We’re excited to announce Audit Logging support for Capella App Services, a powerful new capability that provides detailed, trackable records of activities that occur within your App Service. 

These audit logs are generated in a structured JSON format, documenting every significant action or event. The events include user actions, system processes, and other key events, offering a comprehensive, chronological record of who did what, when, and where.

Why Audit Logging matters

Audit Logging is essential for maintaining security, ensuring accountability, and meeting compliance requirements. With the ability to capture and document detailed information about every interaction within your App Services, audit logs serve as an important tool for:

    • Regulatory Compliance: By tracking specific events, audit logs help your organization meet various regulatory requirements such as HIPAA. They provide a clear audit trail that can be reviewed during compliance audits, ensuring that all necessary information is documented and accessible.
    • Enhanced Observability: With audit logs, you can also gain deeper insights into the actions taking place within your App Service. This heightened observability enables more effective monitoring, quicker detection and issue resolution. This heightened observability allows for more effective monitoring and better overall management of your applications.

HIPAA readiness

HIPAA, which stands for the Health Insurance Portability and Accountability Act of 1996, is a United States federal law that sets standards for the protection of sensitive patient health information. We are happy to announce that with the introduction of Audit Logging, we have implemented all the necessary controls and Capella App Services is now HIPAA ready. Our platform has the critical capabilities for logging and monitoring sensitive data activities around the operations of your mobile and IoT applications. 

This milestone is particularly significant for healthcare organizations and any entity managing protected health information (PHI), enabling such organizations to flexibly configure and export audit logs data to suit their applications specific use cases. 

Flexible Audit Logging

Users can now opt in to generate audit logs and configure exactly which events they want to track. Whether your focus is on user activities, system changes, or specific processes, you have the control to opt in for the audit logs that meet your application’s operational and compliance needs. 

With the new Audit Logging support for Capella App Services, you can now track critical actions within your applications. Here’s what is covered:

    • Auditing Events: When auditing is enabled, disabled, or configured.
    • API Requests: Public, Admin and Metrics API requests, user authentication (success/failure), and session management.
    • Database Operations: CRUD actions, config changes, lifecycle events (offline, compaction, resync).
    • User and Role Management: Creating, reading, updating, and deleting users and roles.
    • Document Operations: All CRUD actions on documents and attachments, related to mobile or IoT clients or Public API endpoints.

These events are logged in JSON format, with options for export, download of all audit logs for a specific period of time or configure log streaming to third-party services.

Seamless integration with third-party observability services

In addition to generating and storing audit logs within Capella, we also support log export, download, and streaming to third-party services. This includes popular platforms like DataDog, SumoLogic, Grafana Loki, and Elastic, as well as any custom HTTP endpoints. 

These integrations allow you to easily retrieve and analyze your audit logs outside of Capella, leveraging your preferred tools and workflows for deeper analysis and long-term storage of audit logs.

Start using Audit Logging today

The addition of Audit Logging to Capella App Services 3.2 marks a significant enhancement in our platform’s security and compliance capabilities. Whether you’re focused on meeting regulatory requirements, improving your security posture, or simply gaining better visibility into your application’s activities, Audit Logging is designed to support your needs.



Author

Posted by Iveta Dulova, Senior Product Manager

All Posts

Leave a reply