Opsera provides audit logging for key operations in the platform. These logs can be accessed via the Opsera API.
The user account used to generate the token is the one associated with the token. They are the owner of that token and as such any API call they use it against will validate their Roles and Access before allowing the action to proceed. To access Audit Logs, the user MUST have the Power User role in the Opsera Platform, setup via Group Management.
Audit Scope
The following actions are logged:
Scope | Event / Action | ID (type) |
---|---|---|
User Authentication | A new login event for a given user. |
|
Pipeline Actions |
|
|
Access Token Usage | All uses of a given token are logged | n/a |
Tool Registry |
| registry |
Analytics Data Entries |
| analytics_data_entry |
Analytics Data Mapping: Organization |
| analytics_data_mapping_organization |
Analytics Data Mapping: Project |
| analytics_data_mapping_project |
Analytics Data Mapping: User |
| analytics_data_mapping_user |
Feature Flags |
| feature_flags |
Notification Policy |
| notification_policy |
Pipeline Template |
| pipeline_template |
Instructions |
| instructions |
Policy |
| policy |
Tag |
| tag |
Task |
| task |
Audit Logs API
The following API’s are available for consuming the audit logs. All Opsera API’s require a valid Access Token with either API Access OR Security Logs (Read Only)
scope.
Note: Dates are in UTC.
API Server*: https://app.opsera.io
URL | METHOD | DESCRIPTION | Scope | DATA | RESPONSE |
---|---|---|---|---|---|
| GET | Gets the User Activity Logs for the system. This is a route limited to Site Admins and Power users and requires a token of either API scope or Security Logs scope. If no date parameter is passed, the last 7 days of logs will be returned (up to a max of 1000 records) |
| Optional Query Parameters:
*supported timescale characters = s(seconds): 30 seconds = “30s” m(minutes): 13 minutes = “13m” h(hours): 1 hour = “1h” d(days): 3 days = “3d” w(weeks): 2 weeks = “2w” | { "count": 6, "data": [ { "_id": "61042540e1d666c9ded178c4", "user_id": "5e1cbf251c26d68f7ce6361e", "user_email": "support@opsera.io", "type": "pipeline", "action": "update", "target_id": "5fbe589a0fae8b021e137534", "account": "org-opsera-dnd-acc0", "createdAt": "2021-07-30T16:13:52.109Z", "updatedAt": "2021-07-30T16:13:52.109Z", "__v": 0 }, ] } |
| GET | Gets the User Activity Logs for the system. This is a route limited to Site Admins and Power users and requires a token of either API scope or Security Logs scope. |
| Optional Query Parameters
page=<integer> current page page_size=<integer> page size (max is 1000) action=<string> various actions type=<string> item type (pipeline, registry, etc) user_id=<mongo id> mongo user ID user_email=<sso user email> email address | |
| GET | Gets the Personal Access Tokens' Activity Logs. This is a route limited to Site Admins and Power users and requires a token of either API scope or Security Logs scope. If no date parameter is passed, the last 7 days will be returned.(up to a max of 1000 records) |
| Optional Query Parameters:
| { "count": 6, "data": [ { "_id": "61057f3a1429a35336563240", "token_id": "61043b2bbcb6d95b55adc5fd", "scope": "api", "target": "/v1/logs/user/tokens", "user_id": "5e1cbf251c26d68f7ce6361e", "account": "org-opsera-dnd-acc0", "createdAt": "2021-07-31T16:50:02.242Z", "updatedAt": "2021-07-31T16:50:02.242Z", "__v": 0 }, ] } |
| GET | Gets the Pipeline Activity Logs for the system. This is a route limited to Site Admins and Power users and requires a token of either API scope or Security Logs scope. If no date parameter is passed, all logs will be returned (up to a max of 1000 records). |
| Optional Query Parameters
*supported timescale characters = s(seconds): 30 seconds = “30s” m(minutes): 13 minutes = “13m” h(hours): 1 hour = “1h” d(days): 3 days = “3d” w(weeks): 2 weeks = “2w” | { "count": 223773, "data": [ { "_id": "627a9c44621d7e001d743568", "user_id": "60157c8c70628140f776e359", "pipeline_id": "611e7dca57f4eff66e9db084", "tool_identifier": "consumer.response", "step_id": "611508513ce36642d3180dc8", "step_index": 2, "step_name": "anchore", "step_configuration": { "tool": "event based automation", "topic": "opsera.pipeline.response" }, "action": "start confirmation", "api_response": { "pipelineId": "611e7dca57f4eff66e9db084", "customerId": "60157c8c70628140f776e359", "stepId": "611508513ce36642d3180dc8", "message": "Anchore Scan Started Successfully", "status": "analyzing", "runCount": 174, "stepIdentifier": "anchore-integrator" }, "message": "Anchore Scan Started Successfully", "status": "analyzing", "run_count": 174, "createdAt": "2022-05-10T17:09:24.080Z", "updatedAt": "2022-05-10T17:09:24.080Z", "__v": 0 } ] } |
*Please note, if a customer is running in their own tenant, the API URL would be different. Please contact Opsera to get your unique API URL.
Data Model
Two data models exist for the Audit Logs: Actions and Tokens. Details on what the fields mean are listed below:
{ "user_id": Opsera User ID, "user_email": Email Address associated with Opsera Account, "type": Maps to the area of Opsera the record is from (see above table), "action": Action being logged (see above table), "target_id": Opsera ID of object aciton is taken on, maps to type, "createdAt": Date action occured, }
{ "token_id": Opsera ID of token used, "scope": Scope of token, "target": Relative URL target of API call, "user_id": Opsera User ID, "createdAt": Date action occured, }