docs

docs copied to clipboard

Mattermost user stu.doherty from https://community-daily.mattermost.com has requested the following be documented:

This recently came up when discussing a customer issue, and it has come up before.  I can see a short list of example log types, then a link to the current source file where these are defined (if that's even the case.. if not we can discuss options for maintaining the list).

purgeBleveIndexes createBot patchBot updateBotActive assignBot convertBotToUser uploadBrandImage deleteBrandImage createCategoryForTeamForUser updateCategoryOrderForTeamForUser updateCategoriesForTeamForUser updateCategoryForTeamForUser deleteCategoryForTeamForUser localCreateChannel localUpdateChannelPrivacy localRestoreChannel localAddChannelMember localRemoveChannelMember localPatchChannel localMoveChannel localDeleteChannel createChannel updateChannel updateChannelPrivacy patchChannel restoreChannel createDirectChannel createGroupChannel deleteChannel updateChannelMemberRoles updateChannelMemberSchemeRoles updateChannelMemberNotifyProps addChannelMember removeChannelMember updateChannelScheme patchChannelModerations moveChannel createCustomerPayment confirmCustomerPayment localCreateCommand createCommand updateCommand moveCommand deleteCommand executeCommand regenCommandToken createComplianceReport getComplianceReports getComplianceReport downloadComplianceReport localGetConfig localUpdateConfig localPatchConfig getConfig configReload updateConfig patchConfig migrateConfig createPolicy patchPolicy deletePolicy addTeamsToPolicy removeTeamsFromPolicy addChannelsToPolicy removeChannelsFromPolicy purgeElasticsearchIndexes createEmoji deleteEmoji deleteExport uploadFileSimple uploadFileMultipart uploadFileMultipartLegacy getFile getFileLink createGroup patchGroup linkGroupSyncable patchGroupSyncable unlinkGroupSyncable deleteGroup addGroupMembers deleteGroupMembers createJob cancelJob syncLdap linkLdapGroup unlinkLdapGroup idMigrateLdap addLdapPublicCertificate addLdapPrivateCertificate removeLdapPublicCertificate removeLdapPrivateCertificate localAddLicense localRemoveLicense addLicense removeLicense requestTrialLicense requestRenewalLink createOAuthApp updateOAuthApp deleteOAuthApp regenerateOAuthAppSecret uploadPlugin installPluginFromURL installMarketplacePlugin removePlugin enablePlugin disablePlugin setFirstAdminVisitMarketplaceStatus getFirstAdminVisitMarketplaceStatus createPost deletePost updatePost patchPost saveIsPinnedPost updatePreferences deletePreferences remoteClusterAcceptMessage remoteClusterAcceptInvite uploadRemoteData remoteUploadProfileImage patchRole addSamlPublicCertificate addSamlPrivateCertificate addSamlIdpCertificate removeSamlPublicCertificate removeSamlPrivateCertificate removeSamlIdpCertificate createScheme patchScheme deleteScheme localCheckIntegrity getAudits databaseRecycle invalidateCaches getLogs setServerBusy clearServerBusy upgradeToEnterprise restartServer sendWarnMetricAckEmail requestTrialLicenseAndAckWarnMetric updateViewedProductNotices localDeleteTeam localInviteUsersToTeam localCreateTeam createTeam updateTeam patchTeam restoreTeam updateTeamPrivacy regenerateTeamInviteId deleteTeam addTeamMember addUserToTeamFromInvite addTeamMembers removeTeamMember updateTeamMemberRoles updateTeamMemberSchemeRoles importTeam inviteUsersToTeam inviteGuestsToChannels invalidateAllEmailInvites setTeamIcon removeTeamIcon updateTeamScheme createTermsOfService createUpload uploadData localDeleteUser localPermanentDeleteAllUsers createUser setProfileImage setDefaultProfileImage updateUser patchUser deleteUser updateUserRoles updateUserActive updateUserAuth updateUserMfa updatePassword resetPassword sendPasswordReset login login Logout revokeSession revokeAllSessionsForUser revokeAllSessionsAllUsers attachDeviceId getUserAudits verifyUserEmail sendVerificationEmail switchAccountType createUserAccessToken revokeUserAccessToken disableUserAccessToken enableUserAccessToken saveUserTermsOfService promoteGuestToUser demoteUserToGuest verifyUserEmailWithoutToken convertUserToBot migrateAuthToLdap migrateAuthToSaml updateReadStateThreadByUser unfollowThreadByUser followThreadByUser updateReadStateAllThreadsByUser localCreateIncomingHook createOutgoingHook createIncomingHook updateIncomingHook getIncomingHook deleteIncomingHook updateOutgoingHook createOutgoingHook getOutgoingHook regenOutgoingHookToken deleteOutgoingHook extendSessionExpiry reset scheduleExport buildExport bulkExport slackImport bulkImport jobServer authorizeOAuthApp deauthorizeOAuthApp getAccessToken completeSaml

See the original post here.

This issue was generated from Mattermost using the Doc Up plugin.

@sadohert and @wiggin77 - Could I get your collective help identifying what's needed to address this docs request, please?

After an initial chat with @wiggin77, it's not clear what's meant by record/log types. The list in this PR includes some of the APIs that are audited, but it's not a comprehensive list. Any time a new API is added, a new audit record would be emitted.

@sadohert Would it be useful to have the API docs include something about whether the API emits a record, rather than trying to maintain such a list in the product docs?

I totally understand the point about maintenance. Don't want to create a headache with a constantly growing target we need to hit. I can't seem to get to the original message, so I forget the context now, but I don't think an example of every record is needed. Some key records should have an example to admins get the idea. I think we can talk in terms of the big categories of things that trigger audit records (e.g., system config changes, user+channel+team create/update/delete/logins) and the data that is associated (user id, timestamp, some indicator of what's changed).

Adding a note on all the API docs for items that trigger would be nice, but I'd say low priority.

I think the key is to convey that the audit records are comprehensive, json formatted for easy ingest, and here are some good examples.

@sadohert , @cwarnermm The security team is working on a project to better standardize the auditing output. I suggest asking them about timing and progress so this documentation effort doesn't happen twice in a short time.

Thanks, @wiggin77! @DSchalla - Do you have timeframes and progress you can share? I agree with @wiggin77 that we want to time this doc update appropriately to avoid unnecessary effort.

^ @iyampaul

@cwarnermm We don't have a timeline for audit logging changes yet. We started conversations this month so it will be some time before any meaningful improvements are seen. @nab-77 is leading the effort from the Product side and may be a better resource to help coordinate timelines and expectations.

Thanks so much, @iyampaul! Looking forward to teaming up with you on this one, @nab-77! :)