ALTR provides a variety of auditing capabilities to enable ALTR Administrators to understand what sensitive data is being queried, as well as what administrative actions are taken in the ALTR platform. These are the Query Audits and System Audits, respectively.
ALTR maintains a log of all queries that accessed connected columns in Query Audits. These audits contain information concerning:
Query audits are generated after queries are executed in Snowflake by monitoring Snowflake Warehouse activity and logs. It may take several minutes for a query to appear in ALTR’s query log after the query executes.
Audit keeps a log many major administrative actions in the ALTR platform, such as:
These actions, and many more, are logged in ALTR’s System Audit Log. The System Audit log contains the following information:
Note: If you are using ALTR’s Management API to perform configuration, any actions taken by the API are logged under the name of the ALTR administrator that created the API key.
ALTR includes the capability to track user-defined events through the use of Custom Audit Logs. See our dedicated page for more information.
ALTR enables clients to export audit log data to an AWS S3 bucket which can then be ingested into logging tools or used to trigger notifications in external systems. For instance, you can use the System Audits generated whenever a threshold is triggered to send an email to relevant parties about the threshold violation, or you can include information regarding all queries on sensitive data into your organizations Splunk logs. Audit logs are partitioned in S3 based on event time.
Example S3 JSON Object for Query Audit Logs:
Example S3 JSON Object for System Audit Logs:
Example S3 JSON Object for Custom Audit Logs: