An audit trail is a security-relevant chronological record, set of records, and/or destination and source of records that provide documentary evidence of the sequence of activities that have affected at any time a specific operation, procedure, event, or device.
Put simply and audit trail allows us to identify who did what when; usually to track down why something in our system has changed
IriusRisk provides multiple levels of logging within the platform. In order to answer questions such as
what has been updated within a project (threat model),
-
who has logged in
-
who has modified a library
-
when was a custom field removed
-
when was a rule deleted
We can access an audit log of events within the product dashboard
Each event is described by
-
timestamp(UTC)
-
the User who performed an action/even, this is the Username (email or other as defined in Users and Permissions), or system (automated event invoked by the rules engine)
-
the Project impacted, this may be a threat model (the name of the project), a library (the name of the security library), null (system wide)
-
the Event, what action was performed. Some example events are shown below, but this includes details of any actions, either automated or manual that are applied to your projects (threat models), adding/removing components, importing threats and countermeasures etc.
-
Details of the event
Each of these columns can be used to filter and/or sort the audit log, simply start typing and the log will dynamically pattern match the column. Case insensitive pattern matching is applied, so if the filter is anywhere within the column it will return the matching log information, for example
Event Type filter update will return events such as Asset Updated and Component Updated
User logged in |
filters to identify which username was used to access the platform |
Component created |
filters to identify when component have been added to a project |
Component deleted |
filters to identify when component have been removed from a project |
Project deleted |
project removed from the product |
Countermeasure Removed |
Countermeasure removed from a project |
Comments
0 comments
Article is closed for comments.