Seculyze includes a built-in change log to provide transparency and accountability for important modifications. In Microsoft Sentinel, there is no native audit trail for configuration or tuning changes made to alert rules or detection logic. Seculyze fills that gap by automatically logging key changes made through the platform.
Where to Find It
In the Seculyze interface, simply click on any alert rule to view its change history. The log is visible directly on the details page.
What Is Tracked
Seculyze captures and logs the following changes with timestamp, the user who made the change and a description of what changed.
1. Alert Rule State
When a rule is enabled or disabled
Tracks the exact time and responsible user
2. Value Rating
Any change to:
Cost rating (Low, Medium, High)
Gain rating (Low, Medium, High)
Or the combined Value Score
3. Value Explanation
If the reason or justification for a value rating is changed, this is also logged'
4. Comments
The changelog also tracks any changes to the "comment"-box, a Seculyze exclusive feature that allows you and your team to leave comments on Alerts Rules and Log Sources.
Use Cases
Improve auditability and team accountability
Quickly identify why a rule’s score or state changed
Understand value justification over time
Support internal documentation and compliance efforts