Create an alert in Audit Events
Problem to solve
GitLab's Audit Events provides good context on what's going on in a GitLab instance, but these logs are currently static. They're informative, but they require a human being to study them if they'd like to take action. Instead, we should monitor the logs on behalf of admins and create alerts for evaluation.
- How do we allow a user to set an alert condition in the audit log?
- Which activities do we start with?
Allow an administrator to create if-then statements in the audit log:
- Specify a condition by defining:
- Who: (a specific user, any user)
- Event: (successful sign in, failed sign in, group created, group deleted...)
If a statement is triggered, an alert should appear in the UI. The alert should present some information on the alert, the objects/users that were involved, and the conditions that led to the alert.
What does success look like, and how can we measure that?
We should be able to monitor for at least 5 events and reliably create alerts for violations. User engagement with Audit Events should increase by 10%.
- What should the "who" and "events" be for the first iteration?