Audit Logs
The Logs page provides a comprehensive and immutable audit trail of all significant actions performed within the EndState CloudSec application. This is crucial for security, compliance, and troubleshooting.
Viewing Recent Activity
The main part of the page displays a table of the most recent log entries. Each entry captures key information about an event:
| Column | Description |
|---|---|
| Timestamp | When the action occurred |
| User | The email address of the user who performed the action |
| Action | A short, machine-readable code for the action type |
| Description | A detailed, human-readable description of the event |
Logs are organization-scoped -- users can only view logs belonging to their organization.
Searching and Exporting Logs
You can easily find specific events:
- Search -- Use the search bar to filter logs by user, action, or keywords in the description.
- Export CSV -- Click the Export CSV button to download the currently filtered list of logs as a CSV file for offline analysis or archiving.
Action Types Reference
The system automatically logs a wide variety of events:
Profile Management
| Action Code | Description |
|---|---|
PROFILE_CREATE | A new cloud profile was created |
PROFILE_UPDATE | A profile's name or credentials were updated |
PROFILE_DELETE | A profile was permanently deleted |
PROFILE_CONNECT | A connection to a cloud provider was initiated |
PROFILE_CONNECT_SUCCESS | Cloud provider connection succeeded |
PROFILE_CONNECT_FAIL | Cloud provider connection failed |
PROFILE_SYNC | Resource re-sync was triggered |
Resource Discovery
| Action Code | Description |
|---|---|
RESOURCE_DISCOVERY_START | Resource discovery process initiated |
RESOURCE_DISCOVERY_COMPLETE | Discovery finished with count of resources found |
Zone and Flow Management
| Action Code | Description |
|---|---|
ZONE_CREATE | A new security zone was created |
ZONE_UPDATE | A zone's configuration was modified |
ZONE_DELETE | A zone was deleted |
FLOW_CREATE | A new data flow was defined |
FLOW_UPDATE | A flow's protocol was changed |
FLOW_DELETE | A data flow was removed |
RESOURCE_ASSIGN | A resource was moved between zones |
Deployment
| Action Code | Description |
|---|---|
DEPLOYMENT_PLAN | A deployment plan was generated |
DEPLOYMENT_PREPARE | Deployment actions were translated for cloud providers |
DEPLOYMENT_EXECUTE | Deployment execution started |
DEPLOYMENT_SUCCESS | An individual deployment action succeeded |
DEPLOYMENT_FAIL | An individual deployment action failed |
Validation
| Action Code | Description |
|---|---|
VALIDATION_START | A validation check was initiated |
VALIDATION_PASS | A validation check passed |
VALIDATION_FAIL | A validation check failed with details |
System
| Action Code | Description |
|---|---|
LOG_CONFIG_UPDATE | Log upload configuration was changed |
USER_LOGIN | User authenticated successfully |
MEMBER_INVITE | A new team member was invited |
MEMBER_REMOVE | A team member was removed |
Log Upload Configuration
For long-term storage and compliance, you can configure the application to automatically upload audit logs to an object storage bucket.
- Storage URL -- Enter the URL for your object storage bucket (e.g.,
s3://your-bucket-name/logs/or similar for GCS or Azure Blob Storage). - Frequency -- Choose how often logs are uploaded:
| Frequency | Description |
|---|---|
hourly | Upload every hour |
daily | Upload once per day (recommended) |
weekly | Upload once per week |
monthly | Upload once per month |
- Click Save Configuration.
Log upload configuration changes are themselves logged, creating a tamper-evident audit trail. This is important for compliance frameworks like SOC 2 and PCI-DSS.