Available on the Enterprise plan.
Configuration
To enable Audit Log, navigate to the Team & Security page, open the Audit Log tab, and turn the Enable Audit Log switch on.Viewing events
Table view
Audit Log displays events in a table with the following information for each event:- Event timestamp in your local time zone.
- User email, if applicable to a particular event.
- Event name (see event types for the full list).
- Deployment name, if applicable to a particular event.
Extended view
You can click on any event to view extended information:- IP address from which an event was initiated.
- Event-specific attributes.
Sanitization
Audit Log uses heuristics to detect sensitive values (e.g., passwords and tokens) and sanitize them, i.e., replace them with[HIDDEN] in event-specific
attributes. You can see that a password was sanitized on the screenshot above.
If you’d like your custom environment variable to be sanitized, include one of
the following substrings in its name: PASS, SECRET, TOKEN, KEY.
Filters
You can also customize the table view with filters on the top and in the right sidebar:- Text input for full-text search.
- Date range filter.
- Filters to narrow the view down to a specific user, event, or deployment.
Downloading events
You can use the ↓ CSV button to download a CSV file with all events in the current view:Exporting events via API
You can also export audit log events as a CSV file programmatically using the/api/v1/audit-logs/export endpoint of the
Control Plane API. This is useful for integrating
with external log aggregation or SIEM tools.
Event types
Audit Log collects the following types of events:| Category | Event type |
|---|---|
| Users | Created userDeleted userInvited userUpdated user profileRequested password resetChanged password |
| SCIM provisioning | Created user via SCIMUpdated user via SCIMDeleted user via SCIMCreated group via SCIMUpdated group via SCIMDeleted group via SCIM |
| Custom roles | Created roleDeleted roleUpdated roleAssigned role to userAssigned roles to userRemoved role from user |
| Authentication | Logged inLogged outRedirected to SAML provider for loginLogged in via SAML |
| Account and single sign-on | Updated account settingsUpdated account authentication configurationUpdated account SAML configurationUploaded identity provider metadata file |
| Deployments | Created deploymentDeleted deploymentUpdated deployment configurationEnabled SQL API for deploymentGenerated data model |
| Branches and dev mode | Created Git branchDeleted Git branchEntered dev modeExited dev modePulled changes to data modelCommitted and merged changes to data modelMerged changes to data modelReverted changes to data model in branch |
| Continuous deployment | Requested connection of GitHub accountConnected deployment to GitHub repositoryGenerated SSH key for deploymentConnected deployment to Git upstreamGenerated Git credentials for Cube Cloud repositoryGenerated webhook token for Git repositoryReceived a Git hookStarted uploading filesFinished uploading filesTriggered new build |
| Budgets | Created budgetDeleted budgetUpdated budget |