Please kindly advice if CA API Gateway has out of box mechanism to be able to audit the activates and changes done by privileged account (e.g. Admin) ?
e.g. if user do changing LDAP configuration , global polices parameters and/or policies updates in API GW how and where to find who , when and what was changed?
Release : 10.0
Component : API GATEWAY
For policy/services changes you can right click a specific policy/service and look at “Revision History”. This keeps a record of the changes and who made the changes
Limit auditing in this area - the configuration of audit assertions occurring in policy. What does get place in audit and SSG log is the log in of the user into policy manager:
Node : Gateway1
Time : 20220201 10:59:32.557
Severity : INFO
Message : User logged in
Audit Record ID : 213f0d05356b7755078e033c91577f91
Event Type : Manager Action
Admin User Name : <username>
Admin User ID : 213f0d05356b7755078e033c91577f82
Identity Provider ID: 0000000000000000fffffffffffffffe
Admin IP : <UserIP>
Action : Admin Login
Changes to LDAP provided there is also some info audit. Logs the ID making the change but no details on exact change.
Node : Gateway1
Time : 20220201 11:01:45.930
Severity : INFO
Message : LdapIdentityProviderConfig #616899ee2f44f514a14251da8f715cdf (<LDAP Hostname>) updated (changed serializedProps)
Audit Record ID : 213f0d05356b7755078e033c91577fb5
Event Type : Manager Action
Admin User Name : <username>
Admin User ID : 213f0d05356b7755078e033c91577f82
Identity Provider ID: 0000000000000000fffffffffffffffe
Admin IP : <UserIP>
Action : Object Changed
Entity Name : <LDAP Hostname>
Entity ID : 616899ee2f44f514a14251da8f715cdf
Entity Type : identity.ldap.LdapIdentityProviderConfig
Changes to existing policy. Audits ID in the message as well as the policy changed - but no details on exact change.
Node : Gateway1
Time : 20220201 11:11:56.678
Severity : INFO
Message : Policy #616899ee2f44f514a14251da8f72b223 (Policy for service #616899ee2f44f514a14251da8f72b221, Route-1) updated (changed xml)
Audit Record ID : 213f0d05356b7755078e033c91578033
Event Type : Manager Action
Admin User Name : <username>
Admin User ID : 213f0d05356b7755078e033c91577f82
Identity Provider ID: 0000000000000000fffffffffffffffe
Admin IP : <UserIP>
Action : Object Changed
Entity Name : Policy for service #616899ee2f44f514a14251da8f72b221, Route-1
Entity ID : 616899ee2f44f514a14251da8f72b223
Entity Type : policy.Policy