Hi all,
Is there an internal mechanism of user actions audit in SA? As I see in reporting/SA server/other modules log, only debug log is available.
For example I cannot see that user Bob tested rule#1 or changed some reports or schedules or created some users, etc.
There was such audit in envision and customers demand the same functionality in SA, while I cannot see how can we achieve this.
BTW, I use this nice parcer but it only covers the system debug.
Any ideas on this? Or there will be an additional auditing module for 100500$? 
That seems a little cheap for an audit module . But I ran into this same issue with internal audit. The response from RSA was, they realize they have failed to give a proper way to audit the Security Analytics system and will be looking at adding something in the future, they did reference 10.4 is likely but engineering is working on it.
In the meantime, if you don't mind insanely ugly logs that don't really report on anything but are better than nothing, look in '/var/lib/netwitness/uax/logs/audit'.
Sample of adding a user.
2014-06-19 14:32:15,290 INFORMATION:Added User:Local User Setup:Changed by seandko from null:Username=[test]:Full Name=test:Description=:Email=test@test.com:Disabled=false:Expired=false:Locked=false:Roles=Warehouse Analyst
Yes, it's there and it's mega ugly and doesn't have what I need (user's report management) 
In fact it looks like the same log displayed in web gui for reporting engine.
