ALTR provides a variety of auditing capabilities to enable ALTR Administrators to understand what sensitive data is being queried, as well as what administrative actions are taken in the ALTR platform. These are the Query Audits and System Audits, respectively.
ALTR maintains a log of all queries that accessed connected columns in Query Audits. These audits contain information concerning:
Query audits are generated after queries are executed in Snowflake by monitoring Snowflake Warehouse activity and logs. It may take several minutes for a query on connected columns to appear in ALTR’s query log after the query executes.
Audit keeps a log many major administrative actions in the ALTR platform, such as:
These actions, and many more, are logged in ALTR’s System Audit Log. The System Audit log contains the following information:
Note: If you are using ALTR’s Management API to perform configuration, any actions taken by the API are logged under the name of the ALTR administrator that created the API key.
ALTR enables Enterprise and Enterprise Plus clients to export query and system audit data to an AWS S3 bucket which can then be ingested into logging tools or used to trigger notifications in external systems.
For instance, you can use the System Audits generated whenever a threshold is triggered to send an email to relevant parties about the threshold violation, or you can include information regarding all queries on sensitive data into your organizations Splunk logs.