Application-level Audit Logs
Logging and monitoring in an application means that every action, login, and data input is recorded and able to be audited. The failure to comprehensively log and monitor every action in an application is “the bedrock of nearly every major incident,” according to OWASP documentation. An unlogged or unmonitored event is considered to be a breach in your system. When breaches go unnoticed, serious damage to data can be inflicted.
Indigo audits all database events. Every successful an unsuccessful login, visited URL, and all records and their creation and modification dates and creator and modifier are audited using auditing for SQL databases and SQL server audits.
How to catch unwanted events in your Indigo system:
You can review your own system’s audit log by going to Administration > Audit Log in Indigo. We recommend that you routinely review your system’s audit log to ensure that there are no surprises.
Have multiple pairs of trusted eyes monitor audit logs. Generate and print audit log reports for you and your team to review.
Infrastructure-level Audit logs
We use Auditing for SQL Database and SQL Server audit to track database events and write them to an audit log. Auditing enables us to understand ongoing database activities, as well as analyze and investigate historical activity to identify potential threats or suspected abuse and security violations.
Every successful or unsuccessful login in the system is audited.
Every URL visited in the system is audited.
Every record in the system maintains the created on, created by, modified on, and modified by records.
Sensitive information such as employees and payroll calculations are audited when changed or deleted.
Employee logins to the Azure platform are audited by Azure Active Directory portal. Azure’s sign-in activity reports and security logging and auditing are followed.
These logs are retained for a period of 60 days on a rolling basis.