docs(audit): Dev Portal Audit Logging #7816
Conversation
✅ Deploy Preview for kongdocs ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
cloudjumpercat
added
do not merge
…l overview use case table, add link to audit log on create dev portal, start revising some of the content Signed-off-by: Diana <[email protected]>
Signed-off-by: Diana <[email protected]>
…inks to the new redirects Signed-off-by: Diana <[email protected]>
Signed-off-by: Diana <[email protected]>
…g audit log UI Signed-off-by: Diana <[email protected]>
Signed-off-by: Diana <[email protected]>
| content_type: concept | ||
| --- | ||
|
|
||
| {% include_cached /md/konnect/audit-logging/audit-log-overview.md %} |
There was a problem hiding this comment.
I think this line inherits the text from Audit Logs for Enterprise. However, can we modify this line from By tracking Konnect audit logs, you gain the following benefits to By tracking Dev Portal audit logs, you gain the following benefit?
There was a problem hiding this comment.
I edited this so it's a bit more generic, like "By tracking audit logs..." so it would apply to both. Currently, I don't know of a way to make that bit specific to the feature area and still reuse for both pages. I wanted to reuse it because 99% of the content was the exact same, so it helps us keep both up-to-date and reduce translation costs in the future.
| {% include_cached /md/konnect/audit-logging/audit-log-overview.md %} | ||
|
|
||
| {:.note} | ||
| > **Note:** Dev Portal audit logs are set up and managed separately from org-wide {{site.konnect_short_name}} audit logs. For more information about how to configure audit logging for a {{site.konnect_short_name}}, see [Set up an audit log webhook for Dev Portal](/konnect/dev-portal/audit-logging/webhook/). |
There was a problem hiding this comment.
Is the intent here to navigate users looking to configure audit logging for Konnect to https://docs.konghq.com/konnect/org-management/audit-logging/?
There was a problem hiding this comment.
@smritikjaggi Yep! I added one to the org management audit logging page as well. This is just to help users who maybe landed here on a search accidentally know that the configurations are different and direct them to the correct doc.
| You can use the {{site.konnect_short_name}} UI or the Audit Logs API to configure webhooks for [audit logging](/konnect/dev-portal/audit-logging/). | ||
|
|
||
| {:.note} | ||
| > **Note:** Currently, Dev Portal audit logs only support authorization logs, which are triggered when a user logs in to Dev Portal. |
There was a problem hiding this comment.
Currently, Dev Portal audit logs only support authentication logs. Authorization logs are in scope for future milestones.
| {:.note} | ||
| > **Note:** Currently, Dev Portal audit logs only support authorization logs, which are triggered when a user logs in to Dev Portal. | ||
|
|
||
| {% include_cached /md/konnect/audit-logging/webhook-overview-prereq-siem-config.md %} |
There was a problem hiding this comment.
can we modify the sentence Before you can push Konnect audit logs to an external service to Before you can push Dev Portal audit logs to an external service.
There was a problem hiding this comment.
Do you think users will get confused by the term "external service"? We could say - "Before you can push Dev Portal Audit Logs to a SEIM system of choice"
There was a problem hiding this comment.
I edited it so it's a bit more generic so it applies to both Dev Portal and Konnect and changes "external service" to SIEM provider.
| * **Skip SSL Verification**: Skip SSL verification of the host endpoint when delivering payloads. | ||
|
|
||
| {:.note} | ||
| > We strongly recommend not setting this to `true` as you are subject to man-in-the-middle and other attacks. This option should be considered only when using self-signed SSL certificates in a non-production environment. |
There was a problem hiding this comment.
Can we replace "this" to "skip SSL verification":
We strongly recommend not setting "skip SSL Verification" to true
|
|
||
| Now that you have an external endpoint and authorization credentials, you can set up an audit log destination in {{site.konnect_short_name}}. The `/audit_log_destinations` endpoint allows you to set your audit log destination, which includes the endpoint URL and access key for your SIEM provider, and reuse it. | ||
|
|
||
| The {{site.konnect_short_name}} API uses [Personal Access Token (PAT)](/konnect/api/#authentication) authentication. You can obtain your PAT from the [personal access token page](https://cloud.konghq.com/global/account/tokens). The PAT must be passed in the `Authorization` header of all requests. |
There was a problem hiding this comment.
I do not see this section in the deploy preview - am I missing something?
There was a problem hiding this comment.
@smritikjaggi This will be under the API tab
|
|
||
| ## Prerequisites | ||
|
|
||
| * [**Org Admin** or **Portal Admin** permissions](/konnect/org-management/teams-and-roles/teams-reference/) |
There was a problem hiding this comment.
@neethi-shashidhar-kong - can you confirm if we would have Portal Admin role set up audit logs for Dev Portal based on the perm sync conversations this morning? I think only Org Admin will have permissions.
| {% navtabs %} | ||
| {% navtab Konnect UI %} | ||
|
|
||
| 1. From the navigation menu, open {% konnect_icon Dev-Portal %} **Settings**, then **Audit Logs Setup**. |
There was a problem hiding this comment.
