auditlog

package
v0.6.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 10, 2025 License: MIT Imports: 7 Imported by: 0

README

Saviynt Audit Log

Audit Log Retrieval

A popular use case for the Saviynt API is to retrieve audit log information.

The following is an example of a Runtime Analytics SQL query that can be used to retrieve Audit Log details.

SELECT
	ua.LOGINKEY,
	l.LOGINTIME,
	l.LOGOUTDATE,
	l.COMMENTS AS LOGIN_COMMENTS,
	ua.TYPEOFACCESS AS OBJECTTYPE,
	ua.OBJECTKEY AS OBJECTNAME,
	ua.ActionType AS ACTION,
	u.username AS ACCESSBY,
	ua.IPADDRESS,
	ua.OBJECT_ATTRIBUTE_NAME AS ATTRIBUTE,
	ua.OLD_VALUE AS OLDVALUE,
	ua.NEW_VALUE AS NEWVALUE,
	ua.EVENT_ID AS EVENTID,
	ua.DETAIL,
	ua.ACCESS_URL,
	ua.ACCESSTIME AS EVENT_TIME,
	ua.QUERY_PARAM
FROM
	users u,
	userlogin_access ua,
	userlogins l
WHERE
	l.loginkey = ua.LOGINKEY AND
	l.USERKEY = u.userkey AND
	ua.AccessTime >= (NOW() - INTERVAL ${timeFrame} Minute) AND
	ua.Detail is not NULL

Documentation

Index

Constants

View Source 
const AttrTimeFrame = "timeFrame" // from docs

Variables

This section is empty.

Functions

func AnalyticsSQLAuditLogArchival 

func AnalyticsSQLAuditLogArchival() string

AnalyticsSQLAuditLogArchival provides a SQL query which returns the output of the EIC Archival job.

func AnalyticsSQLAuditLogSIEM 

func AnalyticsSQLAuditLogSIEM() string

AnalyticsSQLSIEM represents the SIEM Integration query listed here: https://docs.saviyntcloud.com/bundle/EIC-Admin-v23x/page/Content/Chapter20-EIC-Integrations/Saviynt-SIEM-Integration.htm#Step

func AnalyticsSQLAuditLogUI 

func AnalyticsSQLAuditLogUI() string

AuditLogSQLQueryUI represents a SQL query that very closely matches the CSV / XLSX download from the Audit Log UI. The primary difference is that the `MESSAGE` column value is wrapped in the API response.

func AuditLogJobExportColumns 

func AuditLogJobExportColumns() []string

func AuditLogUIExportColumns 

func AuditLogUIExportColumns() []string

ExportColumns provides the column names in a standard audit log CSV or Excel export.

Types

type AnalyticsAuditResponse 

type AnalyticsAuditResponse struct {
	DisplayCount int         `json:"displaycount"`
	Msg          string      `json:"msg"`
	TotalCount   int         `json:"totalcount"`
	Results      AuditEvents `json:"results"`
}

func ParseAnalyticsAuditLogArchivalAPIResponse 

func ParseAnalyticsAuditLogArchivalAPIResponse(r io.Reader) (*AnalyticsAuditResponse, error)

ParseAnalyticsAuditLogArchivalAPIResponse parses an API response, e.g. `*http.Response.Body` that is associated with the SQL query defined by `AnalyticsSQLAuditLogArchival()`.`

type AuditEvent 

type AuditEvent struct {
	AccessBy            string     `json:"accessBy,omitempty"`
	AccessURL           string     `json:"accessURL,omitempty"`
	Action              string     `json:"action,omitempty"`
	Data                string     `json:"data,omitempty"`
	Detail              string     `json:"detail,omitempty"`
	EventID             string     `json:"eventID,omitempty"`
	EventTime           time.Time  `json:"eventTime,omitempty"`
	IPAddress           string     `json:"ipAddress,omitempty"`
	LoginComments       string     `json:"loginComments,omitempty"`
	LoginKey            string     `json:"loginKey,omitempty"`
	LoginTime           *time.Time `json:"loginTime,omitempty"`
	LogoutTime          *time.Time `json:"logoutTime,omitempty"`
	Message             string     `json:"message,omitempty"`
	NewValue            string     `json:"newValue,omitempty"`
	ObjectAttributeName string     `json:"objectAttributeName,omitempty"`
	ObjectKey           string     `json:"objectKey,omitempty"`
	ObjectName          string     `json:"objectName,omitempty"`
	ObjectType          string     `json:"objectType,omitempty"`
	OldValue            string     `json:"oldValue,omitempty"`
	QueryParam          string     `json:"queryParam,omitempty"`
}

func AuditEventParseMap 

func AuditEventParseMap(m map[string]string) (*AuditEvent, error)

type AuditEventSQL 

type AuditEventSQL struct {
	AccessBy            string `json:"ACCESS_BY,omitempty"`
	AccessURL           string `json:"ACCESS_URL,omitempty"`
	Action              string `json:"ACTION,omitempty"`
	Detail              string `json:"DETAIL,omitempty"`
	EventID             string `json:"EVENT_ID,omitempty"`
	EventTime           string `json:"EVENT_TIME,omitempty"`
	IPAddress           string `json:"IP_ADDRESS,omitempty"`
	LoginComments       string `json:"LOGIN_COMMENTS,omitempty"`
	LoginKey            string `json:"LOGIN_KEY,omitempty"`
	LoginTime           string `json:"LOGIN_TIME,omitempty"`
	LogoutTime          string `json:"LOGOUT_TIME,omitempty"`
	NewValue            string `json:"NEW_VALUE,omitempty"`
	ObjectAttributeName string `json:"OBJECT_ATTRIBUTE_NAME,omitempty"`
	ObjectKey           string `json:"OBJECT_KEY,omitempty"`
	ObjectType          string `json:"OBJECT_TYPE,omitempty"`
	OldValue            string `json:"OLD_VALUE,omitempty"`
	QueryParam          string `json:"QUERY_PARAM,omitempty"`
}

func (AuditEventSQL) Event 

func (s AuditEventSQL) Event() (*AuditEvent, error)

type AuditEvents 

type AuditEvents []AuditEvent

func AuditEventsParseMaps 

func AuditEventsParseMaps(m []map[string]string) (AuditEvents, error)

func (AuditEvents) EventTimes 

func (e AuditEvents) EventTimes() timeutil.Times

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.