains/equals
Export Options:
├── CSV download
├── Print
└── Save as report
Common Failure Reasons
| Failure Type | Meaning | Action |
|---|---|---|
| Invalid Password | Wrong password entered | User education or reset |
| Account Locked | Too many failures | Admin unlock needed |
| IP Restricted | Outside allowed range | Verify legitimate access |
| 2FA Failed | Wrong verification code | Verify device setup |
| Session Expired | Timeout | Normal behavior |
Role Audit Trail
Navigation
Setup > Users/Roles > Role Audit Trail
What's Tracked
ROLE CHANGES TRACKED
===============================================================================
Role Modifications:
├── Permission level changes
├── New permissions added
├── Permissions removed
├── Restriction changes
├── Form assignments
└── Dashboard changes
Metadata Captured:
├── Date/Time of change
├── User who made change
├── Old value
├── New value
└── Role affected
Monitoring Role Changes
| Change Type | Risk Level | Review Frequency |
|---|---|---|
| Permission added to Admin | High | Immediate |
| New role created | Medium | Weekly |
| Restriction removed | High | Immediate |
| Form assignment | Low | Monthly |
Record-Level Audit
System Notes
Every record has a System Notes subtab showing:
SYSTEM NOTES EXAMPLE
===============================================================================
Record: Customer ABC Corporation
Date/Time User Field Old Value New Value
─────────────────────────────────────────────────────────────────────────────
3/15/2024 10:30 John Smith Credit Limit $10,000 $25,000
3/14/2024 15:45 Jane Doe Payment Terms Net 30 Net 15
3/10/2024 09:00 System Created - -
Enabling Field History
For custom fields, enable audit trail:
FIELD HISTORY CONFIGURATION
===============================================================================
Navigation: Customization > [Field Type] > [Field] > Edit
Settings:
├── Store Value: ✓ (required)
└── Store Value History: ✓ (enables audit)
Result:
├── All changes logged
├── Visible in System Notes
├── Searchable in saved searches
└── Available in reports
Standard Field Tracking
These standard fields are automatically tracked:
- Created By / Created Date
- Last Modified By / Last Modified Date
- Status changes
- Approval changes
Audit Saved Searches
Creating Audit Reports
AUDIT SAVED SEARCH EXAMPLES
===============================================================================
Search 1: Failed Logins This Week
├── Type: Login Audit
├── Criteria: Status = Failed, Date = This Week
├── Columns: Date, User, IP, Reason
└── Alert: Email if > 10 failures/day
Search 2: Role Permission Changes
├── Type: System Notes on Role records
├── Criteria: Field Changed contains "Permission"
├── Columns: Date, User, Role, Old/New Value
└── Schedule: Weekly email to IT
Search 3: High-Value Transactions Modified
├── Type: System Notes
├── Criteria: Amount field changed, Amount > $10,000
├── Columns: Record, User, Old Amount, New Amount
└── Alert: Real-time email
Audit Best Practices
Review Schedule
| Audit Type | Frequency | Reviewer |
|---|---|---|
| Failed logins | Weekly | IT Security |
| Role changes | Monthly | Administrator |
| Admin actions | Monthly | IT Manager |
| Full access review | Quarterly | Compliance |
Red Flags to Watch
| Pattern | Concern | Action |
|---|---|---|
| Many failed logins same IP | Brute force attempt | Block IP, investigate |
| Login from new location | Account compromise | Verify with user |
| Permission escalation | Unauthorized access | Review immediately |
| Off-hours admin activity | Suspicious behavior | Verify legitimate |
| Bulk record changes | Data manipulation | Audit transaction |
Key Takeaways
- Regular Review: Check login audit weekly at minimum
- Alert on Critical: Set up alerts for admin/permission changes
- Enable Field History: Track important custom fields
- Document Anomalies: Record and investigate unusual patterns
- Compliance Ready: Maintain audit evidence for regulators
Related Topics
- Security Considerations - Security setup
- Administrator Role - Admin audit responsibilities
- Data Integrity - Data quality monitoring