Audit Viewer

Section	Description
Feature Area	Troubleshooting / IT and Integrations
Navigation	`Admin → Troubleshooting → Audit Viewer`
Alt Navigation	`Menu → IT and Integrations → Audit Viewer`
Primary Function	Monitor, filter, and review all admin configuration change events across the Genesys Cloud organization
Typical Use Cases	Compliance auditing, change management, security review, troubleshooting unexpected configuration changes

The Audit Viewer enables administrators to filter and view events that Genesys Cloud generates based on service actions for administrative functions. It provides two modes: a full-page viewer with detailed filtering and a mini footer viewer accessible from any admin page.

Study Notes

Topic	Explanation
Audit Viewer	Tool that logs and displays admin-level configuration events across the org
Full-Page Viewer	Main audit interface with complete filtering and event detail — opened from Admin or Menu
Mini Viewer (Footer)	Lightweight version available at the bottom of any admin page; less detail than full viewer
Event	A logged action triggered by a user or an upstream service/API
Entity	The object being acted upon (e.g., a queue, a flow, a user)
Property Changes	Detail view shows values before and after each change
Related Events	Upstream or downstream events linked to the selected event
RemoteIP	IP address of the user who triggered the event (visible in event details)
Real-time vs Async	The UI viewer shows real-time query results only; async queries require the API or Amazon EventBridge
Amazon EventBridge	Integration that allows orgs to consume all audit events — useful for backup or ingestion into external log tooling

Permissions

Action	Permission Required
View audit events	`Audits > Audit > View`
View interaction audit trail (separate)	`Audits > Interaction Details > View`

The Admin role is also listed as a prerequisite for full use of the Audit Viewer.

Task	Path
Open full-page viewer	`Admin → Troubleshooting → Audit Viewer`
Alt full-page path	`Menu → IT and Integrations → Audit Viewer`
Open mini footer viewer	Bottom of any admin page under `Menu → IT and Integrations` → hover → click Show audits footer
Close mini footer viewer	Click Hide audits footer
Go from footer to full page	Click Link to full page audit viewer icon in the footer

Viewer Modes

Mode	Description	Detail Level
Full-Page Viewer	Main audit log interface with date range, service filter, entity filter, user filter, and event detail panel	Full
Mini Viewer (Footer)	Lightweight footer panel visible from any admin page	Limited

Filtering Options (Full-Page Viewer)

Filter	Description
Date Range	Select Start and End dates/times. Default: current day. Maximum interval: last 14 days
Filter by Service	Select Service Name → Entity Type → Action to narrow results
Filter by Entity	Enter an Entity ID to find all events affecting a specific object (e.g., a specific queue ID)
Filter by User	Enter a user name to see all events performed by that user
Refresh	Apply filters and reload results

Important: The UI viewer only supports queries for the last 14 days. For events older than 14 days, use the Audit APIs available in the Genesys Cloud Developer Center.

Event Detail View

Clicking any event in the results opens the Details panel, which shows:

Detail Field	Description
Who performed the action	User name, or API / upstream service if system-generated
Causing event link	If an upstream service triggered the event, a related link is available
RemoteIP	IP address of the user who triggered the event
Property Changes	Before and after values for each changed property
Related Events	Linked upstream or downstream events — click See related audits

Data Retention & API Access

Method	Scope	Notes
Audit Viewer UI	Last 14 days (real-time query)	Date interval cannot exceed 14 days
Audit APIs (Developer Center)	Beyond 14 days	Use asynchronous query endpoints
Amazon EventBridge	All available audit events	Useful for backup or ingestion into external SIEM/log tooling

Interaction Audit Trail (Related but Separate Feature)

The Audit Viewer covers org-wide admin changes. There is a separate Audit Trail tab on individual interactions that tracks recording and evaluation-level access:

Attribute	Detail
Navigation	`Performance → Workspace → Interactions` → click interaction → Audit Trail tab → Load All Audits
Alt Navigation	`Menu → Analytics → Analytics Workspace → Interactions tab`
Permission Required	`Audits > Interaction Details > View`
Roles	Quality Administrator, Quality Evaluator
Objects tracked	Evaluations, Annotations, Recordings, Calibrations, Screen Recordings, Surveys

Compliance Use Cases

Regulation	How Audit Viewer Helps
GDPR	Track who accessed or changed user/contact data configurations
HIPAA	Verify access controls and configuration change history
PCI-DSS	Audit routing, recording, and security configuration changes
Internal Change Management	Identify who changed a queue, flow, role, or schedule and when

Best Practices

Practice	Reason
Review audit logs regularly	Required by many compliance frameworks
Use Filter by Service to scope searches	Reduces noise when investigating a specific area
Use Filter by Entity for targeted investigations	Quickly find all changes to a specific object by its ID
Export or stream to external tooling via EventBridge	Retain events beyond the 14-day UI window
Grant `Audits > Audit > View` only to appropriate roles	Audit logs contain sensitive config change history

Key Takeaways

Topic	Summary
Navigation	`Admin → Troubleshooting → Audit Viewer` or `Menu → IT and Integrations → Audit Viewer`
Permission	`Audits > Audit > View`
Viewer modes	Full-page (detailed) and mini footer (lightweight)
Date limit	Last 14 days in UI; older data via Audit API
Event details	Who, what, before/after values, RemoteIP, related events
Filtering	By date range, service, entity ID, or user
Real-time only	UI shows real-time query results; async data via API or EventBridge
Interaction Audit Trail	Separate feature on individual interactions — different permission and navigation