Elasticsearch security logs
For enterprise clients we can provide our security logs from elasticsearch. Contact us for more details about connecting and pulling logs.
Our logs monitors all HTTP requests that could change configuration of your organization from users. All logs have
@timestamp field which provides time when request was executed. Also you can find field message.source.ip containing requester ip address. When user is authenticated we include message.user.id field which provides user's ID in Closer and message.user.roles which describes roles of the user.We also provide
message.http.request.body and message.http.request.method so you can identify what action user was trying to made. Fields message.http.response.body and message.http.response.status_code gives you information about result of the action. Full url address at which user was executing request is provided in field message.url.full.For better filtering of logs we provide fields
message.event.category, message.event.kind, message.event.type, message.event.outcome and message.event.action. Those fields are compilant with ECS event fields.
List of our event actions:org_config_change- change made to general config of organizationfree_org_creation- creation of org with free planstripe_org_creation- creation of org with paid planwidget_logo_creation- creation of new logo on widget headerwidget_logo_deletion- deletion of logo on widget headerwidget_background_creation- creation of new background image on widget headerwidget_background_deletion- deletion of background image on widget headeragent_profile_change- change made to agent profileagent_deactivation- agent deactivation in organizationagent_restore- agent restore in organizationagent_login- agent login to closer using email and passwordagent_login_with_magic_link- agent login using magic linkagent_logout- agent logout from closeragent_password_change- agent password change from settingsagent_password_change_with_token- agent password change using tokenagent_password_reset- agent password reset requestagent_skills_change- change of agent's skillsagent_preferences_change- change of agent preferences about notifications and inbox sortingagent_limit_change- change of agent assigned conversations limit, currently not usedagent_role_change- change of agent's role, from admin or to adminagent_invitation- invitation to organization for new agentagent_invitation_acceptation- invitation to organization accepted from new agentagent_avatar_creation- creation of new agent avataragent_avatar_deletion- deletion of agent avatarunavailability_reason_creation- creation of unavailability reason for agent on unavailable statusunavailability_reason_change- change of unavailability reason for agent on unavailable statusunavailability_reason_deletion- deletion of unavailability reason for agent on unavailable statusbot_type_change- change of bot type in closerlekta_config_creation- creation of lekta integration config for botlekta_config_change- change in lekta integration config for botevent_action_config_creation- creation of event action config, response that is send by bot on specific eventevent_action_config_change- change of event action configevent_action_config_deletion- deletion of event action configai_suggestions_config_change- change on ai suggestions configai_suggestions_intent_creation- creation of ai suggestions intentai_suggestions_intent_change- change of ai suggestions intentai_suggestions_intent_deletion- deletion of ai suggestions intentai_suggestions_dataset_creation- creation of ai suggestions dataset for nluai_suggestions_dataset_change- change of ai suggestions dataset for nluai_suggestions_dataset_deletion- deletion of ai suggestions dataset for nluwidget_form_config_creation- creation of widget form config to display for customer on widgetwidget_form_config_change- change of widget form configwidget_form_config_deletion- deletion of widget form configoauth_authorization- authorization of customer using oauthoauth_config_creation- creation of oauth config for customer authorizationoauth_config_change- change of oauth configoauth_config_deletion- deletion of oauth configproactive_messages_config_creation- creation of proactive message config displayed over widgetproactive_messages_config_change- change of proactive message configproactive_messages_config_deletion- deletion of proactive message configprofanities_config_creation- creation of profanities config that is used to block some words for sendingprofanities_config_change- change of profanities configtag_mapping_config_creation- creation of tag mapping config for tagging customers on specific pagetag_mapping_config_change- change of tag mapping configtag_mapping_config_deletion- deletion of tag mapping configorg_topic_creation- creation of topic in orgorg_topic_change- change of topic in orgorg_topic_deletion- deletion of topic in org
{
"_index": "closer",
"_type": "entry",
"_id": "s3baO3kBZbVQk2pxTK-w",
"_version": 1,
"_score": 0,
"_source": {
"@timestamp": "2021-05-05T09:27:12.529+0000",
"message": {
"event.kind": [
"event"
],
"event.category": [
"configuration"
],
"event.type": [
"change",
"user"
],
"event.action": "agent_skills_change",
"event.outcome": "success",
"http.request.body.content": "{\"skills\":[\"skill\"]}",
"http.request.method": "PUT",
"http.response.status_code": 204,
"user.id": "00000000-0000-0000-0000-000000000000",
"user.roles": [
"ADMIN"
],
"source.ip": "/89.187.249.34",
"url.full": "http://spinner.stage.closer.app/api/users/agents/00000000-0000-0000-0000-000000000000/skills",
"ecs.version": "1.9"
}
}
}
Last modified 1yr ago