Audit
The Audit feature in Bitaic enables administrators to review and track user activities across the platform. Audit logs help ensure accountability and provide visibility into changes made within your monitoring environment.
Key Features of Auditing
- Comprehensive Activity Logs: Track actions such as login attempts, configuration changes, and agent installations.
- Time-Stamped Events: Each log entry is time-stamped, allowing you to analyze events chronologically.
- User Identification: Audit logs include user identifiers to help pinpoint the individual responsible for each action.
Viewing Audit Logs
Audit logs can be accessed via the Bitaic Dashboard or retrieved through the CLI.
- Dashboard: Go to Settings > Security > Audit Logs to view a complete list of recent activities.
- CLI: Run the following command to retrieve audit logs:
bitaic audit logsBest Practices
- Regular Review: Regularly review audit logs to identify unusual or unauthorized activities.
- Export Logs: Export logs periodically for backup or integration with third-party security information and event management (SIEM) tools.
Audit Events Tracked
The following represents the audit events tracked within the system that are accessible to Admins.
| Category | Event Description | Event Code |
|---|---|---|
| Authentication Events | Successful login | AUTH_LOGIN_SUCCESS |
| Failed login attempt | AUTH_LOGIN_FAILURE | |
| Logout | AUTH_LOGOUT | |
| Password reset requested | AUTH_PWD_RESET_REQUESTED | |
| Password reset completed | AUTH_PWD_RESET_COMPLETED | |
| Password reset failed | AUTH_PWD_RESET_FAILED | |
| MFA setup initiated | AUTH_MFA_SETUP | |
| MFA authentication success | AUTH_MFA_SUCCESS | |
| MFA authentication failure | AUTH_MFA_FAILURE | |
| Authorization Events | Role or permission change | AUTHZ_ROLE_PERM_CHANGE |
| Access request initiated | AUTHZ_ACCESS_REQUESTED | |
| Access request granted | AUTHZ_ACCESS_GRANTED | |
| Access request denied | AUTHZ_ACCESS_DENIED | |
| User Management Events | User account created | USER_CREATE |
| User account deleted | USER_DELETE | |
| Account locked | USER_ACCOUNT_LOCKED | |
| Account unlocked | USER_ACCOUNT_UNLOCKED | |
| User profile updated | USER_PROFILE_UPDATED | |
| Session Management Events | Session created | SESSION_CREATED |
| Session terminated | SESSION_TERMINATED | |
| Session timed out | SESSION_TIMEOUT | |
| Security Settings Changes | Password policy updated | SECSET_PWD_POLICY_UPDATED |
| MFA settings changed | SECSET_MFA_SETTINGS_UPDATED | |
| Consent and Compliance Events | Privacy agreement accepted | CONSENT_PRIV_AGREEMENT |
| Sensitive data accessed | CONSENT_DATA_ACCESS |