Back to top

Audit Log

Last updated February 20th, 2024

Organizations that need to troubleshoot serious security breaches rely on audit logs for a forensic analysis of the activities leading up to actual and potential breaches. In regulated industries, these audit trails are a mandated requirement to comply with security audits.

With the Knox platform, an enterprise IT admin can use an EMM console to enable audit logging on all corporate devices. IT admins can proactively pull audit logs from time to time, to detect and defend against malware or viruses at the earliest onset. In the event of a possible intrusion, IT admins can parse the logged events for unauthorized activities.

Unique advantages of Knox Audit Log

The Knox platform provides comprehensive audit logging, above and beyond that provided in a standard Android audit log. These added capabilities provides enterprises with these benefits:

  • Empowers IT admins with deeper, more valuable insights.
  • Offers comprehensive help in detecting and defending against malware and viruses.
  • Adheres to mandated requirements in regulated industries.
  • Complies with the Mobile Device Fundamentals Protection Profile (MDFPP) 2.0 requirements to collect events.

Knox provides these additional insights:

System security

  • Integrity verification failed
  • Device Admin activation state


  • Minimum password complexity
    • Forbidden strings
    • Maximum character occurrences
    • Required pattern
    • Maximum numeric sequence
    • Maximum character sequence
    • Minimum character change length
    • Maximum failed passwords before disable
  • Locked state
  • Certificates
    • Removed certificate from untrusted DB
    • Added certificate to untrusted DB
    • Succeeded disabling system certificates

App management

  • Install/uninstall
    • App signature allowlist
    • App package name allowlist
    • Installed apps
    • Removed apps

Data protection

  • Requested full wipe of device
  • Encryption state
    • Requested encryption of internal storage (Secure Startup)
    • Requested encryption of external storage
    • Encryption of storage card succeeded/failed
    • Failed to encrypt/decrypt/access file
  • VPN protection state

Networks & peripherals

  • NFC
    • Enabled/disabled
  • Bluetooth
    • Enabled/disabled
    • Enabled/disabled discoverable state
    • Enabled/disabled limited discoverable state
    • Enabled/disabled Samsung Beam
  • Wi-Fi
    • Enabled/disabled
  • Cellula
    • Enabled/disabled
  • Camera
    • Enabled/disabled
  • Microphone
    • Enabled/disabled
  • Location/GPS
    • Started/stopped
    • Enabled/disabled location provider

Is this page helpful?