Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The following actions are logged:

Scope

Event / Action

ID (type)

User Authentication

A new login event for a given user.

authentication

Pipeline Actions

  • Start

  • Stop

  • Reset

  • Resume

  • Approve

  • Denial

  • Edit/Change Pipeline Steps

  • Edit/Change Pipeline Settings

  • Create New Pipeline from template

  • Delete Pipeline

  • Duplicate Pipeline

  • Publish Pipeline to Catalog

  • Webhook-Start

pipeline

Access Token Usage

All uses of a given token are logged

n/a

Tool Registry

  • Create Tool

  • Edit/Change Tool Attributes or Connection Settings

  • Delete

registry

Analytics Data Entries

  • Create

  • Update

  • Delete

analytics_data_entry

Analytics Data Mapping: Organization

  • Create

  • Update

  • Delete

analytics_data_mapping_organization

Analytics Data Mapping: Project

  • Create

  • Update

  • Delete

analytics_data_mapping_project

Analytics Data Mapping: User

  • Create

  • Update

  • Delete

analytics_data_mapping_user

Feature Flags

  • Create

  • Update

  • Delete

feature_flags

Notification Policy

  • Create

  • Update

  • Delete

notification_policy

Pipeline Template

  • Create

  • Update

  • Delete

  • Deploy

  • Ownership Transfer

  • Edit Access Roles

pipeline_template

Instructions

  • Create

  • Update

  • Delete

instructions

Policy

  • Create

  • Update

  • Delete

policy

Tag

  • Create

  • Update

  • Delete

tag

Task

  • Create

  • Update

  • Delete

task

Audit Logs API

The following API’s are available for consuming the audit logs. All Opsera API’s require a valid Access Token with either API Access OR Security Logs (Read Only)scope.

Note: Dates are in UTC.

API Server*: https://app.opsera.io

URL

METHOD

DESCRIPTION

Scope

DATA

RESPONSE

/api/v1/logs/user/actions

GET

Gets the User Activity Logs for the system. This is a route limited to Site Admins and Power users and requires a token of either API scope or Security Logs scope.

If no date parameter is passed, the last 7 days of logs will be returned (up to a max of 1000 records)

API Access

Security Logs (Read Only)

Optional Query Parameters:

?date=YYYY-MM-DD

?start=YYYY-MM-DD & ?end=YYYY-MM-DD

?type=<value from type field>

?count=<integer, number of records>

?range=<Integer value and timescale character>

*supported timescale characters =

s(seconds): 30 seconds = “30s”

m(minutes): 13 minutes = “13m”

h(hours): 1 hour = “1h”

d(days): 3 days = “3d”

w(weeks): 2 weeks = “2w”

Code Block
{
    "count": 6,
    "data": [
        {
            "_id": "61042540e1d666c9ded178c4",
            "user_id": "5e1cbf251c26d68f7ce6361e",
            "user_email": "support@opsera.io",
            "type": "pipeline",
            "action": "update",
            "target_id": "5fbe589a0fae8b021e137534",
            "account": "org-opsera-dnd-acc0",
            "createdAt": "2021-07-30T16:13:52.109Z",
            "updatedAt": "2021-07-30T16:13:52.109Z",
            "__v": 0
        },
  ]
}

/api/v2/logs/audit/user

GET

Gets the User Activity Logs for the system.

This is a route limited to Site Administrators, Power Users, Auditors, Security Managers.

It requires a token of either API scope or Security Logs scope.

API Access

API Access (Read only)

Security Logs (Read Only)

Optional Query Parameters

?start_date=YYYY-MM-DD

?start_time=HH:MM:SS (start date is required)

?end_date=YYYY-MM-DD

?end_time=HH:MM:SS (end date is required)

page=<integer> current page

page_size=<integer> page size (max is 1000)

action=<string> various actions

type=<string> item type (pipeline, registry, etc)

user_id=<mongo id> mongo user ID

user_email=<sso user email> email address

/api/v1/logs/user/tokens

GET

Gets the Personal Access Tokens' Activity Logs. This is a route limited to Site Admins and Power users and requires a token of either API scope or Security Logs scope.

If no date parameter is passed, the last 7 days will be returned.(up to a max of 1000 records)

API Access

Security Logs (Read Only)

Optional Query Parameters:

?date=YYYY-MM-DD

?scope=<value from scope field>

Code Block
{
    "count": 6,
    "data": [
        {
            "_id": "61057f3a1429a35336563240",
            "token_id": "61043b2bbcb6d95b55adc5fd",
            "scope": "api",
            "target": "/v1/logs/user/tokens",
            "user_id": "5e1cbf251c26d68f7ce6361e",
            "account": "org-opsera-dnd-acc0",
            "createdAt": "2021-07-31T16:50:02.242Z",
            "updatedAt": "2021-07-31T16:50:02.242Z",
            "__v": 0
        },
  ]
}

/api/v1/logs/pipelines

GET

Gets the Pipeline Activity Logs for the system. This is a route limited to Site Admins and Power users and requires a token of either API scope or Security Logs scope.

If no date parameter is passed, all logs will be returned (up to a max of 1000 records).

API Access

Security Logs (Read Only)

Optional Query Parameters

?date=YYYY-MM-DD

?start=YYYY-MM-DD & ?end=YYYY-MM-DD

?type=<value from type field>

?count=<integer, number of records>

?range=<Integer value and timescale character>

*supported timescale characters =

s(seconds): 30 seconds = “30s”

m(minutes): 13 minutes = “13m”

h(hours): 1 hour = “1h”

d(days): 3 days = “3d”

w(weeks): 2 weeks = “2w”

Code Block
{
    "count": 223773,
    "data": [
        {
            "_id": "627a9c44621d7e001d743568",
            "user_id": "60157c8c70628140f776e359",
            "pipeline_id": "611e7dca57f4eff66e9db084",
            "tool_identifier": "consumer.response",
            "step_id": "611508513ce36642d3180dc8",
            "step_index": 2,
            "step_name": "anchore",
            "step_configuration": {
                "tool": "event based automation",
                "topic": "opsera.pipeline.response"
            },
            "action": "start confirmation",
            "api_response": {
                "pipelineId": "611e7dca57f4eff66e9db084",
                "customerId": "60157c8c70628140f776e359",
                "stepId": "611508513ce36642d3180dc8",
                "message": "Anchore Scan Started Successfully",
                "status": "analyzing",
                "runCount": 174,
                "stepIdentifier": "anchore-integrator"
            },
            "message": "Anchore Scan Started Successfully",
            "status": "analyzing",
            "run_count": 174,
            "createdAt": "2022-05-10T17:09:24.080Z",
            "updatedAt": "2022-05-10T17:09:24.080Z",
            "__v": 0
        }
    ]
}

*Please note, if a customer is running in their own tenant, the API URL would be different. Please contact Opsera to get your unique API URL.

...