Audit¶
Guance supports viewing audit events generated by user behaviors in the workspace, and records project usage, user behavior operations and resource changes in the workspace in real time, mainly including:
- Workspace managed events: such as modification of basic settings, modification of member permissions, deletion of notification objects and expiration of Lisence.
- Events used by functions and services: such as creating/modifying/deleting views, creating new application detection, disabling a detection library, setting host silence and generating metrics
- Billing project events: such as the usage amount of the project is close to the free quota
Event List¶
In Management > Audit, you can view the user action behavior events generated by all workspaces. It supports search, grouping aggregation, viewing details and other operations. Through the time component at the top of the page, you can view action events in different time ranges.
Event Details Page¶
Click on the event in the action event list, and you can slip out of the event details page to view the trigger time, tag attributes, operator and event content.
You can also use the following fields for self-query analysis:
| Field Name | Type | Required | Description |
|---|---|---|---|
date |
Integrate | Required | Generation time, Unix timestamp, in ms |
df_date_range |
Integrate | Required | Time range, in seconds |
df_source |
String | Required | Data source, with audit as the value for operation events |
df_status |
String | Required | Status, with info as the default value for operation events |
df_origin |
String | Required | Operation source, used to record the current operation's entry point. The reference values are as follows: |
df_menu |
String | Required | Menu path accessed by the user, for example: Logs-Viewer |
df_event_id |
String | Required | Unique event ID |
df_title |
String | Required | Title |
df_message |
String | Required | Description |
df_user_id |
String | Required | User ID |
df_user_name |
String | Required | User name |
df_user_email |
String | Required | User email, corresponding to id, name, and email in Member Management |
df_user_team |
String | Required | Current user's team |
df_role_scope |
String | Required | Range of roles currently held by the user |
Event Grouping Aggregation¶
Through the grouping function, Guance supports rapid aggregation and statistics of related events according to grouping tags. Through the grouping aggregation of operators, you can view the number of all aggregation events triggered by users on Guance platform within the time range.
Event Aggregation Details Page¶
Click Aggregate Events and you can view a list of all events triggered by a certain user on the details page.
Event Data Storage Strategy¶
The data of the operation audit is saved according to the storage strategy of the event, which can be viewed and adjusted in Management > Settings > Change Data Storage Strategy.
