LogoLogo
Login to CortexBook a DemoCortex Academycortex.io
  • Cortex Docs
  • Cortex Quick Start
  • Ingesting data into Cortex
    • Managing Entities
      • Adding entities
        • Add services
        • Add domains
        • Add teams
        • Add custom entity types
        • Defining dependencies
      • Entity details page
      • Defining ownership
      • Defining relationship types
      • Grouping entities
      • Adding external documentation
      • Adding Deploy data
      • Adding custom data
      • Viewing discovered entities
      • Archiving entities
      • Relationship graph
      • Using On-call Assistant for incidents
      • Managing Terraform infra in Cortex
    • Managing Catalogs
    • Integrations
      • Internally hosted integrations
      • ArgoCD
      • AWS
      • Azure DevOps
      • Azure Resources
      • BambooHR
      • Bitbucket
      • BugSnag
      • Buildkite
      • Checkmarx
      • CircleCI
      • ClickUp
      • Codecov
      • Coralogix
      • Custom webhook integrations
      • Datadog
      • Dynatrace
      • Entra ID (Azure AD)
      • FireHydrant
      • GitHub
      • GitLab
      • Google
      • Grafana
      • incident.io
      • Instana
      • Jenkins
      • Jira
      • Kubernetes
      • LaunchDarkly
      • Lightstep
      • Mend
      • Microsoft Teams
      • New Relic
      • Okta
      • Opsgenie
      • PagerDuty
      • Prometheus
      • Rollbar
      • Rootly
      • Sentry
      • ServiceNow
      • Slack
      • Snyk
      • SonarQube
      • Splunk Observability Cloud (SignalFx)
      • Splunk On-Call (VictorOps)
      • Sumo Logic
      • Veracode
      • Wiz
      • Workday
      • xMatters
  • Scorecards
    • Initiatives and Action items
      • Creating issues based on Initiatives
    • Scorecard rule exemptions
    • Scorecard rule filters
    • Scorecard examples
    • Scorecards as code
  • Reports
    • Executive report
    • All Scorecards report
    • Bird's eye report
    • Progress report
    • Report card
  • Eng Intelligence
    • Custom Metrics
    • Jira Metrics
    • Metrics Explorer (Beta)
  • Cortex Query Language (CQL)
    • Using CQL reports
    • Using JQ in Cortex
  • Workflows
    • Creating a Workflow
      • Workflows as code
    • Blocks
    • Running a Workflow
    • Registering a Scaffolder template
      • Scaffolder advanced usage
    • Using a Workflow to sync in ArgoCD
    • Kicking off a Jenkins pipeline in a Workflow
    • Calling internal service endpoints in a Workflow
  • Plugins
    • Creating a plugin
      • Creating a plugin proxy
    • Migrating Backstage plugins to Cortex
  • Engineering homepage
  • Workspace Settings
    • Using GitOps for Cortex
      • GitOps logs
    • Managing users
      • Roles and permissions
        • Custom roles
        • Team ownership entity editing
      • Configuring SSO
        • Microsoft Entra ID
        • Google
        • Other OIDC providers
        • Okta
          • Okta SCIM
      • Configuring identity mappings
      • Onboarding management
    • API keys, secrets, and tokens
      • Secrets
      • Personal tokens
    • Audit logs
    • Entity settings
      • Data verification
      • Auto archiving entities
    • IP allowlist
    • Notifications
      • Notification logs
    • Customizing your workspace
    • Using search in Cortex
  • Cortex API
    • REST API operations
      • API Keys
      • Audit Logs
      • Catalog Entities
      • Custom Data
        • Custom Data (Advanced)
      • Custom Events
      • Custom Metrics
      • Dependencies
      • Deploys
      • Discovery Audit
      • Docs
      • Eng Intel: User Labels
      • Entity Relationship Types (Beta)
      • Entity Relationships (Beta)
      • Entity Types
      • GitOps Logs
      • Groups
      • Initiatives
      • Integrations APIs
        • Azure Active Directory (Entra ID) API
        • Azure Resources API
        • AWS API
        • Azure DevOps API
        • CircleCI API
        • Coralogix API
        • Datadog API
        • GitHub API
        • GitLab API
        • incident.io API
        • LaunchDarkly API
        • New Relic API
        • PagerDuty API
        • Prometheus API
        • SonarQube API
      • IP Allowlist
      • Notification Logs
      • On call
      • Packages
      • Plugins
      • Queries
      • SCIM
      • Scorecards
      • Secrets
      • Team Hierarchies
      • Teams
      • Workflows
Powered by GitBook
On this page
  • Managing audit logs
  • Managing audit logs via the API
  • View audit logs in the Cortex UI
  • Filtering audit logs
  • Audit log reference
  • Object types
  • Actors

Was this helpful?

