Create awareness of concerning audit events
This issue and linked pages contain information related to upcoming products, features, and functionality. It is important to note that the information presented is for informational purposes only. Please do not rely on this information for purchasing or planning purposes. As with all projects, the items mentioned in this video and linked pages are subject to change or delay. The development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.
Problem to solve
GitLab's Audit Events provides good context on what's going on in a GitLab instance, but these logs are currently static. They're informative, but they require a human being to study them if they'd like to take action. Instead, we should monitor the logs on behalf of admins and create alerts for evaluation.
- How do we allow a user to set an alert condition in the audit log?
- Which activities do we start with?
Proposal
Allow an administrator to create if-then statements in the audit log:
- Specify a condition by defining:
- Who: (a specific user, any user)
- Event: (successful sign in, failed sign in, group created, group deleted...)
If a statement is triggered, an alert should appear in the UI. The alert should present some information on the alert, the objects/users that were involved, and the conditions that led to the alert.
What does success look like, and how can we measure that?
We should be able to monitor for at least 5 events and reliably create alerts for violations. User engagement with Audit Events should increase by 10%.
Questions
- What should the "who" and "events" be for the first iteration?
This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.