Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. Cohesity Alta SaaS Protection Administrator's Guide
  3. Protect Audit logs
  4. Audit log connector limitations
Cohesity Alta SaaS Protection Administrator's Guide

Audit log connector limitations

The limitations of the Audit log connector are:

  • Cohesity Alta SaaS Protection uses the Search-UnifiedAuditLog PowerShell command to retrieve audit logs. The duration of this process may vary, ranging from a few minutes to several hours, depending on factors such as the volume of logs within the specified time interval. This may result in delays in the backup process.

  • The Search-UnifiedAuditLog command enforces a minimum query window of one second and imposes a maximum limit of 5,000 records per query. If the number of audit log records exceeds 5,000 within a single second, Cohesity Alta SaaS Protection will be unable to back up the audit log data for that specific second.

  • The user interface does not display progress information until audit logs for the specified hour have been fully collected and processed.

  • The Search-UnifiedAuditLog command has internal time-out limitations. To address this, Cohesity Alta SaaS Protection performs up to three retry attempts. If all retries return zero results, it is assumed that no data is available for the specified time range. It is important to note that this retry mechanism may contribute to increased backup duration.

  • Restoration of audit log records directly to a Microsoft server is not supported. Therefore, Cohesity Alta SaaS Protection allows restoration of audit log backup data only to a File server.

  • If, for any reason, the connector fails to process certain timeslots, those timeslots cannot be revisited for data collection. Several factors may contribute to timeslots being missed, including:

    • Failures in retrieving audit entries from Microsoft or errors encountered while uploading data to Cohesity Alta SaaS Protection.

    • The connector being unable to keep pace with the volume of data generated by the customer's Microsoft tenant.

    • The connector being inactive or in an erroneous condition, and hence not running as expected.

Feedback

Was this page helpful?
Previous

Add Audit log connectors

Next

Protect Salesforce data and metadata

Feedback

Was this page helpful?