Audit Logs
Overview
An audit log, also called an audit trail, is a record of events and changes in your environment. Examples include logins, logouts, module creation and saves, and so on. Audit logs capture these events by recording the activity performed, who performed the activity, and how the system responded.
Audit logs are also critical for proving compliance with HIPAA and PCI DSS regulations. They serve as an official record that you can use to prove you're in compliance with the law. Sometimes, it’s necessary to share logs with auditors on a regular basis—especially if an issue occurs. Audit logs ensure you protect your business from fines and penalties.
In Unqork, auditing logs are not limited to a specific expiration date for compliance reasons. You'll have the logs to reference as far back as required.
To learn more about the authenticate and use the Get Audit Logs API APIs (application programming interfaces) are a set of protocols and definitions developers use to build and integrate application software. APIs act as the connective tissue between products and services., view our Get Audit Logs documentation.
What You'll Learn
In this article, you'll learn how to request data and understand the most common data.
What to Expect from Audit Logs
Unqork audit logs are organized into the following categories:
Viewing Common Response Data
When viewing the beautified response, there are several data fields common to each event. The unique data fields for each event display in the attributes and priorAttributes object. These include:
| Element | Description | Type |
|---|---|---|
|
date |
The date and time (UTC) when the event occurred. |
String |
|
messageType |
The message type. This event displays a system-event message type. |
String |
|
schemaVersion |
The schema version controlling the JSON structure of the output. |
String |
|
timestamp |
The exact date and time (UTC) when the event occurred. |
String |
|
eventType |
The event type. This event is a designer-action type. |
String |
|
category |
The event category. For example, access-management, user-access, user-management, and so on. |
String |
|
action |
The action taken by the user. For example, add-designer-user, designer-user-login, modify-designer-role, and so on. |
String |
|
source |
The API source. The source for this event is designer-api. |
String |
|
tags |
All tags associated with this event. |
String |
|
object↴ |
An object of event detail data. |
Object |
|
type |
A description of the recorded event. |
String |
|
identifier↴ |
An object detailing event identifier data. |
Object |
|
type |
The identifier that triggered this event. For example, entering a name in a field or creating a session. |
String |
|
value |
The value associated with the identifier. |
String |
|
attributes↴ |
An object of event attributes. |
Object |
|
outcome↴ |
An object detailing the success or failure of the recorded data. The outcome can be “success” or “failure”. If it is a failure, then a failure reason is included. Possible failure values are “authentication”, “authorization”, or “unknown”. Any post-authentication failure displays “unknown”. Failures also display an error string explaining why it occurred. For Unqork API failures, view the following documentation: https://developers.unqork.io/. |
Object |
|
type |
This value is "success" if the recorded event was successful. |
String |
|
actor↴ |
An object detailing the requestor of the event data. |
Object |
|
type |
The requestor type. |
String |
|
identifier↴ |
An object of requestor detail data. |
Object |
|
type |
The identifier type that identified the requestor. |
String |
|
value |
The requestor's unique identifier. |
String |
|
attributes |
All attributes associated with the requestor. |
String |
|
context↴ |
An object detailing the environment, host, user agent of the requestor. |
Object |
|
environment |
The environment where the data was requested. |
String |
|
sessionId |
The unique session identifier of the request. |
String |
|
clientIp |
The client IP address of the requestor. |
String |
|
protocol |
The protocol performed to request the data. |
String |
|
host |
The domain where the data was requested. |
String |
|
userAgent |
The user agent of the requestor. |
String |
Below is an example of what you should expect in a response:
//Example Response//
{
"date": "2022-12-19T19:46:38.000000Z",
"messageType": "system-event",
"schemaVersion": "1.0",
"timestamp": "2022-12-19T19:46:38.338Z",
"eventType": "designer-action",
"category": "access-management",
"action": "delete-designer-role",
"source": "designer-api",
"tags": {},
"object": {
"type": "designer-role",
"identifier": {
"type": "name",
"value": "Unqork User Name"
},
"attributes": {},
"outcome": {
"type": "success"
},
"actor": {
"type": "user",
"identifier": {
"type": "user-id",
"value": "unqork-user@unqork.com"
},
"attributes": {}
},
"context": {
"environment": "training-staging",
"sessionId": "8a83187f-40cb-4bd2-a0fc-8dd3987a771a",
"clientIp": "73.33.37.100",
"protocol": "https",
"host": "training.unqork.io",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36"
}
}
}The logs are returned as a ZIP file. Download and unzip the file to see the events that occurred during the date and time range you requested.
Resources
