Activity feed

The activity feed allows organizations and especially administrators to track activities and events in the console. This feature provides a detailed record for all deployments that cannot be turned off. It helps teams detect unusual behavior as well as aiding organizations in maintaining audit trails for regulatory compliance reasons.

The activity feed follow a structured JSON format can be exported in both CSV and JSON formats to allow integration with SIEM (Security Information and Event Management) solutions. There are plans on adding an API interface in the future as well.

The activity feed tracks events on both Organization and Project level.

Captured events

The events captured in the feed fall into the following categories:

  • User account changes - User invitations, removals, modifications.

  • Privilege management - Grants, revocations, role assignments.

  • Instance actions - Creation, alteration, deletion.

  • Configuration changes - Inserts, updates, deletes.

  • System events - Database pause/resume, backup creation/restore.

Note that the list of events that are captured will grow as more events are added in the future.

Structure

The exportable activity logs are structured in a JSON format that is consistent with audit log standards and parsable programmatically and thus SIEM compatible.

Each event record includes:

  • Unique Event ID

  • Organization ID

  • Timestamp in UTC, both in Unix Epoch and ISO 8601-style

  • Project ID

  • Project Name

  • User ID

  • User Email

  • Status

  • Action ID that maps to the type of action

  • Action Name that describes the type of action

  • IP Address where the action was initiated

  • Payload

Use the → on an event to display all captured details.

Always refer to the action_id for monitoring purposes as this is a static reference. When refering to the timestamp, always use the UTC timestamp in the ISO-8601 style.

Access the activity feed

The Organization-level activity feed is accessed via the top-level Organization menu.

org level activity
Figure 1. Organization-level activity feed

This view is available to organization owners and admins and shows all activity across the entire organization.

The Project-level activity feed is accessed via the Project menu from the sidebar.

project level activity
Figure 2. Project-level activity feed

This view is available to project admins and shows logs specific to a project, which offers a more granular overview than the org-level.

Filter and export

You can filter the activity feed directly in the console and display the results. The results can be filtered by date and time, status, user, action, and IP address. Use the → arrow to see the captured details for the activity listed. Additionally, you can control which columns that are displayed with the table symbol (all the way to the right in the table header).

activity feed
Figure 3. Filter activity feed

The activity feed can be exported either in a JSON format or as CSV. This feature allows up to the last 30 days of activity to be exported and offers the same filtering options. Use the Export button to select which format and which filters (or none) you want to apply for your export.

Action ID reference

Table 1. Actions in activity feed
action_name action_id Category Description

INSTANCE_CREATE

1

Instance Actions

A new instance has been created

INSTANCE_PAUSE

2

Instance Actions

A running instance has been paused

INSTANCE_RESUME

3

Instance Actions

A paused instance has been resumed

INSTANCE_CLONE_TO_EXISTING

4

Instance Actions

An instance has been cloned to an existing one

INSTANCE_DELETE

5

Instance Actions

An instance has been permanently deleted

INSTANCE_UPDATE

6

Instance Actions

An instance’s configuration has been updated

INSTANCE_MARK_AS_PRODUCTION

7

Instance Actions

An instance has been marked as a production environment

INSTANCE_FORCE_DELETE

8

Instance Actions

An instance has been force-deleted

INSTANCE_INTERNAL_UPDATE

9

Instance Actions

An internal database update operation

INSTANCE_INTERNAL_PAUSE

10

Instance Actions

An internal pause operation

DATA_SNAPSHOT_CREATE_ON_DEMAND

101

Data Management

An on-demand snapshot operation

DATA_SNAPSHOT_EXPORT

102

Data Management

A snapshot has been exported

DATA_SNAPSHOT_RESTORE

103

Data Management

A snapshot has been restored

DATA_BACKUP_RESTORE

104

Data Management

A backup has been restored

INVITE_CREATE

201

User Management

A new user invitation has been sent

INVITE_ACCEPTED

202

User Management

A user has accepted an invitation

INVITE_DECLINE

203

User Management

A user has declined an invitation

INVITE_UPDATE

204

User Management

An existing invite has been updated

INVITE_REVOKE

205

User Management

An invitation has been revoked

ROLE_UPDATE

206

User Management

A user’s role has been updated

SSO_CREATE

301

Security

A new Single-Sign On has been configured

SSO_UPDATE

302

Security

An existing SSO configuration has been updated

SSO_DELETE

303

Security

An SSO configuration has been deleted

SSO_INTERNAL_CREATE

304

Security

Internal SSO configuration

SSO_INTERNAL_UPDATE

305

Security

Internal SSO update

IP_FILTER_CREATE

306

Security

A new IP filter rule has been created

IP_FILTER_UPDATE

307

Security

An existing IP filter rule has been updated

IP_FILTER_DELETE

308

Security

An IP filter rule has been deleted

USER_CMK_CREATE

309

Security

A User Customer Managed Key has been created

USER_CMK_DELETE

310

Security

A User Customer Managed Key has been deleted

PROJECT_CMK_CREATE

311

Security

A Project Customer Managed Key has been created

PROJECT_CMK_DELETE

312

Security

A Project Customer Managed Key has been deleted

PRIVATE_ENDPOINTS_UPDATE

313

Security

A private endpoint configuration has been updated