감사 이벤트 레퍼런스 Teleport 감사 이벤트와 해당 필드에 대한 종합적인 목록을 제공합니다.
access_graph.crown_jewel.create access_graph.crown_jewel.delete access_graph.crown_jewel.update access_graph.path.changed access_list.create TAL001I TAL001E access_list.delete TAL003I TAL003E access_list.member.add TAL005I TAL005E access_list.member.delete TAL007I TAL007E access_list.member.delete_all_members TAL008I TAL008E access_list.member.update TAL006I TAL006E access_list.review TAL004I TAL004E access_list.update TAL002I TAL002E access_request.create access_request.delete access_request.expire access_request.review access_request.search access_request.update app.create app.delete app.session.chunk app.session.dynamodb.request app.session.end app.session.start T2007I T2007E app.update auth auth_preference.update auto_update_agent_rollout.force_done auto_update_agent_rollout.rollback auto_update_agent_rollout.trigger auto_update_config.create auto_update_config.delete auto_update_config.update auto_update_version.create auto_update_version.delete auto_update_version.update aws_identity_center.resource_sync.failed aws_identity_center.resource_sync.success billing.create_card billing.delete_card billing.update_card billing.update_info bot.create bot.delete bot.join TJ001I TJ001E bot.update cert.create cir.update client.disconnect cluster_networking_config.update db.create db.delete db.session.cassandra.batch db.session.cassandra.execute db.session.cassandra.prepare db.session.cassandra.register db.session.dynamodb.request TDY01I TDY01E db.session.elasticsearch.request TES00I TES00E db.session.end db.session.mysql.create_db db.session.mysql.debug db.session.mysql.drop_db db.session.mysql.init_db db.session.mysql.process_kill db.session.mysql.refresh db.session.mysql.shut_down db.session.mysql.statements.bulk_execute db.session.mysql.statements.close db.session.mysql.statements.execute db.session.mysql.statements.fetch db.session.mysql.statements.prepare db.session.mysql.statements.reset db.session.mysql.statements.send_long_data db.session.opensearch.request TOS00I TOS00E db.session.permissions.update db.session.postgres.function db.session.postgres.statements.bind db.session.postgres.statements.close db.session.postgres.statements.execute db.session.postgres.statements.parse db.session.query db.session.query.failed db.session.spanner.rpc TSPN001W TSPN001I db.session.sqlserver.rpc_request db.session.start TDB00I TDB00W db.session.user.create TDB08I TDB08W db.session.user.deactivate TDB09I TDB09W db.update desktop.clipboard.receive desktop.clipboard.send desktop.directory.read TDP05I TDP05W desktop.directory.share TDP04I TDP04W desktop.directory.write TDP06I TDP06W device device.authenticate device.authenticate.confirm device.create device.delete device.token.create device.token.spent device.update device.webtoken.create discovery_config.create discovery_config.delete discovery_config.delete_all discovery_config.update exec T3002I T3002E external_audit_storage.disable external_audit_storage.enable git.command TGIT001E TGIT001I github.created github.deleted github.updated health_check_config.create health_check_config.delete health_check_config.update inference_model.create inference_model.delete inference_model.update inference_policy.create inference_policy.delete inference_policy.update inference_secret.create inference_secret.delete inference_secret.update instance.join TJ002I TJ002E integration.create integration.delete integration.update join_token.bound_keypair.join_state_verification_failed join_token.bound_keypair.recovery join_token.bound_keypair.rotation join_token.create kube.create kube.delete kube.request kube.update lock.created lock.deleted login_rule.create login_rule.delete mcp.session.end TMCP002I TMCP002E mcp.session.invalid_http_request mcp.session.listen_sse_stream TMCP005I TMCP005E mcp.session.notification TMCP004I TMCP004E mcp.session.request TMCP003I TMCP003E mcp.session.start mfa.delete T1006I T1007I mfa_auth_challenge.create