Home

Audit

To support auditing for security reasons, Unravel tracks the actions that create, change, and delete resources, as audit events. Each audit event is described by a set of attributes. For example, the time of the event (in UTC), the action, the subject (who invokes the action), and the object affected by the action, and so on. Unravel admins can search and sort events by these attributes and download the results.

List of audit events

Audit events are classified based on the following components of Unravel:

RBAC

Unravel supports the following audit events for RBAC:

  • Login

  • Logout

Alert

Unravel supports the following audit events for Alerts:

  • An AutoAction is created, edited, or deleted.

  • An AutoAction triggers one of the following actions:

    • Email

    • HTTP Post

    • Post to Slack

    • Move application to queue

    • Kill application

    • Custom action

Report

Unravel supports the following audit events for reports:

  • On-demand report generation by a user

  • Scheduled report generation invoked by Unravel

  • Creation, modification, and deletion of a report.

Manage

Unravel supports audit events for the services and configuration changes that are done via the Unravel Manager service.

Enabling audit events in Unravel
Accessing audit Events from Unravel UI

Only users with admin roles have access to Audit. They can access Audit in the Unravel UI by navigating to Manager > Audit.

audit-access.png
Viewing audit Events

Only users with admin role can view the audit events from the UI. To view the audit events:

  1. On the Unravel UI, go to Manager > Audit.

  2. Select one of the following time periods from the drop-down on the upper-right.

    • Last 1 Hour

    • Last 2 Hours

    • Last 6 Hours

    • Last 12 Hours

    • Today

    • Yesterday

    • Custom Date

    The audit events are displayed. After the results are displayed, you can sort the events by any columns. You can also filter the events based on any of the following:

    • Component: RBAC, Alert, Report, Manage

    • Access Type: NA, Create, Read, Update, Delete

    • Status: NA, Unknown, Success, Failed

    You can also use the Search option to filter out the events based on the search criteria.

    The following columns are displayed for the audit events:

    Column

    Description

    Date

    Date and time when the event has occurred.

    User

    The name of the user who has performed the action that led to the event.

    Action

    The action, which led to the event being generated.

    Object

    The object that is affected by the action. For example: For example, if a report is created, the object is the report ID.

    Component

    A component of Unravel to which the event is associated.

    Access Type

    Type of access that the action involves; CREATE, READ, UPDATE, DELETE.

    Role

    The role of the user who has performed the action that led to the event.

    Client

    The client IP address where the action is initiated.

    Host

    The name or IP address of the host on which the action is performed.

    Status

    Status of the action; NA, UNKNOWN, SUCCESS, FAILED.

    Cluster Name

    ID of the cluster where the action occurs.

    Detail

    Text field that adds any extra information unique to that event.

The Search option can be used to filter out the events based on the search criteria.

Downloading the audit events

You can download the audit events in a CSV format. Click downloadcsv.png and save the CSV file.