审计日志
了解如何使用审计日志跟踪和分析你账户的活动。
审计日志可供 企业计划 客户使用。
审计日志记录账户使用 Expo 应用服务 (EAS) 执行的操作。记录的数据包括有关受影响实体的信息、对它们所做的修改类型、执行操作的人员以及活动发生的时间。
¥Audit logs record actions made with Expo Application Services (EAS) by accounts. Recorded data includes information about the affected entities, the type of modification made to them, who performed the action, and when the activity occurred.
关键点
¥Key points
-
审计日志只能创建,绝不能修改或删除,它们可作为事实来源,帮助监控事件并调试账户内发生的问题。
¥Audit logs can only be created and never modified or deleted, they serve as a source of truth to help monitor events and debug issues occurring within accounts.
-
审计日志可供企业计划客户使用。订阅后,Expo 内部使用的某些日志可立即使用,而其他类型的日志将在订阅激活后开始收集。
¥Audit logs are available to Enterprise plan customers. When subscribed, some of the logs used internally by Expo are immediately available, while other types of logs are starting to be collected after the subscription is activated.
-
审计日志存储 1.5 年。如果删除账户,其审计日志将在 90 天后删除。
¥Audit logs are stored for 1.5 years. If an account is deleted, its audit logs will be deleted after 90 days.
-
要访问它们,请转到账户设置 > 审计日志。
¥To access them, go to Account settings > Audit logs.
用例
¥Use cases
权限监控
¥Permission monitoring
审计日志可以跟踪组织内的用户邀请和权限更改。一个示例安全事件可能包括一个被入侵的员工账户,该账户邀请攻击者进入组织并将其权限更改为 行政。
¥Audit logs can track user invitations and permission changes within your organization. An example security event could include a compromised employee account that invites an attacker into an organization and changes their permission to Admin.
在这种情况下,审计日志将记录哪个员工账户邀请了攻击者并修改了权限。由于审计日志是不可变的,攻击者将无法删除此记录的历史记录。其他组织成员将能够查看审计日志以确定哪个账户被盗用,采取行动撤销攻击者的权限并保护员工的账户。
¥In this scenario, audit logs would record which employee account invited the attacker and modified permissions. Since audit logs are immutable, the attacker would not be able to delete this recorded history. Other organization members will be able to review the audit logs to determine which account was compromised, take action to revoke the attacker's permissions and secure the employee's account.
访问历史记录
¥Access history
Expo 组织账户可以包括许多项目,其中开发访问权限由分配给各个团队的分发证书控制。当设备被允许加入这些团队时,跟踪何时授予和删除访问权限以保留历史记录非常重要。虽然设备目前可能不包含在 Apple 团队中,但在发生内部安全事件时查看谁以前有权访问该团队可能会很有用。
¥An Expo organization account can include many projects where development access is controlled by distribution certificates assigned to individual teams. When devices are granted to join these teams, it is important to track when access is granted and removed for historical record keeping. While a device may not currently be included in an Apple team, it may be useful to see who previously had access to the team in the event of an internal security incident.
Expo 团队设置中列出的 Apple 设备将仅显示当前注册到账户的设备,但通过创建审计日志,可以查看 Apple 团队和设备的历史修改。
¥The Apple devices listed within the Expo team's settings will only show devices that are currently registered to an account, but with the creation of audit logs, historical modifications of Apple teams and devices can be viewed.
审计日志实体
¥Audit log entities
虽然我们正在努力在未来添加更多实体,但以下实体已经启用:
¥While we are working on adding more entities in future, the following entities are already enabled:
-
账户
¥Accounts
-
Android 应用凭据
¥Android App Credentials
-
Android 密钥库
¥Android Keystore
-
Apple 设备
¥Apple devices
-
Apple 分发证书
¥Apple Distribution Certificate
-
Apple 配置文件
¥Apple Provisioning Profile
-
苹果团队
¥Apple Team
-
App Store Connect API 密钥
¥App Store Connect API key
-
Google 服务账户密钥
¥Google Service Account key
-
iOS 应用凭据
¥iOS App Credentials
-
项目
¥Project
-
用户邀请
¥User Invitations
-
用户权限
¥User Permissions
结构
¥Structure
审计日志条目包括以下字段:
¥Audit log entries include the following fields:
字段 | 描述 |
---|---|
参与者 | 执行特定操作的账户参与者。 |
实体类型 | 使用以下修改类型之一修改的对象:CREATE 、UPDATE 、DELETE 。 |
突变类型 | 修改类型:CREATE 、UPDATE 、DELETE 。 |
创建时间 | 执行特定操作的时间。 |
此外,单击审计日志行,你可以查看与该日志相关的元数据。
¥Additionally, clicking on an Audit log row, you can view the metadata relevant to that log.
导出
¥Export
-
审计日志可供企业计划客户使用。订阅后,Expo 内部使用的某些日志可立即使用,而其他类型的日志将在订阅激活后收集。
¥Audit logs are available to Enterprise plan customers. When subscribed, some of the logs used internally by Expo are immediately available, while other types of logs will be collected after the subscription is activated.
导出时间范围最长为 30 天。导出的文件将包括审计日志页面上显示的所有字段,但消息字段除外。
¥Export is available with a time range of up to 30 days. The exported file will include all the fields shown on the Audit logs page except for the Message field.