From e3cdf76439e67c6a6eec5113b8d64ea9d1d19580 Mon Sep 17 00:00:00 2001 From: mffap Date: Mon, 27 May 2024 13:04:59 +0200 Subject: [PATCH] docs(features): clean up audit trail feature (#8018) # Which Problems Are Solved duplicated content # How the Problems Are Solved reference to primary conent --- docs/docs/concepts/features/audit-trail.md | 31 ++++++++-------------- 1 file changed, 11 insertions(+), 20 deletions(-) diff --git a/docs/docs/concepts/features/audit-trail.md b/docs/docs/concepts/features/audit-trail.md index a4c79e003e..355029a6a4 100644 --- a/docs/docs/concepts/features/audit-trail.md +++ b/docs/docs/concepts/features/audit-trail.md @@ -14,6 +14,15 @@ This form of audit log has several benefits over storing classic audit logs. You can view past data in-context of the whole system at a single point in time. Reviewing a past state of the application can be important when tracing an incident that happened months back. Moreover the eventstore provides a truly complete and clean audit log. +:::info Future Plans +There will be three major areas for future development on the audit data + +- [Metrics](https://github.com/zitadel/zitadel/issues/4458) and [standard reports](https://github.com/zitadel/zitadel/discussions/2162#discussioncomment-1153259) +- [Feedback loop](https://github.com/zitadel/zitadel/issues/5102) and threat detection +- Forensics and replay of events + +::: + ## Accessing the Audit Log ### Last changes of an object @@ -42,24 +51,6 @@ Access to the API is possible with a [Service User](/docs/guides/integrate/servi ## Using logs in external systems -You can use the [Event API](#event-api) to pull data and ingest it in an external system. +You can use the events from the audit log in external systems such as a SOC/SIEM solution. -[Actions](actions.md) can be used to write events to the stdout and [process the events as logs](../../self-hosting/manage/production#logging). -Please refer to the zitadel/actions repository for a [code sample](https://github.com/zitadel/actions/blob/main/examples/post_auth_log.js). -You can use your log processing pipeline to parse and ingest the events in your favorite analytics tool. - -It is possible to send events directly with an http request to an external tool. -We don't recommend this approach since this would create back-pressure and increase the overall processing time for requests. - -:::info Scope of Actions -At this moment Actions can be invoked on certain events, but not generally on every event. -This is not a technical limitation, but a [feature on our backlog](https://github.com/zitadel/zitadel/issues/5101). -::: - -## Future plans - -There will be three major areas for future development on the audit data - -- [Metrics](https://github.com/zitadel/zitadel/issues/4458) and [standard reports](https://github.com/zitadel/zitadel/discussions/2162#discussioncomment-1153259) -- [Feedback loop](https://github.com/zitadel/zitadel/issues/5102) and threat detection -- Forensics and replay of events +Follow our guide on how to [integrate ZITADEL with external systems for streaming events and audit logs](/docs/guides/integrate/external-audit-log).