Audit Log

Audit Log collects, stores, and displays security-related events within a Cube Cloud account, across all deployments. You can use it to maintain and review a historical record of activity for compliance purposes.

Audit Log is available in Cube Cloud on the Enterprise Premier (opens in a new tab) product tier. You can also choose an Audit Log tier.

Read below about collected events. Also, see how you can enable Audit Log, view events, and download them.

Configuration

To enable Audit Log, navigate to the Team & Security page, open the Audit Log tab, and turn the Enable Audit Log switch on.

If you choose to disable Audit Log, your account will be billed for using it until the end of the month.

Viewing events

Table view

Audit Log displays events in a table with the following information for each event:

Event timestamp in your local time zone.
User email, if applicable to a particular event.
Event name (see event types for the full list).
Deployment name, if applicable to a particular event.

Extended view

You can click on any event to view extended information:

IP address from which an event was initiated.
Event-specific attributes.

Sanitization

Audit Log uses heuristics to detect sensitive values (e.g., passwords and tokens) and sanitize them, i.e., replace them with [HIDDEN] in event-specific attributes. You can see that a password was sanitized on the screenshot above.

If you'd like your custom environment variable to be sanitized, include one of the following substrings in its name: PASS, SECRET, TOKEN, KEY.

Filters

You can also customize the table view with filters on the top and in the right sidebar:

Text input for full-text search.
Date range filter.
Filters to narrow the view down to a specific user, event, or deployment.

Downloading events

You can use the ↓ CSV button to download a CSV file with all events in the current view:

Event types

Audit Log collects the following types of events:

Category	Event type
Users	`Created user` `Deleted user` `Invited user` `Updated user profile` `Requested password reset` `Changed password`
Access control	`Created role` `Deleted role` `Updated role` `Assigned role to user` `Assigned roles to user` `Removed role from user`
Authentication	`Logged in` `Logged out` `Redirected to SAML provider for login` `Logged in via SAML`
Account and single sign-on	`Updated account settings` `Updated account authentication configuration` `Updated account SAML configuration` `Uploaded identity provider metadata file`
Deployments	`Created deployment` `Deleted deployment` `Updated deployment configuration` `Enabled SQL API for deployment` `Generated data model`
Branches and dev mode	`Created Git branch` `Deleted Git branch` `Entered dev mode` `Exited dev mode` `Pulled changes to data model` `Committed and merged changes to data model` `Merged changes to data model` `Reverted changes to data model in branch`
Continuous deployment	`Requested connection of GitHub account` `Connected deployment to GitHub repository` `Generated SSH key for deployment` `Connected deployment to Git upstream` `Generated Git credentials for Cube Cloud repository` `Generated webhook token for Git repository` `Received a Git hook` `Started uploading files` `Finished uploading files` `Triggered new build`
Budgets	`Created budget` `Deleted budget` `Updated budget`

Okta Encryption keys