Security Audit

In BRIX you can log and analyze events related to changing the user permissions and data using Security Audit.

You can conduct an internal security audit and meet specific government requirements to protect against unauthorized access to corporate information.

Security Audit is a module that records events in the system and a service for storing the information obtained from the module. Records of all registered events will be displayed in the report. To learn more, see Security Audit report.
Security Audit is aimed to be used in BRIX On-Premises. It is set up in two steps:

1. Install the Security Audit service.
2. Download the module from the BRIX Store and set it up.

Начало внимание 

To install the security audit in SaaS Enterprise, please refer to your BRIX sales rep. In SaaS Standard, the security audit cannot be installed.

Конец внимание 

Install the service

Before you start working with the module and event registration, install the Security Audit service as a base for storing the obtained data. The service is installed differently in the BRIX On-Premises editions:

• For On-Premises Enterprise setting up the service is done in several stages. For more details, read Install Security Audit service.
• For On-Premises Standard, in the config-elma365.txt configuration file, enable the parameter ELMA365_AUDIT. The service will become available at the provided URL address. If necessary, specify the connection string to PostgreSQL.

Download and set up the module

Once you have installed the service and the URL is available to you, you can proceed with installing the Security Audit module:

1. Go to Administration  > Modules. 
2. In the upper right corner, click +Module.
3. In the window that appears, choose the Download option. This opens the BRIX Store catalog.
4. Select the Security Audit module and click the Install Module button.
5. In the window that appears, click Next.
6. Go to the installed module and fill in the following fields:

• The Audit service address. Enter the URL address of the Security Audit service. The default value when installed inside the BRIX cluster is http://audit.audit.svc:3000.

• Users with access to the audit widget. Select the employees who will have access to the table with the audit result. The table is displayed in the Security Audit widget.

The widget is placed on a separate page that is visible to all users. At the same time, only administrators can view the widget data. The option will allow selected employees to work with the audit result without having other administrator rights.

7. Save the changes.

After installing the module, the Security Audit widget will be available in the interface designer. For more information on placing the widget and working with it, read the Security audit report article.

Configure secrets

By configuring secrets, you can mark apps that contain confidential information. All data from items in such apps will not be displayed in the registered events. Confidential information includes:

• Trade secrets.
• Personal data.
• Medical secrets.

For example, if the Contractors app is not marked as an app storing confidential information, all fields from an item in this app will be displayed in the events about creating or modifying the item. If the module settings indicate that the Contractors app contains personal data, then all fields from the app item will be hidden in the detailed event information. Thus, the personal data of the contractor will be inaccessible for viewing.

To configure secrets, follow these steps:

1. Go to Administration > Modules > Security Audit.  
2. On the module settings page, fill out the table:

• App*. Enter the app URL storing confidential information, in the namespace:code format. For example, if the full URL address of the app is http://mycompany.local/_clients/_companies, you should enter _clients:_companies in the field.
• Secret*. Click on the input field and from the drop-down list select what information is contained in the app: personal data (PD), trade secrets (TS), or medical secrets (MS). You can specify multiple types of secrets in one field.

3. Save the changes.

After saving the settings, all fields from the listed apps will not be displayed in the detailed information on events.

Registered events

Below is the list of events registered by the security audit in different system components.

Please note that the complete list of features is available starting from version 2023.5.

Users

1. Successful and failed authentication.
2. User creation.
3. User deletion.
4. User update.
5. User status change.
6. User locked by administrator.
7. User locked after exceeded number of password attempts.

Apps

1. App item creation.
2. App item deletion.
3. App item update.
4. App item status change.
5. App data import.
6. App data export.

Files

1. File creation.
2. File deletion.
3. File update.
4. Access permissions for the file are changed.
5. A comment is added.

Directories

1. Directory creation.
2. Directory deletion.
3. Directory update (renamed or moved).
4. Access permissions for the directory are changed.

Modules

1. Module enabled.
2. Module disabled.
3. Module installed.
4. Module updated.
5. Secrets are set up in the Security Audit module.
6. Access to the Security Audit module.

Was this helpful?

Thanks for your feedback!

Please specify why:

Recommendations did not help meArticle is hard to understandDidn`t answer my questionContent does not match the topicOther

How we can improve it?

YesNo

Please specify whyRecommendations did not help meArticle is hard to understandDidn`t answer my questionContent does not match the topicOther