docs-mintlify/admin/monitoring/audit-log.mdx
Audit Log collects, stores, and displays security-related events within a Cube Cloud account, across all deployments. You can use it to maintain and review a historical record of activity for compliance purposes.
<Note>Available on the Enterprise plan.
</Note>Read below about collected events. Also, see how you can enable Audit Log, view events, and download them.
To enable Audit Log, navigate to the Team & Security page, open the Audit Log tab, and turn the Enable Audit Log switch on.
Audit Log displays events in a table with the following information for each event:
You can click on any event to view extended information:
Audit Log uses heuristics to detect sensitive values (e.g., passwords and tokens)
and sanitize them, i.e., replace them with [HIDDEN] in event-specific
attributes. You can see that a password was sanitized on the screenshot above.
If you'd like your custom environment variable to be sanitized, include one of
the following substrings in its name: PASS, SECRET, TOKEN, KEY.
You can also customize the table view with filters on the top and in the right sidebar:
You can use the ↓ CSV button to download a CSV file with all events in the current view:
You can also export audit log events as a CSV file programmatically using the
/api/v1/audit-logs/export endpoint of the
Control Plane API. This is useful for integrating
with external log aggregation or SIEM tools.
Audit Log collects the following types of events:
| Category | Event type |
|---|---|
| Users | Created user |
Deleted user | |
Invited user | |
Updated user profile | |
Requested password reset | |
Changed password | |
| SCIM provisioning | Created user via SCIM |
Updated user via SCIM | |
Deleted user via SCIM | |
Created group via SCIM | |
Updated group via SCIM | |
Deleted group via SCIM | |
| Custom roles | Created role |
Deleted role | |
Updated role | |
Assigned role to user | |
Assigned roles to user | |
Removed role from user | |
| Authentication | Logged in |
Logged out | |
Redirected to SAML provider for login | |
Logged in via SAML | |
| Account and single sign-on | Updated account settings |
Updated account authentication configuration | |
Updated account SAML configuration | |
Uploaded identity provider metadata file | |
| Deployments | Created deployment |
Deleted deployment | |
Updated deployment configuration | |
Enabled SQL API for deployment | |
Generated data model | |
| Branches and dev mode | Created Git branch |
Deleted Git branch | |
Entered dev mode | |
Exited dev mode | |
Pulled changes to data model | |
Committed and merged changes to data model | |
Merged changes to data model | |
Reverted changes to data model in branch | |
| Continuous deployment | Requested connection of GitHub account |
Connected deployment to GitHub repository | |
Generated SSH key for deployment | |
Connected deployment to Git upstream | |
Generated Git credentials for Cube Cloud repository | |
Generated webhook token for Git repository | |
Received a Git hook | |
Started uploading files | |
Finished uploading files | |
Triggered new build | |
| Budgets | Created budget |
Deleted budget | |
Updated budget |