Export as PDF
  1. Workspace Settings

Audit logs

Last updated 2 months ago

Was this helpful?

Audit logs serve as an effective tool to understand changes made within your workspace. This feature documents a detailed record of actions taken by users, allowing you to track who made specific changes, when they were implemented, and what entity was altered.

Audit logs are a great way to track changes, identify discrepancies, and gain a holistic view of changes that have been made in your workspace. You can access the audit log through the Cortex UI or the public API endpoint.

Managing audit logs

Managing audit logs via the API

Audit logs can also be accessed through the public API endpoint. Please refer to our to learn how to retrieve audit logs.

View audit logs in the Cortex UI

You must have the View audit logs permission.

You can access audit logs under .

From the audit log page, you will see a list of user activities. Each log includes information categorized in the following columns:

  • Actor: The user or API key who performed the action.

    • N/A indicates that the change is attributed to GitOps or the auto-import of entities.

  • Action type: The action that was performed - "created", "deleted", or "updated".

  • Object type: The object that changed.

  • Object identifier: The unique identifier of the object.

  • Date: When the action occurred.

You can click into any row to open a side panel with more details about the change.

Filtering audit logs

Click Filter in the upper right corner to select and apply filters to narrow the scope of your list. You can apply filters for:

  • API key identifier

  • Action type

  • Actor IP address

  • Actor email

  • Actor type

  • Anonymous request type

  • Date range

  • Entity

  • Object type

How the filters work

When filtering by email address or

You can select one or more items from the dropdowns for each field. When multiple items are selected for a given field, Cortex queries with an OR operator. When multiple field filters are applied, Cortex separates the queries with an AND operator.

For example:

  • If CREATE is selected for Action type and SCORECARD is selected for Object type, the backend query is create AND scorecard.

  • If both CREATE and DELETE are selected for Actions and SCORECARD is selected for Types, the query would be (create OR delete) AND scorecard. This would show all Scorecards that have been created or deleted within the selected timeframe.

Audit log reference

Object types

The following object types are included in audit logs:

  • ACCOUNT_FLAG

  • ALLOW_LIST_ENTRY

  • API_KEY

  • CATALOG

  • CATALOG_FILTER

  • CORTEX_USER

  • CUSTOM_ROLE

  • DOMAIN

  • ENTITY_TYPE_DEFINITION

  • INITIATIVE

  • OAUTH_CONFIGURATION

  • OPENAPI_DEFINITION

  • PERSONAL_API_KEY

  • RESOURCE

  • SCORECARD

  • SECRET

  • SECRET_GROUP

  • SERVICE

  • TEAM

  • WORKFLOW

  • Integrations

    • Configuration (e.g. OKTA_CONFIGURATION)

    • OAuth configuration (e.g. BITBUCKET_OAUTH_CONFIGURATION)

    • OAuth registration (e.g. JIRA_OAUTH_REGISTRATION)

    • On-prem configuration (e.g. JIRA_ONPREM_CONFIGURATION)

    • On-prem webhook secret (e.g. BITBUCKET_ONPREM_WEBHOOK_SECRET)

    • Personal configuration (e.g. BITBUCKET_PERSONAL_CONFIGURATION)

    • SAST configuration (e.g. MEND_SAST_CONFIGURATION)

GitHub also has some unique types associated with it: GITHUB_APP_CONFIGURATION, GITHUB_APP_INSTALLATION, GITHUB_PERSONAL_TOKEN, and GITHUB_WEBHOOK_SECRET.

Actors

Actors include the following information:

  • Actor Types: ANONYMOUS, API_KEY, BACKSTAGE, OAUTH2, or PERSONAL_API_KEY

  • API Key Identifiers: When filtering by this field, enter API key names or the last 4 characters of an API key.

  • Emails: When filtering by this field, the email address must be an exact match to the user's email.

  • IP Addresses

  • Anonymous Request Types:

    • API_KEY_ENTITY

    • BRAIN_AI

    • CUSTOM_INTEGRATION

    • SCORECARD_BADGES

    • SLACK_COMMAND

    • Integration webhooks (e.g. ATLASSION_WEBHOOK)

See the full list of possible .

object types below
Audit Logs API documentation
Settings > Audit logs
Select filter options for the audit log list.