The first time I read this, I did not realize we are looking at Settings under Dev Portal menu. Would it be helpful to clarify that?
| {% navtabs %} | ||
| {% navtab Konnect UI %} | ||
|
|
||
| 1. From the navigation menu, open {% konnect_icon Dev-Portal %} **Settings**, then **Audit Logs Setup**. |
There was a problem hiding this comment.
The first time I read this, I did not realize we are looking at Settings under Dev Portal menu. Would it be helpful to clarify that?
app/konnect/reference/audit-logs.md
Outdated
| @@ -35,7 +90,7 @@ Timestamp | Time and date of the event in UTC. | |||
| `user_agent` | The user agent of the request: application, operating system, vendor, and version. | |||
| `sig` | An ED25519 signature. | |||
|
|
|||
| ## Authentication logs | |||
| ### Authentication logs | |||
|
|
|||
| Authentication attempts and their outcomes are logged whenever a user logs in to the Konnect application or uses the Konnect API. | |||
There was a problem hiding this comment.
Authentication attempts and their outcomes are logged whenever a user logs in to the Konnect application or a Dev Portal either through the UI or the API.
There was a problem hiding this comment.
Thanks! Fixed this in my revision.
| 1. Create a webhook by sending a PATCH request to the `/audit-log-webhook` endpoint with your configured audit log destination: | ||
|
|
||
| ```sh | ||
| curl -i -X PATCH https://{region}.api.konghq.com/v2/portals/{portalId}/audit-log-webhook \ |
There was a problem hiding this comment.
The {portalId} placeholder is not documented bellow. For other requests it appears to be documented (example). I feel we should be consistent, even if repetitive
There was a problem hiding this comment.
Thanks! I added it now
app/konnect/reference/audit-logs.md
Outdated
| {% navtabs codeblock %} | ||
| {% navtab CEF %} | ||
| ``` | ||
| Apr 14 05:39:08 konghq.com CEF:0|KongInc|Konnect|1.0|konnect|Authz.usage|1|rt=1681450748406 src=127.0.0.6 action=retrieve granted=true org_id=b065b594-6afc-4658-9101-5d9cf3f36b7b principal_id=87655c36-8d63-48fe-9a1e-53b28dfbc19b trace_id=3895213347334635099 user_agent=grpc-node/1.24.11 grpc-c/8.0.0 (linux; chttp2; ganges) |
There was a problem hiding this comment.
The format differs slightly for DevPortal audit logs. This example represents what one might expect from a Konnect Org audit log, but I feel we should have example of DevPortal logs too and document the extra portal_id field.
I tried to capture the difference in a previous commit: b6d3aa9#diff-6c4dc5b26f5a4395618ddcf396cfbad8ceb081df139f65907ad604e85b52b519R104-R134
There was a problem hiding this comment.
Good call! I added them back in the revision with a tab for the Konnect logs and a tab for the Dev Portal logs
Signed-off-by: Diana <[email protected]>
|
@smritikjaggi @alexgervais Thanks for the feedback! I responded to any questions/comments you had and implemented your feedback. I still haven't revised the Dev Portal audit log UI instructions since I'm waiting for internal release for those. Feel free to look things over again or I'll reach out after I've revised the UI instructions after internal release so you can review everything. I'll be sending this out for a writer review for either the end of this week or early next week. |
Signed-off-by: Diana <[email protected]>
| You can view the status of your webhook through the **Audit Logs Setup** page under | ||
| {% konnect_icon organizations %} **Organization**. A badge will display next to the title of the webhook with the status of the webhook. | ||
|
|
||
| To see the last attempt timestamp and the last response code, use the audit log API. |
There was a problem hiding this comment.
For Team Docs writers: UI instructions need an update here
| 1. In {% konnect_icon dev-portal %} [**Dev Portal**](https://cloud.konghq.com/portal), click **Settings**, and then click **Audit Logs Setup**. | ||
| 1. Switch to the **Replay** tab. | ||
| 1. Choose a timeframe for which you want to replay the logs. | ||
|
|
||
| You can choose one of the preset relative increments for up to 24 hours, or | ||
| set a custom timeframe for up to 7 days. | ||
|
|
||
| 1. Apply the timeframe, then click **Send Replay**. |
There was a problem hiding this comment.
For Team Docs writers: UI instructions need an update here
| 1. In {% konnect_icon dev-portal %} [**Dev Portal**](https://cloud.konghq.com/portal), click **Settings**, then **Audit Logs Setup**. | ||
| 1. Switch to the **Replay** tab. | ||
| 1. Check the status table below the configuration field. | ||
|
|
||
|  | ||
|
|
There was a problem hiding this comment.
For Team Docs writers: UI instructions need an update here
|
Items left for a writer to do:
|
Description
Resolving conflicts from #7803
Adds documentation for dev portal audit logging
DOCU-4044
Testing instructions
Preview link:
Checklist