Audit Logging API

Owned by Todd Barczak
Last updated: Aug 13, 2024 by Noah Champoux
6 min read

Opsera provides audit logging for key operations in the platform. These logs can be accessed via the Opsera API.

The user account used to generate the token is the one associated with the token. They are the owner of that token and as such any API call they use it against will validate their Roles and Access before allowing the action to proceed. To access Audit Logs, the user MUST have the Power User role in the Opsera Platform, setup via Group Management.

Audit Scope

The following actions are logged:

Scope

Event / Action

ID (type)

Scope

Event / Action

ID (type)

User Authentication

A new login event for a given user.

authentication

Pipeline Actions

  • Start

  • Stop

  • Reset

  • Resume

  • Approve

  • Denial

  • Edit/Change Pipeline Steps

  • Edit/Change Pipeline Settings

  • Create New Pipeline from template

  • Delete Pipeline

  • Duplicate Pipeline

  • Publish Pipeline to Catalog

  • Webhook-Start

pipeline

Access Token Usage

All uses of a given token are logged

n/a

Tool Registry

  • Create Tool

  • Edit/Change Tool Attributes or Connection Settings

  • Delete

registry

Analytics Data Entries

  • Create

  • Update

  • Delete

analytics_data_entry

Analytics Data Mapping: Organization

  • Create

  • Update

  • Delete

analytics_data_mapping_organization

Analytics Data Mapping: Project

  • Create

  • Update

  • Delete

analytics_data_mapping_project

Analytics Data Mapping: User

  • Create

  • Update

  • Delete

analytics_data_mapping_user

Feature Flags

  • Create

  • Update

  • Delete

feature_flags

Notification Policy

  • Create

  • Update

  • Delete

notification_policy

Pipeline Template

  • Create

  • Update

  • Delete

  • Deploy

  • Ownership Transfer

  • Edit Access Roles

pipeline_template

Instructions

  • Create

  • Update

  • Delete

instructions

Policy

  • Create

  • Update

  • Delete

policy

Tag

  • Create

  • Update

  • Delete

tag

Task

  • Create

  • Update

  • Delete

task

 

Audit Logs API

The following API’s are available for consuming the audit logs. All Opsera API’s require a valid Access Token with either API Access OR Security Logs (Read Only)scope.

Note: Dates are in UTC.

API Server*: https://app.opsera.io

URL

METHOD

DESCRIPTION

Scope

DATA

RESPONSE

URL

METHOD

DESCRIPTION

Scope

DATA

RESPONSE

/api/v1/logs/user/actions

GET

Gets the User Activity Logs for the system. This is a route limited to Site Admins and Power users and requires a token of either API scope or Security Logs scope.

If no date parameter is passed, the last 7 days of logs will be returned (up to a max of 1000 records)

API Access

Security Logs (Read Only)

Optional Query Parameters:

?date=YYYY-MM-DD

?start=YYYY-MM-DD & ?end=YYYY-MM-DD

?type=<value from type field>

?count=<integer, number of records>

?range=<Integer value and timescale character>

*supported timescale characters =

s(seconds): 30 seconds = “30s”

m(minutes): 13 minutes = “13m”

h(hours): 1 hour = “1h”

d(days): 3 days = “3d”

w(weeks): 2 weeks = “2w”

{ "count": 6, "data": [ { "_id": "61042540e1d666c9ded178c4", "user_id": "5e1cbf251c26d68f7ce6361e", "user_email": "support@opsera.io", "type": "pipeline", "action": "update", "target_id": "5fbe589a0fae8b021e137534", "account": "org-opsera-dnd-acc0", "createdAt": "2021-07-30T16:13:52.109Z", "updatedAt": "2021-07-30T16:13:52.109Z", "__v": 0 }, ] }

 

/api/v2/logs/audit/user

GET

Gets the User Activity Logs for the system.

This is a route limited to Site Administrators, Power Users, Auditors, Security Managers.

It requires a token of either API scope or Security Logs scope.

API Access

API Access (Read only)

Security Logs (Read Only)

Optional Query Parameters

?start_date=YYYY-MM-DD

?start_time=HH:MM:SS (start date is required)

?end_date=YYYY-MM-DD

?end_time=HH:MM:SS (end date is required)

page=<integer> current page

page_size=<integer> page size (max is 1000)

action=<string> various actions

type=<string> item type (pipeline, registry, etc)

user_id=<mongo id> mongo user ID

user_email=<sso user email> email address

 

 

/api/v1/logs/user/tokens

GET

Gets the Personal Access Tokens' Activity Logs. This is a route limited to Site Admins and Power users and requires a token of either API scope or Security Logs scope.

If no date parameter is passed, the last 7 days will be returned.(up to a max of 1000 records)

API Access

Security Logs (Read Only)

Optional Query Parameters:

?date=YYYY-MM-DD

?scope=<value from scope field>

{ "count": 6, "data": [ { "_id": "61057f3a1429a35336563240", "token_id": "61043b2bbcb6d95b55adc5fd", "scope": "api", "target": "/v1/logs/user/tokens", "user_id": "5e1cbf251c26d68f7ce6361e", "account": "org-opsera-dnd-acc0", "createdAt": "2021-07-31T16:50:02.242Z", "updatedAt": "2021-07-31T16:50:02.242Z", "__v": 0 }, ] }

 

/api/v1/logs/pipelines

GET

Gets the Pipeline Activity Logs for the system. This is a route limited to Site Admins and Power users and requires a token of either API scope or Security Logs scope.

If no date parameter is passed, all logs will be returned (up to a max of 1000 records).

API Access

Security Logs (Read Only)

 

Optional Query Parameters

?date=YYYY-MM-DD

?start=YYYY-MM-DD & ?end=YYYY-MM-DD

?type=<value from type field>

?count=<integer, number of records>

?range=<Integer value and timescale character>

*supported timescale characters =

s(seconds): 30 seconds = “30s”

m(minutes): 13 minutes = “13m”

h(hours): 1 hour = “1h”

d(days): 3 days = “3d”

w(weeks): 2 weeks = “2w”

{ "count": 223773, "data": [ { "_id": "627a9c44621d7e001d743568", "user_id": "60157c8c70628140f776e359", "pipeline_id": "611e7dca57f4eff66e9db084", "tool_identifier": "consumer.response", "step_id": "611508513ce36642d3180dc8", "step_index": 2, "step_name": "anchore", "step_configuration": { "tool": "event based automation", "topic": "opsera.pipeline.response" }, "action": "start confirmation", "api_response": { "pipelineId": "611e7dca57f4eff66e9db084", "customerId": "60157c8c70628140f776e359", "stepId": "611508513ce36642d3180dc8", "message": "Anchore Scan Started Successfully", "status": "analyzing", "runCount": 174, "stepIdentifier": "anchore-integrator" }, "message": "Anchore Scan Started Successfully", "status": "analyzing", "run_count": 174, "createdAt": "2022-05-10T17:09:24.080Z", "updatedAt": "2022-05-10T17:09:24.080Z", "__v": 0 } ] }

*Please note, if a customer is running in their own tenant, the API URL would be different. Please contact Opsera to get your unique API URL.

Data Model

Two data models exist for the Audit Logs: Actions and Tokens. Details on what the fields mean are listed below:

Actions Audit Log
Access Token Audit Log