Missing security audit events when running cf events in Tanzu Application Service for VMs
Article ID: 298456
Updated On:
Products
VMware Tanzu Application Service for VMs
Issue/Introduction
You do not see the following audit events when executing cf events in Tanzu Application Service for VMs:
As a security analyst or auditor, these events are useful in auditing access to environment variables.
For example, accessing the following /v3/ endpoints should result in the events showing up when executing cf events.
Getting events for app dora in org org / space space as admin.
- audit.app.revision.environment_variables.show
- audit.app.environment_variables.show
- audit.app.environment
As a security analyst or auditor, these events are useful in auditing access to environment variables.
For example, accessing the following /v3/ endpoints should result in the events showing up when executing cf events.
cf app dora --guid 2a9b7778-b9e8-496d-a9f9-40b3bb005d01 cf curl /v3/apps/2a9b7778-b9e8-496d-a9f9-40b3bb005d01/env cf curl /v3/apps/2a9b7778-b9e8-496d-a9f9-40b3bb005d01/environment_variables cf curl /v3/revisions/8fc50c3c-a2e8-41c9-bec9-a39e90f9d44f/environment_variables cf events dora
Getting events for app dora in org org / space space as admin.
2020-09-01T15:39:23.00-0700 audit.app.revision.environment_variables.show admin 2020-09-01T15:38:03.00-0700 audit.app.environment_variables.show admin 2020-09-01T15:37:33.00-0700 audit.app.environment.show admin
Environment
Product Version: Other
Resolution
If you do not see these audit events, make sure you are on a version of TAS for VMs that has this feature.
This functionality is in:
This functionality is in:
- CAPI v1.99.0 and late
- TAS for VMs v2.11.+
Feedback
Yes
No
Powered by
