Audit Service
The audit service is only available as a S3 bucket replication and therefore requires organization to have AWS and a S3 bucket created for this purpose. Please see Setup Requirements below.
The Audit Service provides organizations with a way to keep track of what actions have occurred within the Unit21 platform. For example, audited actions may look like:
agent.login
- when an agent logs inteam.create
- when a team is createdteam.add_permission
- when team permissions are changedteam.remove_permission
- when team permissions are changed
Currently, there are over 100 actions tracked by the Audit Service: Action Types
Examples of Audited Actions
{
"actor": "146",
"action": "agent.login",
"asset": "146",
"org_id": "11",
"ip": "13.89.202.10",
"metadata": {
"actor_type": "agent",
"asset_type": "agent",
"action_details": []
},
"created_at": 1.656407774456435e9,
"id": "bac507ae-9ec5-477f-b829-eb7ad73d705f",
"submitted_at": 1.65640777447856e9,
"env": "dev"
}
{
"actor": "146",
"action": "team.create",
"asset": "2",
"org_id": "11",
"ip": "13.89.202.10",
"metadata": {
"actor_type": "agent",
"asset_type": "team",
"action_details": [
{ "detail_id": "146", "detail_type": "agent" },
{ "detail_id": "134", "detail_type": "agent" }
]
},
"created_at": 1.656407774456435e9,
"id": "bac507ae-9ec5-477f-b829-eb7ad73d705f",
"submitted_at": 1.65640777447856e9,
"env": "dev"
}
Field Descriptions for the Actions
Field | Description |
---|---|
actor | The id of who performed/initiated the action (an agent for Unit21) |
action | This is what was done, we should codify this to match our APIs. |
asset | What was acted against |
org_id | All actions take context within an organization, this is the organization id where the action took place |
ip | If we have it, the ip address of the actor |
metadata | Additional information about the action. |
metadata.actor_type | The type of actor |
metadata.asset_type | The type of the asset |
metadata.action_details | Optional. If applicable, a list of what was impacted by the action |
metadata.action_details.detail_type | The type of asset impacted by the action |
metadata.action_details.detail_id | The id of the asset impacted by the action |
created_at | The time the action took place |
submitted_at | When the action was submitted to the service |
id | Unit21 action id |
env | Environment |
Setup Requirements
- AWS is required.
- Create a new S3 bucket.
- Ask Unit21 for the policy.
- Add the policy to the bucket.
- Enable versioning.
- Watch our audit service replicate to your bucket.
Updated 18 days ago