Event Center

Overview

The Akeyless Event Center is your hub for everything event-related.
This document will detail where you can access your event center, what it can do, and how you can benefit from using it.

The Event Center can be accessed by Admins through the bell icon on the top right-hand corner of your screen, next to your user icon. Selecting the bell will also show you any pending notifications you might have from the event center, based on your settings. Setting up notification triggers will also be explained later in this guide.

Using the Event Center

The Akeyless event center shows your event logs in the form of a table and allows you to monitor, filter, and search through the different events that happen in your Akeyless account.

On the upper left-hand side of the table, you will see a few interactive buttons, including a refresh button, a filter button, and a forwarder button, that allows you to use your event data to your benefit or to search through it.

Event Forwarders

Event forwarders are tools you can configure through the event center in order to get notified on other platforms (e.g email) when a certain event type happens. For example, one might want to be notified every time a certain Certificate is about to expire or when a user requests to access an item you have in your Akeyless Platform.

Forwarded Events Format:

The following JSON structure describes the forwarded event's format:

{
	"Akeyless Events": {
		"Certificate Expired": [{
				"name": "<cert A name>"
			},
			{
				"name": "<cert b name>"
			}
		],
		"Certificate About to Expire": [{
				"name": "<cert c name>"
			},
			{
				"name": "<cert D name>"
			}
		],
		"Request Access": [{...}]
	}
}
{
  "Certificate Expired": [
    {
      "name": "<Item Full Name>",
      "item_id": "<Item ID>",
      "payload": {
        "certificate_details": {
          "expires_at": "<Full Date>",
          "description": "<Item Description>"
        }
      }
    }
  ]
}

The URL for the Service Now endpoint would be: <serviceNowURL>/Akeyless-events/

Forwarders in the CLI

Create a Forwarder

To set up an event forwarder, use the following command:

akeyless create-event-forwarder  -n <name> --forwarder-type <type> --event-source-locations </Items/Folder> 

The main parameters for the command are as follows:

  • --name: The desired name for the forwarder. This parameter is mandatory.

  • --forwarder-type: Where will the events be forwarded, currently supporting email and servicenow. This parameter is mandatory.

    • For email forwarder: --email-to: A comma-separated list of email addresses to send events to.

    • For servicenow forwarder:

      • --host: ServiceNow endpoint URL.

      • auth-type: The authentication type to use against ServiceNow, by default set to user-pass, supporting also jwt authentication flow.

      For auth-type=email:

      • --admin-name: Admin name (relevant only for ServiceNow auth-type=email).

      • --admin-pwd: Admin Password (relevant only for ServiceNow auth-type=email).

      For auth-type=jwt:

      • --user-email: The user email (relevant only for ServiceNow auth-type=jwt).

      • --client-id: The client ID (relevant only for ServiceNow auth-type=jwt).

      • --client-secret: The client secret (relevant only for ServiceNow auth-type=jwt).

      • --app-private-key-file-path: Path to an RSA Private Key, alternatively, you can provide an --app-private-key-base64 (relevant only for ServiceNow auth-type=jwt).

  • --runner-type: Would you like this to be the default, which is immediate (i.e run once), or periodic (i.e. run periodically).

  • --every: If you choose runner-type = periodic, this parameter will determine how many hours will pass between every run of the forwarder.

  • --event-source-locations: A comma-separated list of event sources to forward events from, for example, /abc/def, /abc/xyz/*. This parameter is mandatory.

  • --event-source-type: The type of event, item (by default) target or auth_method.

  • --event-types: A comma-separated list of types of events to notify about:

#"event-source-type=item"
request-access
certificate-pending-expiration
certificate-expired
rotated-secret-success
rotated-secret-failure
dynamic-secret-failure
#"event-soruce-type=auth_method"
uid-rotation-failure
auth-method-pending-expiration
auth-method-expired
email-auth-method-approved
multi-auth-failure

Additional parameters can be found in the CLI Reference.

Update a Forwarder

If you wish to update an existing forwarder, use the following command:

akeyless update-event-forwarder

This command can accept the same parameters as the creation command, barring the forwarder type, the runner type, and the runner frequency. This command can also accept the --new-name parameter in order to change the forwarder name.
Additionally, the ServiceNow admin password can currently only be edited through the CLI.

Get Forwarder Details

In order to get information on an existing forwarder, use the following command:

akeyless get-event-forwarder -n <forwarder name>

Deleting a Forwarder

In order to delete an existing forwarder, use the following command:

akeyless delete-event-forwarder -n <forwarder name>

Setting Up an Event Forwarder in the Console

To create or manage Event Forwarders, do the following:

  1. Go to the Event Center and select Manage Forwarders. If this is your first Forwarder, it appears as Add Forwarder.

  2. Choose where you would like your events to be forwarded to. The identifier parameters will vary based on the type of forwarder selected:

  • Email: Recipient email addresses.
  • ServiceNow:
    • ServiceNow URL : ServiceNow endpoint URL.
    • Auth Type: Password or JWT
      • For Password: Provide a ServiceNow Admin Username and Password.
      • For JWT: Provide: a Username, ClientID, Client Secret, and the Private Key. More Information about ServiceNow JWT authentication flow can be found here.
  1. Set the following:
  • Event Sources Location: The location in Akeyless of the item or group of items you would like to be notified about. this parameter may be defined multiple times.
  • Event type: A list of types of events to notify about.
  • Protection Key: Protection key other than the default, if you wish to change it.
  • Forward immediately\periodically: Check the box for the preferred type of forwarder, an immediate one-time forwarder, or a periodic one that runs every defined amount of days.
  1. Finish.