Skip to main content

Audit logs

Audit logs serve as an effective tool to understand changes made within your workspace. This feature documents a detailed record of actions taken by users, allowing you to track who made specific changes, when they were implemented, and what entity was altered.

Audit logs are a great way to track changes, identify discrepancies, and gain a holistic view of changes that have been made in your workspace. You can access the audit log through the Cortex UI or the public API endpoint.

Accessing Audit logs through the Cortex UI

You can access audit logs under the Authentication and access section in settings.

audit log 1

From the audit log page, you will see a list of user activities. Each log includes information categorized in the following columns:

  • Actor: The user or API key who performed the action. (N/A indicates that the change is attributed to GitOps or the auto-import of entities.)
  • Action: The action that was performed - "created", "deleted", or "updated".
  • Type: The type of action made (list below).
  • Entity: The entity affected by the action.
  • Date: When the action occurred.

You can click into any row to open a side panel with more details about the change.

Filtering audit logs

Audit logs can be filtered by date, actions, types, entities, and actors.

audit log 2

You can select one or more items from the dropdowns for each field. When multiple items are selected for a given field, Cortex query with an OR operator. When multiple inputs are entered, Cortex will separate the queries with an AND operator.

You can select one or more items from the dropdowns for each field. When multiple items are selected for a given field, Cortex will query with an OR operator. When multiple inputs are entered, Cortex will separate the queries with an AND operator.

For example, if CREATE is selected for Actions and SCORECARD is selected for Types, the backend query is create AND scorecard. If both CREATE and DELETE are selected for Actions and SCORECARD is selected for Types, the query would be (create OR delete) AND scorecard. This would show all Scorecards that have been created or deleted within the selected timeframe.

Date

Audit logs can be filtered by Start date and/or End date. If no dates are selected, Cortex will display logs for the last 7 days.

Actions

You can filter by the action performed: CREATE, DELETE, and/or UPDATE.

Types

The Types dropdown allows you to filter by any of the available types:

  • ACCOUNT_FLAG
  • ALLOW_LIST_ENTRY
  • API_KEY
  • CATALOG
  • CATALOG_FILTER
  • CORTEX_USER
  • CUSTOM_ROLE
  • DOMAIN
  • ENTITY_TYPE_DEFINITION
  • INITIATIVE
  • OAUTH_CONFIGURATION
  • OPENAPI_DEFINITION
  • PERSONAL_API_KEY
  • RESOURCE
  • SCORECARD
  • SECRET
  • SECRET_GROUP
  • SERVICE
  • TEAM
  • WORKFLOW
  • Integrations
    • Configuration (e.g. OKTA_CONFIGURATION)
    • OAuth configuration (e.g. BITBUCKET_OAUTH_CONFIGURATION)
    • OAuth registration (e.g. JIRA_OAUTH_REGISTRATION)
    • On-prem configuration (e.g. JIRA_ONPREM_CONFIGURATION)
    • On-prem webhook secret (e.g. BITBUCKET_ONPREM_WEBHOOK_SECRET)
    • Personal configuration (e.g. BITBUCKET_PERSONAL_CONFIGURATION)
    • SAST configuration (e.g. MEND_SAST_CONFIGURATION)

GitHub also has some unique types associated with it: GITHUB_APP_CONFIGURATION, GITHUB_APP_INSTALLATION, GITHUB_PERSONAL_TOKEN, and GITHUB_WEBHOOK_SECRET.

note

The available options for Type will expand over time as the list grows.

Entities

You can manually enter entity tags in the Entities field to refine the logs by specific entities. The entity tag(s) must match exactly for the filter to work.

For example, if we want to filter by an entity with the tag example-entity, we would have to enter example-entity exactly in the Entities field - just example or example entity will not work.

Actors

The Actors section of the filter includes several options.

  • Actor Types: ANONYMOUS, API_KEY, BACKSTAGE, OAUTH2, or PERSONAL_API_KEY
  • API Key Identifiers: Enter API key names or the last 4 characters of an API key.
  • Emails: Enter email addresses. Like entities, email addresses must be an exact match.
  • IP Addresses: Filter by IP address.
  • Anonymous Request Types:
    • API_KEY_ENTITY
    • BRAIN_AI
    • CUSTOM_INTEGRATION
    • SCORECARD_BADGES
    • SLACK_COMMAND
    • Integration webhooks (e.g. ATLASSION_WEBHOOK)

Accessing Audit logs through the public API endpoint

Audit logs can also be accessed through the public API endpoint. Please refer to our Audit Logs API documentation to learn how to retrieve audit logs.