Audit Service

📘

The audit service is only available as a S3 bucket replication and therefore requires organization to have AWS and a S3 bucket created for this purpose. Please see Setup Requirements below.

The Audit Service provides organizations with a way to keep track of what actions have occurred within the Unit21 platform. For example, audited actions may look like:

  • agent.login - when an agent logs in
  • team.create - when a team is created
  • team.add_permission - when team permissions are changed
  • team.remove_permission - when team permissions are changed

Currently, there are over 100 actions tracked by the Audit Service: Action Types

Examples of Audited Actions

{
  "actor": "146",
  "action": "agent.login",
  "asset": "146",
  "org_id": "11",
  "ip": "13.89.202.10",
  "metadata": {
    "actor_type": "agent",
    "asset_type": "agent",
    "action_details": []
  },
  "created_at": 1.656407774456435e9,
  "id": "bac507ae-9ec5-477f-b829-eb7ad73d705f",
  "submitted_at": 1.65640777447856e9,
  "env": "dev"
}
{
  "actor": "146",
  "action": "team.create",
  "asset": "2",
  "org_id": "11",
  "ip": "13.89.202.10",
  "metadata": {
    "actor_type": "agent",
    "asset_type": "team",
    "action_details": [
      { "detail_id": "146", "detail_type": "agent" },
      { "detail_id": "134", "detail_type": "agent" }
    ]
  },
  "created_at": 1.656407774456435e9,
  "id": "bac507ae-9ec5-477f-b829-eb7ad73d705f",
  "submitted_at": 1.65640777447856e9,
  "env": "dev"
}

Field Descriptions for the Actions

FieldDescription
actorThe id of who performed/initiated the action (an agent for Unit21)
actionThis is what was done, we should codify this to match our APIs.
assetWhat was acted against
org_idAll actions take context within an organization, this is the organization id where the action took place
ipIf we have it, the ip address of the actor
metadataAdditional information about the action.
metadata.actor_typeThe type of actor
metadata.asset_typeThe type of the asset
metadata.action_detailsOptional. If applicable, a list of what was impacted by the action
metadata.action_details.detail_typeThe type of asset impacted by the action
metadata.action_details.detail_idThe id of the asset impacted by the action
created_atThe time the action took place
submitted_atWhen the action was submitted to the service
idUnit21 action id
envEnvironment

Setup Requirements

  1. AWS is required.
  2. Create a new S3 bucket.
  3. Ask Unit21 for the policy.
  4. Add the policy to the bucket.
  5. Enable versioning.
  6. Watch our audit service replicate to your bucket.