Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
tutorial:adm:reading_audits [2019/09/02 13:22]
fiserp [Identity disabled] 		tutorial:adm:reading_audits [2021/10/07 13:39] (current)
fiserp
Line 1: Line 1:
 ====== Audit - Reading audit information ====== ====== Audit - Reading audit information ======
 This article shows how to connect CzechIdM to automated security monitoring system (SIEM). This form of integration is necessary in many organizations. IdM, being the central point where identities and their roles are managed, is just another piece of the security monitoring mosaic. This article shows how to connect CzechIdM to automated security monitoring system (SIEM). This form of integration is necessary in many organizations. IdM, being the central point where identities and their roles are managed, is just another piece of the security monitoring mosaic.
 +
 +<note tip>Starting CzechIdM 11.2.0, we discourage reading audit information using REST as is explained on this page.
 +
 +Please, use specialized [[devel:documentation:audit:dev:audit_logging_for_siem_tools|audit logging functionality]].</note>
  
 ===== Important events to monitor ===== ===== Important events to monitor =====
Line 117: Line 121:
       "id" : 316,       "id" : 316,
       "timestamp" : 1565604153572,       "timestamp" : 1565604153572,
 +      // who created
       "modifierId" : "3eb704d3-c177-4ffa-b889-34926c8e05c2",       "modifierId" : "3eb704d3-c177-4ffa-b889-34926c8e05c2",
       "modifier" : "admin",       "modifier" : "admin",
 +      // login of created identity
       "ownerId" : "a72d5188-8e1b-47dc-b6af-7e44d8ba92c9",       "ownerId" : "a72d5188-8e1b-47dc-b6af-7e44d8ba92c9",
       "ownerCode" : "john_doe",       "ownerCode" : "john_doe",
Line 506: Line 512:
       "id" : 528,       "id" : 528,
       "timestamp" : 1565769780568,       "timestamp" : 1565769780568,
 +      // who created the role
       "modifier" : "admin",       "modifier" : "admin",
 +      // role name in the form of NAME|environment
       "ownerCode" : "CTO|production",       "ownerCode" : "CTO|production",
       ... redacted ...       ... redacted ...
Line 513: Line 521:
           "creator" : "admin",           "creator" : "admin",
           "code" : "CTO|production",           "code" : "CTO|production",
 +          // implementation name of the role
           "baseCode" : "CTO",           "baseCode" : "CTO",
 +          // deployment environment the role is intended for
           "environment" : "production",           "environment" : "production",
 +          // user friendly name of the role
           "name" : "CTO",           "name" : "CTO",
           "roleType" : "TECHNICAL",           "roleType" : "TECHNICAL",
  • by fiserp