Immuta reports allow data governors to use a natural language builder to instantly create reports that detail user activity across Immuta.
Click select entity and choose the option you would like the report based on from the dropdown menu. Your options include User, Group, Project, Data Source, Purpose, Policy Type, Connection, or Tag.
After making your selection, type your entity name in the enter name field.
Select the name from the dropdown menu that appears. Once the entity name has been selected, a number of reports will populate the center window.
Click a tile with the description of the report to run that report. You may only see up to 100 rows of output in the UI when you run a report. To see the full results of your report, follow the step below to export to CSV.
Once you've run the report, you can click the Export to CSV button in the top right of the page to download the report.
If you would like to switch reports from this page, you can make changes by clicking the dropdown menu and then Refresh to run a new report. Otherwise, click Back to Report Builder in the top right of the page to return to the full report builder.
Public preview: This feature is public preview and available to all accounts.
Before Immuta can export audit events to your Azure Data Lake Storage (ADLS) Gen2 storage account, you need to create a shared access signature (SAS) token that allows the Immuta audit service to add audit logs to your specified ADLS storage account and file system.
Follow the Azure documentation to create the following in Azure:
An ADLS Gen2 storage account with the following settings required for audit export:
Enable hierarchical namespace
Standard performance is adequate, but premium may be used
A shared access signature (SAS) for your dedicated container with at least the following permissions at the storage account or container level:
Create
Write
Save the SAS token to use in the next steps. Do not navigate away from the SAS page unless you have saved the token.
You can configure your audit export destination using one of two methods:
Download the binary in a tab below that corresponds to your operating system:
Linux x86_64 (amd64)
Linux ARMv8 (arm64)
Darwin x86_64 (amd64)
Darwin ARMv8 (arm64)
The latest stable binary can be found here: https://immuta-platform-artifacts.s3.amazonaws.com/cli/latest/immuta_cli_windows_amd64.
Download and add the binary to a directory in your system's $PATH as immuta.exe.
For descriptions of the commands used below, see the Immuta audit export configuration CLI reference guide.
The SHA 256 checksum is available to verify the file at https://immuta-platform-artifacts.s3.amazonaws.com/cli/latest/immuta_cli_SHA256SUMS.
Run immuta configure in your terminal.
Enter the URL of your Immuta tenant in the interactive prompt.
Enter your Immuta API Key.
Set the following parameters in a JSON or YAML file:
interval: The interval at which audit logs will be exported to your ADLS storage. They can be sent at 2-, 4-, 6-, 12-, or 24-hour intervals.
storage account: The name of the storage account you created that your audit logs will be sent to.
file system: The name of the file system (or container) you created that your audit logs will be written to.
path: The name of the path in the file system. This will be a new folder or directory in the container where Immuta will send your audit logs for storage.
SAS token: The previously-generated SAS token.
Create an export configuration in Immuta by running the following command:
To view all of the export configurations created for your Immuta tenant, run the following command:
To review a specific export configuration, run the get command with the export configuration ID as the argument:
To disable a configuration, run the following command with the export configuration ID as the argument:
To enable a disabled configuration, run the following command with the export configuration ID as the argument:
To delete an export configuration, run the following command with the export configuration ID as the argument:
Pass the following fields into the $data variable used in the mutation in the next step:
interval: The interval at which audit logs will be exported to your ADLS storage. They can be sent at 2-, 4-, 6-, 12-, or 24-hour intervals.
storage account: The name of the storage account you created that your audit logs will be sent to.
file system: The name of the file system (or container) you created that your audit logs will be written to.
path: The name of the path in the file system. This will be a new folder or directory in the container where Immuta will send your audit logs for storage.
SAS token: The previously-generated SAS token.
Configure these settings in Immuta using the createAdlsExportConfiguration mutation:
The ADLS export configuration to create.
To disable a configuration, use the disableExportConfiguration mutation:
The ID of the export configuration to disable.
To enable a disabled configuration, use the enableExportConfiguration mutation:
The ID of the export configuration to enable.
Public preview: This feature is public preview and available to all accounts.
Before Immuta can export audit events to your S3 bucket, you need to create a bucket policy that allows the Immuta audit service to add objects to your specified S3 bucket. The following Amazon S3 action will be granted to the audit service in the bucket policy:
: Adds an object to a bucket.
To create the policy for the bucket, you must be the bucket owner.
Follow for adding a bucket policy in the Amazon S3 console. To create the policy for the bucket, you must be the bucket owner.
Edit the JSON in the Policy section to include a bucket policy like the example below. In this example, the policy allows immuta-audit-service (the ) to add objects to customer-bucket-name (and the contents within that bucket).
Note: If you use this example, replace the content in angle brackets with your and bucket name.
Save your changes.
You can configure your audit export destination using one of two methods:
Download the binary in a tab below that corresponds to your operating system:
Linux x86_64 (amd64)
Linux ARMv8 (arm64)
Darwin x86_64 (amd64)
Darwin ARMv8 (arm64)
Download and add the binary to a directory in your system's $PATH as immuta.exe.
Run immuta configure in your terminal.
Enter the URL of your Immuta tenant in the interactive prompt.
Enter your Immuta API Key.
Set the following parameters in a JSON or YAML file:
interval: The interval at which audit logs will be exported to your S3 bucket. They can be sent at 2-, 4-, 6-, 12-, or 24-hour intervals.
bucket name: Name of the bucket your audit logs will be sent to.
bucket path: Path to your bucket in Amazon S3.
region: AWS region (such as "us-east-1").
accessKeyId: AWS access key ID.
secretAccessKey: AWS secret access key.
Configure these settings in Immuta by running the following command:
To view all of the export configurations created for your instance of Immuta, run the following command:
To review a specific export configuration, run the get command with the export configuration ID as the argument:
To disable a configuration, run the following command with the export configuration ID as the argument:
To enable a disabled configuration, run the following command with the export configuration ID as the argument:
To delete an export configuration, run the following command with the export configuration ID as the argument:
Pass the following fields into the $data variable used in the mutation in the next step:
interval: The interval at which audit logs will be exported to your S3 bucket. They can be sent at 2-, 4-, 6-, 12-, or 24-hour intervals.
bucket name: Name of the bucket your audit logs will be sent to.
bucket path: Path to your bucket in Amazon S3.
region: AWS region (such as "us-east-1").
accessKeyId: AWS access key ID.
secretAccessKey: AWS secret access key.
Configure these settings in Immuta using the createS3ExportConfiguration mutation:
The S3 export configuration to create.
To disable a configuration, use the disableExportConfiguration mutation:
The ID of the export configuration to disable.
To enable a disabled configuration, use the enableExportConfiguration mutation:
The ID of the export configuration to enable.
The latest stable binary can be found here: .
For descriptions of the commands used below, see the .
The SHA 256 checksum is available to verify the file at .