[Fleet] Improve Audit Functionality for Fleet activity #163719
Comments
juliaElastic
added
the
Team:Fleet
|
Pinging @elastic/fleet (Team:Fleet) |
|
@juliaElastic I believe this is similar/related to #164011 shall we do both at once? |
|
@jlind23 They are related, but can be done separately as well. |
|
Regarding the "what user changed what data when" part of this request, I recall discussing with @elastic/kibana-security that there was a roadmap item for a broader implementation of "document history" when discussing Fleet's audit logging implementation with them. I don't have a link handy and my GitHub issue searches aren't turning up much, but perhaps someone from that team could chime in if this sounds familiar. If my memory is correct that there will be a higher level Kibana "field/data history" implementation, it'd probably be best to avoid implementing something unique to Fleet and instead tie this request to that upstream item instead. |
@kpollich, I believe this was in reference to the Content Management initiative that the @elastic/appex-sharedux team is driving. |
|
Pinging for an update here. |
|
hey @nicpenning, thanks for the ping. Unfortunately we were not able to make any progress here so far. |
|
Thank you, @jlind23. I am happy to hear its still on the short term roadmap! |
|
@nimarezainia - Assigning to you to reevaluate priority. This has fallen off our list a few times now, but I think it's probably reasonable. @juliaElastic @jillguyonnet - Does anything in our recent agent activity improvements overlap with this ask? |
|
Hi @kpollich 👋 AFAIK:
This is not implemented today. I'm not sure either what the state of the above mentioned Content Management initiative is, so it might be worth doing a quick spike to understand the amount of effort involved.
Actions generated by a new agent policy revision do contain a timestamp. They do not, however, report any details about the policy itself (past of present). Furthermore, there is a caveat about the
I'm not aware of that existing. Perhaps this is related to elastic/integrations#8358 (deprioritized since the flyout enhancements)? For reference, these are the issues of the agent activity flyout enhancements: Something I could also point out is that we had some discussions during the implementation of step 2 about potentially moving the activity feed into a static page instead of a flyout, which we thought would dispel some issues linked to periodic data fetching but also potentially make room for more information (see e.g. #179161 (comment)). |
Describe the feature:
As a Fleet admin, I would like to be able observe what user upgraded an agent or multiple agents, when policies were changed (past state and current state), and have them displayed in the flyout Agent activity window but also an index that can be used in a dashboard format for more governance of Fleet activity.
Describe a specific use case for the feature:
The text was updated successfully, but these errors were encountered: