Audit events for IBM Software Hub platform

The following list describes events in the IBM Software Hub platform that are audited.

The events that the platform audits depend on the services that are installed on top of the platform. For example, events related to connections are generated only if the common core services are installed.

Login, logout, session, authentication

• authenticate - Success or failure when a user logs in. (Environments that use the Identity Management Service.)
• security.users.authenticate - Success or failure when a user logs in. (Environments that do not use the Identity Management Service.)
• security.users.logout - Record when users log out.
• security.users.revoke - Record when a token is revoked.
• security.accounts.authenticate - Success or failure of token authentication.
• security.authorization - Failure when invoking any privileged action.

User management

• users.user.create - Authorize a user for access to the platform.
• users.user.delete - Remove access to the platform for user.
• users.user.update - Make changes in a user's profile, including name, email address.
• users.role.add - Grant a specific privilege to a user on the platform.
• users.role.remove - Revoke a platform privilege from a user.
• usermgmt.groups.create - A user group is created.
• usermgmt.group.members.update - A user or group is added to a user group.
• usermgmt.group.members.delete - A user or group is removed from a user group.
• usermgmt.roles.update - A permission is added to or removed from a role.

Services

• services.service.create - A service is installed and enabled.
• services.service.delete - A service is uninstalled.
• services.service.update - A service is updated.
• services.service.read - A service is retrieved.
• services.services.read - Services are retrieved.

Service instances

• service_instances.instance.create - A service instance is provisioned.
• service_instances.instance.delete - A service instance is de-provisioned.
• service_instances.instance.update - A service instance is changed.
• service_instances.read - The list of service instances is retrieved.
• service_instances.instance.read - A query for the details of a service instance by ID.
• service_instances.user.add - Grant user access, with a particular role, to a service instance.
• service_instances.user.delete - Revoke user access from a service instance.
• service_instances.user.get - A query to list users with access to a service instance.
• service_instances.user.update - Change a user’s access role for a service instance.
• service_instances.instance.meta.update - A service instance mate is changed.
• service_instances.instance.reserved.parameters.read - A service instance reserved parameters are retrieved.
• service_instances.instance.id.read - A service instance is retrieved.
• service_instances.instances.read - All service instances are retrieved.
• service_instances.instance.user.create - Added user to a service instance.
• service_instances.instance.users.create - Added multiple users to a service instance.
• service_instances.instance.user.read - User of a service instance is retrieved.
• service_instances.instance.users.read - Users of a service instance are retrieved.
• service_instances.instance.groups.read - Groups of a service instance are retrieved.
• service_instances.instance.group.members.read - Group members of a service instance are retrieved.
• service_instances.instance.status.update - Status of a service instance is updated.
• service_instances.instance.statuses.read - Statuses of a service instance are retrieved.

Monitoring and resource management

• monitoring.quota_policy.update - A quota is updated. (Updates can include new resource limits or configuration changes.)
• monitoring.quota_policy.read - A quota is retrieved.
• monitoring.service_manual_scale.enable - Manual scaling is enabled for a service. (The service scales to the replica count associated with the specified scaling configuration.)
• monitoring.service_manual_scale.disable - Manual scaling is disabled for a service. (The service reverts to the default scaling configuration).
• monitoring.service_hpa.enable - Automatic scaling through the Horizontal Pod Autoscaler (HPA) is enabled for a service.
• monitoring.service_hpa.disable - Automatic scaling through the Horizontal Pod Autoscaler (HPA) is disabled for a service.
• monitoring.service.shutdown - A service is shut down (stopped).
• monitoring.service.restart - A service is restarted after it was shut down.

Connections

• connections.create - Add connection.
• connections.update – Update connection.
• connections.delete – Delete connection.
• connections.read – A query issued to retrieve all connections.
• connections.connection.read – A query issued to retrieve one connection’s details by ID.

Deployments

• deployments.delete - Delete service deployment.
• deployments.read – Retrieve service deployment by ID.
• deployments.deployment.create - Create service deployment.
• deployments.deployment.update - Updated service deployment.
• deployments.deployments.read - Retrieved service deployment.

Service tokens

• security.service_token.read - An internal service token is returned.
• security.service_token.V2.read - An internal service token is returned.

