The Threat Stack Audit Log captures and displays events from both the Threat Stack Cloud Security PlatformⓇ and the Threat Stack API.
The Threat Stack Audit Log feature captures the following information from events entering the Threat Stack CSP and the Threat Stack API:
|id||The unique event identification (ID) number. This number is a mix of letters and numbers.|
|user_email||The email address of the Threat Stack user account tied to the event.|
|user_id||The unique ID number for the Threat Stack user account tied to the event. Threat Stack generates this ID number at account creation.|
|organization_id||The unique ID number for the Threat Stack organization with which the Threat Stack user account is associated. Threat Stack generates this ID number at org creation.|
|crud||Acronym for “create,” “read,” “update,” and “delete.” The action the event took in your system.|
|result||Whether the action succeeded (pass) or did not succeed (fail).|
The specific action recorded by the event. The following is the list of actions available for capture by the Threat Stack Audit Log:
|source||The source of the event: Web (Threat Stack CSP) or API.|
The query parameter that triggered the event.
|event_time||The date and time, in UTC, at which the event occurred.|
The json, stored as jsonb, parameters associated with the event. The following is the list of parameters available for capture by the Threat Stack Audit Log:
* These are the only available actions when the event is sourced through the Threat Stack API.
** This field is only applicable to events sourced from the Threat Stack API.
Threat Stack CSP
To view Threat Stack Audit Logs through the Threat Stack CSP:
- Log into Threat Stack.
- In the left navigation bar, click Audit Log. The Audit Log page displays.
Threat Stack API
To view Threat Stack Audit Logs through the Threat Stack API, use the information in the API documentation.