You use the Audit Logs API in Pigment to programmatically monitor user activity and potential security issues in your Workspace. The Audit Logs API can be used in conjunction with a Security Information and Event Management (SIEM) in order to ensure continuous compliance, safeguard against any inappropriate system access, and detect suspicious behavior within your enterprise.
For more information on the Audit Logs API, check out these topics:
What information does the Audit Logs API return?
The Audit Logs API provides logs to give an insight into the activities of Pigment members in your workspace. It returns the metadata for your model, such as Block names and Application names. It also contains user information like Member names and email addresses for Members invited into your workspace.
However, the logs don’t contain any data that was imported or input into Pigment, like formula text, numbers, and so on. The API is read-only, and there is no write functionality available.
The Audit Logs API return data but that does not determine if actions or behaviors are appropriate or suspicious - that’s your call. We recommend using the API in conjunction with a Security Information and Event Management (SIEM). You can build a script to feed the API response into an auditing tool, if you’d like to use the logs for this purpose.
For detailed information about calling the API and event types, refer to the articles Calling the Audit Log API and Audit Logs API Events and Event Types
How to think about using the Audit Logs API compared to using History?
The History feature in Pigment is used for tracking updates on specific Blocks, such as Lists and Metrics. While the Audit Logs API returns similar information, there are some differences between the two:
- Audit Logs API return logs on updates made within your entire workspace. In History, you can only view updates tracked at Application, Block or Item level.
- History contains details on precisely what changes member made and when they made that update. The API only returns information confirming that the change happened, when it happened, and that an update occurred.
For example, in History, you will see that on1 Jan 2024at2.00pm,MemberXupdated a value fromblankto123onBlockA. The Audit Logs API only return the response stating that on1 Jan 2024at2.00pm,MemberXupdated a value onBlockA. - The Audit Logs API gives you insights on user activity and access, such as login and security activities, and management on API keys and Groups. This information is unavailable using the History feature.
Who can use the Audit Logs API?
Only Pigment members with the Account type Security Admin can access the API Keys page and manage the API keys required to create this API. For more information, see Create an Audit Logs API Key.