mfa_auth_challenge.validate T1016I T1016W oidc.created oidc.deleted oidc.updated okta.access_list.sync TOK006I TOK006E okta.applications.update okta.assignment.cleanup TOK005I TOK005E okta.assignment.process TOK004I TOK004E okta.groups.update okta.sync.failure okta.user.sync TOK007I TOK007E plugin.create plugin.delete plugin.update port T3003I T3003E T3003S privilege_token.create recovery_code.generated recovery_code.used T1009I T1009W recovery_token.create reset_password_token.create resize role.created role.deleted role.updated saml.created saml.deleted saml.idp.auth saml.idp.service.provider.create TSI001I TSI001W saml.idp.service.provider.delete TSI003I TSI003W TSI004I TSI004W saml.idp.service.provider.update TSI002I TSI002W saml.updated scim.create TSCIM001I TSCIM001E scim.delete TSCIM003I TSCIM003E scim.get TSCIM004I TSCIM004E scim.list TSCIM005I TSCIM005E scim.patch TSCIM006I TSCIM006E scim.update TSCIM002I TSCIM002E scp T3004I T3004E T3005I T3005E T3010E secreports.audit.query.run secreports.report.run session.command session.connect session.data session.disk session.end session.join session.leave session.network session.process_exit session.recording.access session.rejected session.start session.summarized INF010I INF010E session.upload session_recording_config.update sftp TS001I TS001E TS007I TS007E TS009I TS009E TS010I TS010E TS011I TS011E TS012I TS012E TS013I TS013E TS016I TS016E TS018I TS018E TS019I TS019E TS020E sftp_summary sigstore_policy.create sigstore_policy.delete sigstore_policy.update spiffe.svid.issued TSPIFFE000I TSPIFFE000E ssm.run TDS00I TDS00W stable_unix_user.create static_host_user.create static_host_user.delete static_host_user.update subsystem T3001I T3001E trusted_cluster.create trusted_cluster.delete trusted_cluster_token.create unknown upgradewindowstart.update user.create user.delete user.login T1000I T1000W T1010I T1011W T1012I T1013I T1013W T1014W T1001I T1001W user.password_change user.update user_login.invalid_access_list user_task.create user_task.delete user_task.update vnet.config.create vnet.config.delete vnet.config.update windows.desktop.session.end windows.desktop.session.start TDP00I TDP00W workload_cluster.create WC001I WC001E workload_cluster.delete WC003I WC003E workload_cluster.update WC002I WC002E workload_identity.create workload_identity.delete workload_identity.update workload_identity_x509_issuer_override.create workload_identity_x509_issuer_override.delete x11-forward T3008I T3008W Teleport 컴포넌트는 클러스터 내 활동을 기록하기 위해 감사 이벤트를 발생시킵니다. 감사 이벤트 페이로드에는 이벤트를 설명하는 event 필드가 있으며, 이는 종종 동적 리소스에 대해 수행된 작업(예: Access List 생성을 위한 access_list.create )이거나 로컬 사용자 로그인( user.login )과 같은 사용자 행동입니다. code 필드에는 감사 이벤트에 고유한 [A-Z0-9]{6} 패턴의 문자열이 포함되어 있으며, 예를 들어 애플리케이션 리소스 생성에는 TAP03I 가 사용됩니다. 경우에 따라 감사 이벤트가 성공 상태와 실패 상태를 모두 설명하는 경우, event 필드는 두 상태에서 동일합니다. 이 경우 code 필드는 상태에 따라 다릅니다. 예를 들어 access_list.create 는 Access List 생성 성공과 실패를 모두 설명하며, 성공 이벤트의 코드는 TAL001I 이고 실패의 코드는 TAL001E 입니다. db.session.query.failed 및 db.session.query 와 같은 다른 이벤트의 경우, 이벤트 유형은 성공 또는 실패 상태만 설명합니다. Teleport를 설정하여 저장, 시각화 및 분석을 위해 서드파티 서비스로 감사 이벤트를 내보낼 수 있습니다. 자세한 내용은 Teleport 감사 이벤트 내보내기 를 참조하세요. access_graph.crown_jewel.create # Crown Jewel 생성됨 Example: { "code" : "CJ001I" , "event" : "access_graph.crown_jewel.create" , "time" : "2020-06-05T16:24:05Z" , "uid" : "68a83a99-73ce-4bd7-bbf7-99103c2ba6a0" } access_graph.crown_jewel.delete # Crown Jewel 삭제됨 Example: { "code" : "CJ003I" , "event" : "access_graph.crown_jewel.delete" , "time" : "2020-06-05T16:24:05Z" , "uid" : "68a83a99-73ce-4bd7-bbf7-99103c2ba6a0" } access_graph.crown_jewel.update # Crown Jewel 업데이트됨 Example: { "code" : "CJ002I" , "event" : "access_graph.crown_jewel.update" , "time" : "2020-06-05T16:24:05Z" , "uid" : "68a83a99-73ce-4bd7-bbf7-99103c2ba6a0" } access_graph.path.changed # 액세스 경로 변경됨 Example: { "code" : "TAG001I" , "event" : "access_graph.path.changed" , "time" : "2020-06-05T16:24:05Z" , "uid" : "68a83a99-73ce-4bd7-bbf7-99103c2ba6a0" } a
