BizTalk360 Auditing

BizTalk360 Activity Auditing

Published on : Mar 29, 2019

Category : BizTalk360 Update

yuvaranjani

Author

We are very excited to blog about a new feature called BizTalk360 activity Auditing which will be available from BizTalk360 upcoming release v9.0.

When we work on cutting edge technology, security is one of the important factors we always need to consider. Keeping that in mind we implemented, amongst others, Governance and Auditing which actually audits BizTalk level activities done at (Application, Service Instances, Host Instances, Server, ESB Messages, Business Rules ) from BizTalk360.

Many customers requested as it could be great if BizTalk360 activities such as Alarm, User access policy, Artifacts Mapping activities, Secure SQL Queries executions, Licensing changes, etc. would also be audited. So, from v9.0 we have leveraged the auditing for BizTalk360 activities too. Considering the business value and time we are implementing Alarm Auditing, Artifact Mapping and  Secure SQL Query auditing for this release.

Alarm Auditing

The Monitoring capability is one of the key features available in BizTalk360. The first and foremost step for monitoring is creating an alarm, which actually plays a crucial role in monitoring. Many users may have permission for managing the alarms. Which means whoever have permission for manage alarm they can easily create, modify and delete an alarm.

For instance, if you have 100 plus alarms configured in your environment and multiple users are using it. It would be very difficult to check who has worked on which alarm.

Considering that we have implemented BizTalk360 alarm activities auditing. Alarm activities such as alarm creation, deletion, modification, status changes (Enable/Disable) and reset alarm count will be audited.

Create:  Alarm creation will include Quick alarm configuration and copying of alarms.

Update: Updating an alarm can be done by editing the alarm configuration, but you can also change the status (Enable/Disable) of the alarm. Both the activities will be captured under BizTalk360 Alarm Auditing. While updating the status of the alarm, a confirmation popup will appear in which you can provide the reason for the action. This way, you can administer why the action has been performed.

In the Audit details, you can see the summary which contains the property name, the previous value and the current value of the modified property.

Reset: An Alarm reset can also be done in two ways. It can be a manual action and it can also be an auto reset by the system. Both the actions will be captured under alarm auditing.

Manual Reset: For threshold monitoring, when the alerts per violation reach its limit, the alert needs to be reset, otherwise notification will not be triggered again. So, you can reset it manually in the Manage Alarm section.

Auto Reset: For threshold monitoring, users also have an option to automatically have alerts being reset. When the alert violation reaches its limit, after the alert reset timeout (minutes provided in alert reset), the system will automatically reset the alert. That action will also be captured under Alarm Auditing.

Delete: On Alarm deletion, we have newly introduced an optional text box in the confirmation popup to provide the reason for the deletion which will be audited in BizTalk360 Alarm Auditing.

All the audit details will be available in the BizTalk360 Governance – Audit section. Super Users and Normal Users (who have permission for the Governance – Audit section) can get into BizTalk360 Audit details.

The same details can also be seen in Live Feed, just by enabling the Live Feed in BizTalk360 settings section.

 

Every auditing record contains a detailed view to know the exact configuration and updated values. This contains the user, environment details and the Date/Time. Also, in the case of an update, the current and previous value will be listed.

Below screen shows you the auditing details for an Alarm Update. There you can see the updated values alone. You can also compare the previous values with the current value and if you want to revert back the changes what you have before, you can use the auditing for your reference.

These actions will also be available under the User Activities.

Secure SQL Query Auditing

BizTalk360 offers the Secure SQL Queries functionality as a secure platform to store predefined queries and provide access to BizTalk members to execute the queries. BizTalk360, by default, comes pre-loaded with a set of queries and allows the users (with permissions) to build secure SQL queries that are appropriate to the organization’s business.

The query result may contain important business data. So, some of our customers requested us as it would be good to know who executed the query and which parameter values are passed while execution. That’s why we have implemented Secure SQL Query Auditing which includes any new query creation, modifying the existing query, deleting the query and, most importantly, query execution.

Auditing every execution of queries will come under the Platinum tier since it is more sensitive to audit. Users who have access to the Secure SQL Query section, can view the Secure SQL Query Auditing under BizTalk360 Activities.

In Governance and Audit, Secure SQL Query section, you can see the list of SQL activities and you have a detailed view of every audited activity. In the detail view, you can see the database name, query name, SQL Server instance name and query which is created, executed or modified.

For example, I have executed the query ‘Large Messages in Tracking database’.

This action will be audited under Governance – Audit section with all the details.

In this detail view, you can see which query has been executed and what are all the parameters passed to the query, when the query has been executed and who has done this operation.

Modified values will look like shown below.

For query deletion, BizTalk360 will ask you for the confirmation with an optional text box to provide the reason for query deletion. It may be useful for future reference for the admin about the action.

Artifacts Mapping Auditing

For a healthy BizTalk Environment, it’s important to keep an eye on every artifact (Service Instances, Receive Locations, Send Ports, Send Port Groups, Orchestrations, Host Instances). Having a huge number of artifacts in the BizTalk environment, it is really difficult to monitor it manually by checking whether the host instance is started or not, Receive Locations are enabled or not, etc. To overcome these problems, BizTalk360 provides you with a feature called BizTalk360 Monitoring, that allows you to set up the monitoring for any desired state for your artifacts.

So, bringing auditing for Artifact mappings, would be helpful to the user to know the monitoring setup whenever they want.

For instance, when a user accidentally changes the mapping configuration, then it could lead to false alerts or it is irrelevant to your production environment. In this scenario, you should need auditing for these setups and what is the previous expected state of the artifacts. So, that is what you can recover immediately and also some of our customers requested us to bring this functionality.

Based on Customer feedback and their business needs, we are working on this feature for v9.0.

Also, a user who changes the expected state of the artifacts, will have an option to provide the reason for changing the state. So that admin/other users can know why they are changing the state.

Purging                                        

Auditing data will persist in the BizTalk360 database based on the purge policy setup.

To avoid running out of disk space, purging needs to be done for older data. In BizTalk360, we are providing a configurable purging policy to purge the data in Governance/Audit. Administrators/Super Users can set up the Purge duration under Settings.

User Access Policy

Super users will have permissions to all the sections and users who have access to the Governance – Audit section, can view the BizTalk360 Activity Auditing.

For Alarm Auditing – normal users/ NT group users who have access to the “Managing Alarms” section, can view the alarm auditing section under BizTalk360 Activity Auditing.

For Secure SQL Query Auditing – Normal Users/ NT group users who have access to the “Secure SQL Query” section, can view the Secure SQL Query auditing under BizTalk360 Activity Auditing.

For Artifacts Mapping Activity Auditing – Normal Users/NT group users who have access to the “Manage Alarms” section, can view the artifacts mapping activity auditing section.