steampipe plugin install pipes

Table: pipes_audit_log - Query Pipes Audit Logs using SQL

Pipes Audit Logs is a feature within the Pipes service that records user activity. It provides a comprehensive log of actions taken within the service, including who performed the action, what the action was, and when it was done. Pipes Audit Logs is a critical tool for understanding user behavior, troubleshooting issues, and investigating potential security incidents.

Table Usage Guide

The pipes_audit_log table provides insights into user activity within the Pipes service. As a security analyst or administrator, explore detailed logs through this table, including the actor, action, and timestamp. Utilize it to uncover information about user behavior, troubleshoot issues, and investigate potential security incidents.

Important Notes

  • You must specify an organization or user ID, or an organization or user handle, in the where or join clause using the identity_id or identity_handle columns respectively.

Examples

List audit logs for a user handle

Discover the actions taken by a particular user by examining their audit logs. This can be useful for analyzing user behavior or investigating potential security issues.

select
id,
action_type,
jsonb_pretty(data) as data
from
pipes_audit_log
where
identity_handle = 'myuser';
select
id,
action_type,
data
from
pipes_audit_log
where
identity_handle = 'myuser';

List audit logs for a user ID

Explore the actions taken by a specific user by analyzing the audit logs. This can help in understanding user behavior or investigating suspicious activities.

select
id,
action_type,
jsonb_pretty(data) as data
from
pipes_audit_log
where
identity_id = 'u_c6fdjke232example';
select
id,
action_type,
data
from
pipes_audit_log
where
identity_id = 'u_c6fdjke232example';

List audit logs for an organization handle

Analyze the actions performed in your organization by exploring the audit logs. This can be useful to track changes, identify unusual activity, and maintain security within your organization.

select
id,
action_type,
jsonb_pretty(data) as data
from
pipes_audit_log
where
identity_handle = 'myorg';
select
id,
action_type,
data
from
pipes_audit_log
where
identity_handle = 'myorg';

List audit logs for an organization ID

Explore which actions have been taken within a specific organization by analyzing its audit logs. This allows you to monitor and understand the operational activities and changes within your organization.

select
id,
action_type,
jsonb_pretty(data) as data
from
pipes_audit_log
where
identity_id = 'o_c6qjjsaa6guexample';
select
id,
action_type,
data
from
pipes_audit_log
where
identity_id = 'o_c6qjjsaa6guexample';

Schema for pipes_audit_log

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
action_typetextThe action performed on the resource.
actor_avatar_urltextThe avatar of an actor who has performed the action.
actor_display_nametextThe display name of an actor.
actor_handletextThe handle name of an actor.
actor_idtextThe unique identifier of an actor.
actor_iptextThe IP address of the actor.
created_attimestamp with time zoneThe time when the action was performed.
datajsonbThe data which has been modified on the entity.
idtextThe unique identifier for an audit log.
identity_handletext=The handle name for an identity where the action has been performed.
identity_idtext=The unique identifier for an identity where the action has been performed.
process_idtextThe process id which this entry is a part of.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
target_handletextThe handle name of the entity where the action has been performed.
target_idtextThe unique identifier of the entity where the action has been performed.
user_idtext=, !=, ~~, ~~*, !~~, !~~*The unique identifier for the user.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- pipes

You can pass the configuration to the command with the --config argument:

steampipe_export_pipes --config '<your_config>' pipes_audit_log