Vaults and secrets

• security.secret.create - A secret is created.
• security.secret.update - A secret is updated.
• security.secret.delete - A secret is deleted.
• security.secret.read - A secret is retrieved.
• security.bulk.secrets.read - A bulk of secrets is retrieved.
• security.secrets.read - A list of secrets is retrieved.
• security.vault.types.read - Supported vault types are retrieved.
• security.secret.members.read - Members of a secret are retrieved.
• security.secret.members.create - Members of a secret are created.
• security.secret.members.delete - Members of a secret are deleted.
• security.secret.members.update - Members of a secret are updated.
• security.vault.create - A new vault is created.
• security.vault.update - A vault is updated.
• security.vault.delete - A vault is deleted.
• security.ownership.vault.transfer.initiate - A vault ownership transfer is initiated.
• security.ownership.vault.update - A vault ownership transfer is updated.
• security.vaults.read - A vault is retrieved.
• security.vaults.configs.read - Configs of vaults are retrieved.
• security.vault.details.read - Details of a vault are retrieved.
• security.vault.secrets.read - Secrets of a vault are retrieved.

Platform caches

• platform.services.caches.entry.delete - A cache entry is deleted.
• platform.services.caches.replicas.all.delete - All cache entries are deleted.
• platform.services.caches.get.list - A list of caches is retrieved.

RSI

• rsi.evictor.get - RSI evictor is triggered.

Physical locations

• physical_locations.read - A list of physical locations is retrieved.
• physical_location.patch.by.name - A physical location is updated.
• physical_location.get.info.config - A physical location info config is retrieved.
• physical_location.get.by.name - A physical location is retrieved.
• physical_location.delete.by.name - A physical location is deleted.
• physical_location.delete.proxy.configs - Proxy configurations of a physical location are deleted.
• physical_location.put - Entity attributes of a physical location are updated.
• physical_location.put.proxy.configs - Proxy configurations of a physical location are created.
• physical_location.get.app.status - Status of submitted application is retrieved.

Remote physical locations

• remote.phy.loc.get.info.config - Info configmap of physical location is retrieved.
• remote.phy.loc.patch.info.config - Info configmap of physical location is updated.
• remote.phy.loc.get.status - Status of physical location is retrieved.
• remote.phy.loc.get.app.status - Status of submitted application is retrieved.
• remote.phy.loc.get.apps.status - A list of submitted applications status is retrieved.
• remote.phy.loc.put.apps - A kube application on the remote physical location is submitted or deleted.

Data planes

• dataplanes.read - A list of data planes is retrieved.
• dataplane.delete.by.name - A data plane is deleted.
• dataplane.get.by.id - A data plane is retrieved.
• dataplane.patch.physical.location - A data plane is assigned to a physical location.
• dataplane.post.apps - Submit application on a remote data plane.
• dataplane.post - A data plane is posted.
• dataplane.put.by.name - A data plane is upserted.
• dataplane.app.proxy.configs.put - Create and process physical location proxy configurations for apps.
• dataplane.get.apps - A list of applications on the remote data plane is retrieved.
• dataplane.get.app.by.name - An application on the remote data plane is retrieved.
• dataplane.delete.app.by.name - An application on the remote data plane is deleted.

Volumes

volumes.file.download - Files are downloaded from a storage volume.

Certificates

• kube.certificates.get - The list of internal certificates is retrieved.
• kube.certificates.overview.get - An overview of the internal certificate data is retrieved.
• kube.certificate.details.get - The detailed information for a certificate is retrieved.
• kube.certificate.secrets.get - A list of certificates represented in certificate secrets is retrieved.
• kube.certificate.secrets.delete - A list of certificate secrets is deleted.
• kube.certificates.put - A list of certificates is rotated.

Git integration

• platform.gitops.configs.post - A Git configuration is posted.
• platform.gitops.configs.patch - A Git configuration is updated.
• platform.gitops.configs.delete - A Git configuration is deleted.
• platform.gitops.commits - A commit is pushed to the Git repository.
• platform.gitops.pulls - A change is pulled from the Git repository.
• platform.gitops.import_mappings.put - An import mapping is updated.
• platform.gitops.import_mappings.get - A import mapping is retrieved.
• platform.gitops_token.delete - A Git token is deleted.
• platform.gitops_token.post - A Git token is posted.
• platform.gitops_token.patch - A Git token is updated.