Base Elements
Audit logs are broken up into a few different elements that capture what happened.
Audit logs contain a record of what happened and have a variety of data depending on the action taken. For example Login events contain the login method. Any ancillary information about the event will be located in the “detail” attribute.
- timestamp - When the event happened or was completed
- message - The humanized event message
- event_type - a string representing what type of event happened
- detail - details about the event, if applicable
- actor - defined below
- subject - defined below
- request - defined below
Actor
Actor is the entity that performed the action. For example if Jane invited Alex to their team, Jane would be the actor. Actor information can vary depending on what type of entity performed the action, however all actors will have:
- id - The Truework ID of the entity
- type - What type of entity (e.g. User, or System)
- display - A humanized representation of the entity, such as Email
Subject
Subject is the entity that the action was performed against. In the above example of Jane inviting Alex to their team, Alex is the subject for that event. Subject information also varies depending on what type of entity is being represented, however all subjects will have:
- id - The Truework ID of the entity
- type - What type of entity (e.g. User, API Key, MFA Device)
- display - A humanized representation of the entity, such as Email, Redacted API Key, etc.
Request
Request contains metadata on the request that resulted in the audit action being taken. It has the following elements:
- path - The HTTP path the request was made to
- method - The HTTP method used
- ip_address - The IP address the request was made from
- trace_id - A Truework ID for the HTTP request
- user_agent - The User Agent string of the HTTP request
- device_id - A Truework identifier for the browser used for the HTTP request
Audit Log Events
As Truework rolls out the Audit Log framework, we will be adding event types available for you view. This table is what is currently available for customers.
|
|
Event Name |
Started Logging |
Actor Type |
Subject Type |
|---|---|---|---|---|
| Auth events |
auth.user.logged_in |
March 1st, 2025 |
User |
User |
|
auth.user.logged_out |
March 1st, 2025 |
User |
User |
|
| User Events
|
user.password.changed |
March 4th, 2025 |
User |
User |
|
|
user.password.reset_initiated |
March 1st, 2025 |
User | Truework Staff |
User |
|
|
user.password.reset_completed |
March 1st, 2025 |
User |
User |
|
|
user.mfa.device_added |
March 1st, 2025 |
User |
MFA Device |
|
|
user.mfa.device_removed |
March 1st, 2025 |
User | Truework Staff |
MFA Device |
|
|
user.api_key.added |
March 1st, 2025 |
User |
API Key |
|
|
user.api_key.removed |
March 1st, 2025 |
User |
API Key |
|
|
user.app_specific_password.added |
March 1st, 2025 |
User |
App Specific Password |
| Team Events
|
team.membership.removed |
March 1st, 2025 |
User | Truework Staff |
User |
|
|
team.membership.invited |
March 1st, 2025 |
User | Truework Staff |
Team Invite |
|
Billing Events |
billing.method.added |
March 1st, 2025 |
User |
Billing Method |
Audit Log Types
The Actor and Subject types will vary from event type to event type, below is a short description on the available audit log types we use in our events.
User
The User audit log type represents a customer’s User model. It includes information such as their Email address, and what team they’re on, if any.
Truework Staff
Truework Staff audit log type represents a staff user at Truework has performed an action related to your account.
MFA Device
The MFA device audit log type represents the MFA device related to a user. It has information including a redacted identifier for you to identify which device was involved.
API Key
The API Key audit log type represents an API key for a given user. It has includes a redacted version of the key.
App Specific Password
The App Specific Password audit log type represents the password for a given user. It includes information about which app the password is for, as well as a redacted identifier.
Team Invite
The Team Invite audit log type represents a user being invited to a team. It is distinct from a User object since the invited user might not exist yet when they are invited. It includes information such as the Email used for the invitation.
Billing Method
The Billing Method audit log type represents what method is used to bill the customer for verifications. For credit cards this includes information on which card was used.