Audit Log

📘

This article described the OLD version of the Audit log. This version is still active on our multi tenant instance. If you are using the single tenant or exclusive instance, please refer to the New Audit log article.

Audit logging offers chronological records of user activity in the Bloomreach Engagement application, including information about a user and a detailed overview of actions performed by the user. Using Audit logging provides proof of GDPR compliance and operational integrity and it can also serve as a source of information for audit investigations. Moreover, it allows you to identify the origin of any security incident.

Access to the Audit Log is restricted, and only authorized users can search, filter, or download logs for a specific time period. Audit log records will contain logs that include interaction with the application and with customer accounts.

While the Audit log is operational in all instances, access to log reports is only available in Single Tenant and Exclusive instances. If you want to use these features, contact your CSM.

🚧

Audit Log availability in BETA

This feature is currently available in the BETA version, but we are working on its improvement.

Audit log at the account level

The audit log on the account level tracks all activities for a specific account. When you have several projects under one account all activities are aggregated to this audit log. Every activity is linked to the user/API who performed it. For each user/API, we track the properties described below:

PropertyDescriptionData typeExample
subject_typeType of access used (existing user or API access)stringexisting_user/api_token
subject_identifierUsername (usually email) used during loginstring[email protected]
subject_remote_addrThe IP address of user/API when triggered the actionstring32.68.182.60
resource_project_idProject token where user/API triggered actionstringa2a36816-c025
resource_account_idAccount id where user/API triggered actionstringa2a36816-c025
subject_providerThe authentication provider that was used during the loginstringgoogle
resource_project_slugPage slug of the resource projectstring/media_project
resource_identifier (optional)ID changed as a result of the action made.stringThe ID of the original campaign.
resource_query (optional)Query made.stringCustomer filter used during the deletion of customers.
resource_snapshot (optional)The status of the campaign at the time of the action.stringRunning
resource_before/after_status (optional)How the status of the campaign changed as a result of the action.StringRunning/stopped
PropertyDescriptionData typeExample
subject_user_id (for existing user)UUID of a userstringa2a36816-c025
subject_access_group_id (for API access)UUID of a groupstringa2a36816-c025
subject_access_key (for API access)Access keystringKey123
subject_permissions (for API access)Permission for the given API tokenstring

The user's/API's activities trigger an audit event. Attributes of the audit event provide more details for the audit log:

resource_type describes the location/part of the application where the activity was triggered
action_type describes the action for the resource_type

Tracking activities when resource_type = customer

action_typeResource_typeDescription
create customerCreate customer from the interface
update customerUpdate customer's attributes from the interface
delete customerDeletion of a customer from the interface. This action also includes bulk deletion of customers.

In case of bulk deletion, attribute object_id stores the link to the file with filter. This filter was applied to customers during bulk deletion.
anonymize customerAnonymization of customers from the interface
read customerView customers in Bloomreach Engagement CRM. This action also includes bulk downloads of customers.

In case of bulk download, attribute object_id stores the link to the file with filter. This filter was applied to customers during the download action.

Tracking activities when resource_type = {others}
In this case, we are talking about activities all over the application. These activities usually have among the actions either create, update, or delete. The resource_types provided below are just examples, much more locations are being tracked.

action_typeresource_typeDescription
createtrendTrend was created
updatecampaign_designCampaign was updated
deleteaggregateAggregate was deleted

🚧

Data expiration time period for the audit event is set to 3 years.

Audit log at the instance level

Tracks all activities, that don't belong to any account/project as the actions login/log out. On the instance level under the event access, the audit log tracks all customers who logged in/logged out.

action_typeaction_successDescription
loginfalse/trueThe user was/was not logged in
logoutfalse/trueThe user was/was not logged out

The project for looking into the instance-level audit log is named Audit Log - Instance. An example of this would be https://app.exponea.com/p/audit-log-instance1/crm/customers/pages/1.