Security Audit

In BRIX you can log and analyze events related to changing the user permissions and data using Security Audit.

You can conduct an internal security audit and meet specific government requirements to protect against unauthorized access to corporate information.

Security Audit is a module that records events in the system and a service for storing the information obtained from the module. Records of all registered events will be displayed in the report. To learn more, see Security Audit report.
Security Audit is aimed to be used in BRIX On-Premises. It is set up in two steps:

1. Install the Security Audit service.
2. Download the module from the BRIX Store and set it up.

Начало внимание 

To install the security audit in SaaS Enterprise, please refer to your BRIX sales rep. In SaaS Standard, the security audit cannot be installed.

Конец внимание 

Install the service

Before you start working with the module and event registration, install the Security Audit service as a base for storing the obtained data. The service is installed differently in the BRIX On-Premises editions:

• For On-Premises Enterprise setting up the service is done in several stages. For more details, read Install Security Audit service.
• For On-Premises Standard, in the config-elma365.txt configuration file, enable the parameter ELMA365_AUDIT. The service will become available at the provided URL address. If necessary, specify the connection string to PostgreSQL.

начало примечание

Note

Of the configuration file config-elma365.txt for installation in Kubernetes-in-Docker does not include parameters for setting up the Security Audit service, add the following to the end of the file:

• ELMA365_AUDIT=true;
• ELMA365_AUDIT_PSQL_URL=postgresql://user:password@hostname:port/databaseName. Specify the connection string to PostgreSQL. If using the built-in database, there is no need to add this parameter..

конец примечание

Download and set up the module

Once you have installed the service and the URL is available to you, you can proceed with installing the Security Audit module:

1. Go to Administration  > Modules and in the upper right corner, click +Module.
2. In the window that appears, choose the Download option. This opens the BRIX Store catalog.
3. Select the Security Audit module and click the Install Module button.
4. In the window that appears, click Next. Wait for the module to finish loading into the system.
5. Go to the installed module and fill in the the main settings:
   

• The Audit service address. Enter the URL address of the Security Audit service. The default value when installed inside the BRIX cluster is http://audit.audit.svc:3000.

• Users with access to the audit widget. Select the employees who will have access to the table with the audit result. The table is displayed in the Security Audit widget.

The widget is placed on a separate page that is visible to all users. At the same time, only administrators can view the widget data. The option will allow selected employees to work with the audit result without having other administrator rights.

6. Set the secrets settings to define a list of apps with sensitive information. Events on the items of such apps will be logged, but users will not see the values of their fields in the Security Audit widget.
7. Enable event archiving to move outdated data to temporary and long-term archives. This will optimize the search for events in the Security Audit widget.
8. Save the changes.

After installing the module, the Security Audit widget will be available in the interface designer. For more information on placing the widget and working with it, read the Security audit report article.

Configure secrets

By configuring secrets, you can mark apps that contain confidential information. All data from items in such apps will not be displayed in the registered events. Confidential information includes:

• Trade secrets.
• Personal data.
• Medical secrets.

For example, specify in the module settings that confidential information is stored in the Contractors app. As a result, on the page with security audit data, users will not be able to view the properties of items for which events are logged.

To configure secrets, follow these steps:

1. On the settings page of the Security Audit module, fill out the table:
   

• App*. Enter the app URL storing confidential information, in the namespace:code format. For example, if the full URL address of the app is http://mycompany.local/_clients/_companies, you should enter _clients:_companies in the field.
• Secret*. Click on the input field and from the drop-down list select what information is contained in the app: PD — personal data, TS — trade secrets, or MS — medical secrets. You can specify multiple types of secrets in one field.

2. Save the changes.

After saving the settings, all fields from the listed apps will not be displayed in the detailed information on logged events.

Configure archiving of events

You can enable archiving of old events in the Security Audit service. This will speed up the search when users want to find events in the table with registered records.

Events will be stored in the database as follows:

• Operational storage. Contains recent events. The period of their placement is defined in the module settings. By default, users search for these data in the Security Audit widget.
• Temporary archive. These are events moved from the operational storage. The data remain here for one year. To search for archived events in the Security Audit widget, users need to enable a special option.
• Long-term archive. These are outdated events from the temporary archive. Such data are not searchable.  

Events are not automatically deleted from the archive. Users with access to the database can clear the archive manually for new events.

начало внимание

Once event archiving is enabled in the Security Audit module settings, the option cannot be disabled.

конец внимание

Follow these steps:

1. On the settings page of the Security Audit module, activate the Enable archiving of events* option.
   
2. In the Period for storing recent events* field, specify the number of months after which the data are moved to the temporary archive. The maximum value is 12 months.
3. Save the changes.

Registered events

Below is the list of events registered by the security audit in different system components.

Please note that the complete list of features is available starting from version 2023.5.

Users

1. Successful and failed authentication.
2. User creation.
3. User deletion.
4. User update.
5. User status change.
6. User locked by administrator.
7. User locked after exceeded number of password attempts.

Apps

1. App item creation.
2. App item deletion.
3. App item update.
4. App item status change.
5. App data import.
6. App data export.

Files

1. File creation.
2. File deletion.
3. File update.
4. Access permissions for the file are changed.
5. A comment is added.

Directories

1. Directory creation.
2. Directory deletion.
3. Directory update (renamed or moved).
4. Access permissions for the directory are changed.

Modules

1. Module enabled.
2. Module disabled.
3. Module installed.
4. Module updated.
5. Secrets are set up in the Security Audit module.
6. Access to the Security Audit module.

Was this helpful?

Thanks for your feedback!

Please specify why:

Recommendations did not help meArticle is hard to understandDidn`t answer my questionContent does not match the topicOther

How we can improve it?

YesNo

Please specify whyRecommendations did not help meArticle is hard to understandDidn`t answer my questionContent does not match the topicOther