Community Articles

Find and share helpful community-sourced technical articles.
Labels (1)
avatar
Master Collaborator

Introduction:

In today's digital age, data security and compliance are paramount. Organizations handling sensitive information, especially in cloud environments, need robust tools to monitor and audit user activities. Cloudera Data Platform (CDP) offers a comprehensive auditing system to keep track of who's doing what in your environment. In this article, we'll delve into the world of audits in CDP Cloudera, explaining why they are essential and how to use them effectively.

Why Audits Matter:

  • Enhancing Security: Audits play a pivotal role in maintaining the security of your CDP Cloudera environment. By keeping a detailed log of user activities, audits help you identify suspicious or unauthorized actions promptly.
  • Compliance Requirements: Many industries and organizations have stringent regulatory requirements. Audits help organizations adhere to these regulations by providing a clear record of data access and modifications.
  • Investigation and Troubleshooting: When issues arise, audits serve as valuable tools for investigation and troubleshooting. You can trace user actions to identify the root cause of problems.
  • Insight into User Behavior: Audits provide insights into user behavior and the usage patterns of your CDP Cloudera environment. This information can be used to optimize resource allocation and improve operational efficiency.

How to Access Audits :

- There are two primary methods to access audit information in CDP Cloudera:

1. CDP Management Console:

The CDP Management Console provides a user-friendly interface for managing and accessing audit data.
Navigate to the 'audits' section within the Management Console to retrieve audit events.

1.png

 

 2. CDP Command Line Interface (CLI):

If you prefer command-line access, you can use the CDP CLI. Use the following command to list audit events:

cdp audit list-events --from-timestamp Start-Time --to-timestamp End-Time --event-source iam --event-name "InteractiveLogin"

This command fetches audit events for the specified time range, event source, and event name.

I have added the above example of the Stop Data Hub Clutser event.

# cdp audit list-events --from-timestamp 2023-11-06T13:36:18.036Z --to-timestamp 2023-11-06T17:36:18.036Z  --event-source datahub --event-name "stopCluster" --result-code "SUCCESS"
{
    "auditEvents": [
        {
            "version": "1.1.0",
            "id": "a0b57964-7bea-41d1-afc5-0fa7288d4868",
            "eventSource": "datahub",
            "eventName": "stopCluster",
            "timestamp": 1699280001302,
            "actorIdentity": {
                "actorCrn": "crn:altus:iam:us-west-1:65e2e6e4-60dc-######:user:######"
            },
            "accountId": "65e2e6e4-60dc-4358-91a1-cbdc804f6303",
            "requestId": "bfcb1a11-b0db-422c-af2e-b4db523a6681",
            "resultCode": "SUCCESS",
            "apiRequestEvent": {
                "responseParameters": "{ }",
                "mutating": false
            }
        }
    ]
}

Let's break down the provided command and its output step by step:

  • cdp audit list-events: This is the command that lists audit events in CDP Cloudera.
  • --from-timestamp 2023-11-06T13:36:18.036Z: This is the start time for the audit event search. It specifies the date and time from which you want to retrieve audit events.
  • --to-timestamp 2023-11-06T17:36:18.036Z: This is the end time for the audit event search. It specifies the date and time until which you want to retrieve audit events.
  • --event-source datahub: This option filters the audit events by the event source. In this case, it filters for events originating from "datahub."
  • --event-name "stopCluster": This option filters the audit events by the event name. It includes only events with the name "stopCluster."
  • --result-code "SUCCESS": This option filters the audit events by the result code. It includes only events with the result code "SUCCESS."

We can determine who performed the Data hub stop activity based on the actor identity provided in the output:

  • actorIdentity: Information about the user or entity that triggered the event, including the user's Cloud Resource Name (CRN).

In conclusion, audits in CDP Cloudera are essential for maintaining security, compliance, and operational efficiency. Whether you choose the Management Console or the CLI, accessing audit information is straightforward and invaluable for monitoring user activities within your environment.

 

194 Views
0 Kudos