Auditing

Set up features for auditing and view auditing reports and logs

The DuploCloud Portal provides a comprehensive audit trail, including reports and logs, for security and compliance purposes. Using the Show Audit Records for list box, you can display real-time audit data for:

Auth (Authentications)
Admin (Administrators)
Tenants (DuploCloud Tenants)
Compliance (such as HIPAA, SOC 2, and HIGHTRUST, among others)
Kat-Kit (DuploCloud's CI/CD Tool)

Enabling Audit

In the DuploCloud Portal, navigate to Administrator -> Observability -> Settings, and select the Audit tab. The Audit page displays.
Click the Enable Audit link.

Viewing detailed auditing diagnostics

To view complete auditing reports and logs, navigate to the Observability -> Audit page in the DuploCloud Portal.

Configuring a custom S3 bucket for auditing in another AWS account

You can create an S3 bucket for auditing in another account, other than the DuploCloud Master Account.

Prerequisites

Verify that the S3 bucket exists in another account, and note the bucket name. In this example, we assume a BUCKET_REGION of us-west-2 and a BUCKET name of audit-s2-bucket-another-account.
Ensure that your S3 bucket has Duplo Master permission to access the S3:PutObject. Refer to the code snippet below for an example.

{
  "Version": "2012-10-17",
  "Statement": [
  {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::accountid:role/duplomaster"
            },
            "Action": "S3:PutObject",
            "Resource": [
                "arn:aws:s3:::arn:aws:s3:::bucknetname/*",
                "arn:aws:s3:::arn:aws:s3:::bucketname"
            ]
        }
  ]
}

Configuring S3 bucket region and bucket name

In the DuploCloud Portal, navigate to Administrator -> System Settings.
Click the System Config tab.

Configuring the S3 Bucket Region

Continuing the example above, configure the S3BUCKET_REGION.

Click Add. The Add Config pane displays.
From the Config Type list box, select AppConfig.
in the Key list box, enter DUPLO_AUDIT_S3BUCKET_REGION.
In the Value field, enter us-west-2.
Click Submit.

Configuring Bucket Name

Continuing the example above, configure the S3BUCKET name.

Click Add. The Add Config pane displays.
From the Config Type list box, select AppConfig.
in the Key list box, enter DUPLO_AUDIT_S3BUCKET.
In the Value field, enter audit-s2-bucket-another-account.
Click Submit.

Your S3 bucket region and name configurations are displayed in the System Config tab. View details on the Audit page in the DuploCloud Portal.

Contact your DuploCloud Support team if you have additional questions or issues.

PreviousDisable Source Destination Check NextLogs

Last updated 1 year ago

Was this helpful?

hashtagEnabling Audit

hashtagViewing detailed auditing diagnostics

hashtagConfiguring a custom S3 bucket for auditing in another AWS account

hashtagPrerequisites

hashtagConfiguring S3 bucket region and bucket name

hashtagConfiguring the S3 Bucket Region

hashtagConfiguring Bucket Name