Audit Service
The audit service provides organizations with a way to keep track of what actions have occurred within the Unit21 platform.
Currently the actions available for audit are:
agent.login
- when an agent logs inteam.create
- when a team is createdagent.add_permission
- when agent permissions are changedteam.add_permission
- when team permissions are changedagent.remove_permission
- when agent permissions are changedteam.remove_permission
- when team permissions are changed
Unit21 will be adding additional actions in the future.
The audit service is only available as a S3 bucket replication and therefore requires organization to have AWS and a S3 bucket created for this purpose. Please see additional requirements below.
Examples of audited actions:
{
"actor": "146",
"action": "agent.login",
"asset": "146",
"org_id": "11",
"ip": "13.89.202.10",
"metadata": {
"actor_type": "agent",
"asset_type": "agent",
"action_details": []
},
"created_at": 1.656407774456435e9,
"id": "bac507ae-9ec5-477f-b829-eb7ad73d705f",
"submitted_at": 1.65640777447856e9,
"env": "dev"
}
{
"actor": "146",
"action": "team.create",
"asset": "2",
"org_id": "11",
"ip": "13.89.202.10",
"metadata": {
"actor_type": "agent",
"asset_type": "team",
"action_details": [
{ "detail_id": "146", "detail_type": "agent" },
{ "detail_id": "134", "detail_type": "agent" }
]
},
"created_at": 1.656407774456435e9,
"id": "bac507ae-9ec5-477f-b829-eb7ad73d705f",
"submitted_at": 1.65640777447856e9,
"env": "dev"
}
Field descriptions for the actions:
Field | Description |
---|---|
actor | The id of who performed/initiated the action (an agent for Unit21) — set to system possibly if it’s something like bulk actions happening on a cron |
action | This is what was done, we should codify this to match our APIs. |
asset | What was acted against |
org_id | All actions take context within an organization, this is the organization id where the action took place |
ip | If we have it, the ip address of the actor |
metadata | Additional information about the action. |
- actor_type | The type of actor |
- asset_type | The type of the asset |
- action_details | Optional. If applicable, a list of what was impacted by the action |
-- detail_type | The type of asset impacted by the action |
-- detail_id | The id of the asset impacted by the action |
created_at | The time the action took place |
submitted_at | When the action was submitted to the service |
id | Unit21 action id |
env | Environment |
Setup requirements:
- AWS is required.
- Create a new S3 bucket.
- Ask Unit21 for the policy.
- Add the policy to the bucket.
- Enable versioning.
- Watch our audit service replicate to your bucket.
Updated 19 days ago