Auditing your Redox platform

Last updated: Aug 21, 2024
PRODUCT OWNER
HCO
HEALTH TECH VENDOR

If you're a risk-conscious organization that has third-party requirements for security, observability, and transparency, our platform auditing is for you.

With Redox auditing, you can troubleshoot or monitor any potential risks within your Redox organization. You can do this all programmatically with the Redox Platform API. Auditing helps you implement automated, proactive risk mitigation within your Redox organization.

Who can use auditing

Auditing is an advanced feature for any Redox product. Once you've upgraded your plan to include this advanced feature, auditing is available to Redox organization owners.

What events can you audit

With our Platform API endpoints, you can audit these kinds of events in your Redox organization:

  • user activity, like:
    • who performs log functions like viewing or searching logs, as well as running log inspector;
    • when a user creates, updates, or deletes an API key (either OAuth or legacy);
    • when a user creates, updates, or deletes a source or destination in your organization; or
    • when a user views, creates, updates, or deletes a data operation (i.e., translations, filters, alert rules, Redox base configs, config modifiers).
  • user access, like:
    • when a user opens or accesses a Redox organization;
    • when a user sends an invitation for a new user to join the organization;
    • when a new user accepts an invitation to join the organization; and
    • when a user modifies another user's permissions, whether granting or revoking access.

User activity events

In more technical speak, review the available user activity audit events.

Audit event
Description
log-payload-viewed
Describes who viewed which logs and when. Learn about logs.
log-search
Describes who searched for which logs, including metadata and payloads. Learn how to search logs.
log-inspected
Describes any time a user runs log inspector to test or troubleshoot a log. Learn about log inspector.
oauth2-api-key-operation
Indicates when a user creates, updates, or deletes an OAuth API key. Learn about authenticating Redox APIs.
legacy-api-key-operation
Indicates when a user creates, updates, or deletes a legacy API key. Learn about authenticating Redox APIs.
endpoint-operation
Indicates when a user creates, updates, or deletes a destination configured to receive data within a Redox organization.
customer-filter-operation
Indicates when a user creates, updates, or deletes a filter for a subscription in a Redox organization. Learn about filters.
translation-set-operation
Indicates when a user creates, updates, or deletes a translation set within a Redox organization. Learn about translation sets.
translation-set-link-operation
Indicates when a user creates, updates, or deletes a translation set link within a Redox organization. Learn about translation sets.
value-set-operation
Indicates when a user creates, updates, or deletes a value set within a Redox organization. Learn about value sets.
configurations-operation
Describes who viewed a Redox base config (within log inspector) and when. Learn about Redox base configs.
configuration-modifier-viewed
Describes who viewed which config modifier(s) and when. Learn about config modifiers.
configuration-modifier-operation
Indicates when a user creates, updates, or deletes a config modifier within a Redox organization. Learn about config modifiers.
configuration-modifier-link-viewed
Describes who viewed which config modifier link(s) and when. Learn about config modifiers.
configuration-modifier-link-operation
Indicates when a user creates, updates, or deletes a config modifier link within a Redox organization. Learn about config modifiers.
customer-alert-viewed
Describes who viewed which traffic alert rule and when. Learn about alert rules.
customer-alert-operation
Indicates when a user creates, updates, or deletes a traffic alert rule within a Redox organization. Learn about alert rules.
customer-alert-link-viewed
Describes who viewed which traffic alert rule link(s) and when. Learn about alert rules.
customer-alert-link-operation
Indicates when a user creates, updates, or deletes a traffic alert rule link within a Redox organization. Learn about alert rules.

User access events

In more technical speak, review the available user activity audit events. Also, learn about role assignments to understand user roles and related access.

Audit event
Description
organization-loaded
Describes any time a user opens (i.e., loads) a Redox organization. This could be when a user automatically logs in to an organization or when a user switches to a different organization.
In a nutshell, this is when an organization's details are loaded for any reason, whether in the Redox dashboard or via API.
user-invited
Shows when a user is invited to join a Redox organization.
user-joined
Shows when a new user accepts an invitation to join a Redox organization.
user-org-role-changed
Shows when an organization owner updates their own or other users' role assignments to perform functions within a Redox organization.
Depending on the role assignment, a user's permissions could be elevated or lowered after this event.
user-removed
Shows when an organization owner removes a user's role assignment within a given organization.
Without an organization role, a user has zero access to the given organization, meaning they won't even be able to see that it exists.
user-env-role-changed
Shows when an organization owner or admin updates their own or other users' role assignments to perform functions within a given environment.
Depending on the role assignment, a user's permissions could be elevated or lowered after this event.
user-env-role-removed
Shows when an organization owner or admin removes a user's role assignment within a given environment.
Without an environment role, a user has zero access to the given environment, meaning they won't even be able to see it exists.

Audit event statuses

When you view these audit events, they'll have an associated status, which could be any of the following:

Audit event status
Description
attempted
A user tried to perform a given action in a Redox organization, but we're not sure how it turned out yet. This is an interim state, and it could change to any of the other statuses to indicate the terminal state.
unauthorized
A user was logged in to a Redox organization but didn't have the correct role assignment to complete the action.
unauthenticated
A user wasn't logged in to a Redox organization when trying to complete the action.
failed
A user tried to complete an action but wasn't successful for some reason.
successful
A user tried to complete an action and was successful.