Audit trail
Audit trails (also called audit logs) are logs of records of events and operations associated with an object, such as an order, the account and its subscription. Audit trails are built by recording who performed an activity, what activity was performed, and how the system responded.
Note: CloudBlue Commerce only logs APS-based operations (UX1 and APS API). The classic panel does not have this functionality.
Benefits
Improving security
Audit trail captures APS API-related calls, including suspicious ones. Audit trail can assist with monitoring data and systems for any possible security breaches or vulnerabilities as well as rooting out internal data misuse.
Proving compliance
Externally, audit trails are critical for proving compliance with common regulations such as HIPAA and PCI DSS. Audit trails serve as an official record for businesses that can be used to prove that they are compliant with the law.
Reinforcing internal investigations
Audit trails are the main evidence in an investigation of incorrect actions performed in the system, which can lead to its breakdown.
Note: An audit trail report provides evidence of a sequence of activities that affected specific operations, procedures, or events, and it is useful to allocate the appropriate accountability in case of incidents.
Sales recognition
A common scenario for CloudBlue Commerce partners is when a sales representative places an order on behalf of their customer. Audit trails can help properly identify who placed an order for sales commission recognition.
Installing audit trail
Audit log is disabled by default. You must install it through CloudBlue Store.
Note: The installed version must be the same as the OSS installed version.
Configuring audit trail
-
In UX1 for Providers, go to Settings > Events & Logs > Audit Trail.
-
Under Record events and operations, select one of the three options:
-
All disabled: To disable the recording of events and operations.
Note:If you select All disabled you will be non-compliant.
-
Critical only: Selected by default. If you choose this option, the following critical operation set of items are activated:
-
Place BSS Order
-
Excel Configuration Import
-
Catalog Set Prices
-
-
Selected: If you select this option, the select events and operations is enabled, where you can choose multiple sets of events and operations to be recorded. The critical operation set of items are already activated with this option.
Note: The Selected option may slow down the performance of CloudBlue Commerce
-
-
From the Retention policy drop-down menu, select how long you need the audit trails to be kept in CloudBlue Commerce.
-
If you need resellers to access the audit trail, under Access, select the My resellers can access the audit trail checkbox.
Important: To generate reports, you must enable the audit trail data set.
Reviewing audit trails
You can see and filter the records of the audit trails.
-
From the UX1 Marketplace, go to System > Audit log .
-
The central panel shows the existing audit trails.
-
To hide or show columns in the central panel, select the columns drop-down menu and then choose the columns you require.
-
4. (Optional) Filter the audit trails. There are two ways to filter them:
-
Using the search bar: filter by user, action or IP address.
-
Using the following buttons:
-
Time. Time of the audit trail creation
-
Source. One of the following four systems that made the corresponding APS call
-
CP. Classic panel (Stellart)
-
UX1. UX1 for Customers
-
API. The default code, that is, if the caller is using an external API and could not be defined
-
ACH. If the caller is the system scheduler, for example, executing renewal order flow
-
-
Component. CloudBlue Commerce components
-
Integrity check. It determines whether audit trail data was modified
-
-