Skip to content
SmiKar Software

Identity Report and Log Export

4 min read

Every identity page in Burrow carries two export actions in the header — Report and Logs — for handing an account off to HR, legal, or an auditor. One is a polished narrative for a human reader; the other is the raw evidence trail. Use them together when you need to both explain and prove what an account did.

Report — the AI-written activity report

Click Report and Burrow opens a polished, printable activity report in a new tab. It is written by the AI but grounded strictly in that account's real figures — the model can only use the numbers it is given, so it cannot invent events or inflate counts.

The report is laid out as a designed document:

  • Cover with the account and the reporting period.
  • Executive summary — a few sentences on who this account is and what the period looked like.
  • Activity overview — downloads, uploads, shares, deletions, and the like.
  • Alerts and risk — what fired, and how it nets out.
  • Assessment — a plain-language read on whether the activity warrants concern.
  • Supporting visuals: a KPI bar, an activity-by-hour sparkline, an activity grid, and an alert table.

It takes roughly 15 to 20 seconds to generate, because it is a live AI call. If the AI is briefly unavailable, the report falls back to the account's stored behavioural narrative and investigation notes so you still get a usable document.

If the account is currently on the Watchlist, the report carries a WATCHED banner so the reader knows it was produced under heightened monitoring.

Print-to-PDF or save the tab to attach the report to an HR case, a legal hold, or a compliance pack.

Logs — the raw evidence export

Click Logs to download the account's raw audit event log, verbatim, as a file:

  • CSV — the default. Opens in Excel or any spreadsheet tool. Columns cover the timestamp, operation, user, filename, site, source IP, geography, user agent, application, file size, target, and sensitivity label.
  • JSONL — newline-delimited JSON, the raw records unmodified. Use this when you need the exact source data for a downstream tool or for strict chain-of-custody.

Where the Report is the human-readable narrative, the Logs export is the underlying proof — the verbatim Microsoft 365 records behind every line of the report. An auditor who wants to verify a claim in the report can reconcile it against the log.

When to use which

  • Report — when someone (a manager, an HR lead, a compliance officer) needs to understand an account's activity without reading raw audit data.
  • Logs — when someone needs to verify the activity, or when a legal / eDiscovery process requires the original records as evidence.
  • Both — the normal hand-off: the Report explains, the Logs prove.

How it pairs with the Watchlist

When you put a departing employee or a flagged account under heightened monitoring, the daily digest email is the same AI report described here, sent automatically once a day. The Report and Logs buttons let you pull the same material on demand at any point during the watch — for example when HR asks for an interim summary, or when an incident escalates and legal wants the raw log.

See also


Need help? support@smikar.com.

More in Squirrel

See all pages →