Enhanced Auditing Capabilities
Purpose
This document describes the event payload data that can be contained in your audit data. You can query the audit information via the REST API of the iGrafx Process Design application.
Enabling the Enhanced Auditing Capabilities
CLOUD ONLY
This feature is for iGrafx Cloud instances only. It is enabled by default. Do disable the feature, navigate to the Admin → Server Settings → Support tab. At the bottom of the tab there will be a toggle switch to toggle on/off the enhanced audit feature.
API Endpoint
The general API endpoint to retrieve your audit information is
https://YOUR_SUBDOMAIN.igrafxcloud.com/api/auditevents
Calling it without any additional parameters will return the last 24 hours of audit information, with the data format outlined below under General Payload Structure.
To query older data, you will have to append the query parameter secondThreshold
to your URL. It determines the amount of historic audit data to retrieve, and by default is set to 86400 seconds (24 hours). For example, to retrieve the last 30 days of audit information, you can use the following URL:
https://YOUR_SUBDOMAIN.igrafxcloud.com/api/auditevents?secondThreshold=2592000
General Payload Structure
A general audit event will have the following data structure, and then custom data relevant to the specific type and category of the event. We describe the general structure here and provide additional examples of specific audit events for analysis in the table under Available Specific Data.
Basic Audit Event Payload
{
"uuid": "558ff7b4-7fd2-459c-9b2d-4a3d5d0fc306",
"eventType": "loginsuccess",
"eventCategory": "SECURITY",
"eventData": {},
"timestamp": "2023-08-08T04:26:58.919+00:00",
"principal": "firstname.lastname@company.com",
"authenticationType": "OAUTH2",
"hostname": "abcdef123456",
"platformVersion": "18.3.1.925-develop",
"platformUuid": "fdc8450e-7774-4c8c-88ee-a0f6162aa616",
"tenantId": "abcd1234"
}
The fields are as follows
Field name | Content/Purpose |
---|---|
| Contains a unique identifier for the event |
| Specific event type (see Event Type column in the below table) |
| Category for the event (see Category column in the below table) |
| A custom payload that is different per event (see the below table) |
| The timestamp of the event, either as ISO-8601 string or numeric timestamp |
| The authenticated user or entity that triggered the event |
| The type of authentication the principal was using during this event (see Authentication Type column in the below table) The |
| The name of the host of the Process Design instance The |
| The version the Process Design app was running at the time of the event |
| Contains the unique identifier of the Process Design instance |
| The unique tenant identifier for the Process Design instance (if present) The |
Authentication Type
authenticationType | Description |
---|---|
| This authentication type signifies a “basic” sign on with a username and password |
| When the principal uses OAuth2 to authenticate with Process Design |
| When the principal uses SAML to authenticate with Process Design |
| IGrafx Access Management Service |
| When the principal uses an API Key to authenticate with Process Design |
| Used for internal/automated actions of Process Design |
Available Event Data
In addition to the generic fields listed above, each action may have additional information
USER_MANAGEMENT
User Action | Event Type | Category | eventData payload |
---|---|---|---|
Create Local User In Platform |
|
|
JSON
|
Update User Details In Platform |
|
|
JSON
|
Delete User In Platform |
|
|
JSON
|
OBJECTS
User Action | Event Type | Category | eventData payload |
---|---|---|---|
Navigate to Object Tab in Platform Model Area |
|
|
JSON
|
Bulk operation requested |
|
|
JSON
|
DIAGRAMMING
User Action | Event Type | Category | eventData payload |
---|---|---|---|
View Web Diagram |
|
|
JSON
|
NARRATIVE
User Action | Event Type | Category | eventData payload |
---|---|---|---|
View Full Diagram Narrative |
|
|
JSON
|
View Diagram SOP Narrative |
|
|
JSON
|
View Shape Narrative |
|
|
JSON
|
View Path Narrative |
|
|
JSON
|
SECURITY
User Action | Event Type | Category | eventData payload |
---|---|---|---|
Successful Login |
|
| Not applicable |
SETTINGS
User Action | Event Type | Category | eventData payload |
---|---|---|---|
Changing a Feature Flag through the API |
|
|
JSON
|
Reading the Feature Flag Status |
|
|
JSON
|
Feature Flag set for repository |
|
|
JSON
*The **This only audits the changes in repositories for the feature flag. The feature flag being turned on/off will still be audited under |
A new server setting is created |
|
|
JSON
*Values for sensitive settings will be redacted to: |
A server setting is updated |
|
|
JSON
*Values for sensitive settings will be redacted to: |
A server setting is deleted |
|
|
JSON
*Values for sensitive settings will be redacted to: |
ROLE_MANAGEMENT
User Action | Event Type | Category | eventData payload |
---|---|---|---|
Server role created |
|
|
JSON
|
Server role updated |
|
|
JSON
*The rights will be the entire list of granted permissions at the time of the update. |
Server role deleted |
|
|
JSON
*The rights will be the entire list of granted permissions at the time of deletion. |
Server role assigned to User/Group |
|
|
JSON
* |
Server role removed from a User/Group |
|
|
JSON
* |
Repository role created |
|
|
JSON
|
Repository role updated |
|
|
JSON
*The rights will be the entire list of granted permissions at the time of the update. |
Repository role deleted |
|
|
JSON
*The rights will be the entire list of granted permissions at the time of deletion. |
Repository role assigned to User/Group |
|
|
JSON
* **The |
Repository role removed from a User/Group |
|
|
JSON
* **The |
Item role created |
|
|
JSON
|
Item role updated |
|
|
JSON
*The rights will be the entire list of granted permissions at the time of the update. |
Item role deleted |
|
|
JSON
*The rights will be the entire list of granted permissions at the time of deletion. |
Item role assigned to a user or group |
|
|
JSON
* |
Item role unassigned from a user or group |
|
|
JSON
* |
GROUP_MANAGEMENT
Coming soon
Some group management actions are created by automated systems. Some of these actions have special principals that indicate how these actions were performed (e.g., iGrafx Identity Solution, LDAP, etc…). These principals are based off the underlying technologies and may not display what you might expect (e.g., using SAML via iGrafx Identity Solution may have the principal SYSTEM: OAuth2
because the underlying technology is OAuth2).
User Action | Event Type | Category | eventData payload |
---|---|---|---|
A user is added to a group |
|
|
JSON
*This will not audit new users being created and added to the everybody group. As well as the initial assignment for the system administrator. |
A user is removed from a group |
|
|
JSON
|
A group is added to a group |
|
|
JSON
|
A group is removed from a group |
|
|
JSON
|