Skip to main content

Overview

Last updated on

An audit trail is a chronological record of all key actions performed within the system. It shows who did what, when, and where, helping you track changes and activities in your Harness account.

Audit trails are automatically generated and cannot be altered, keeping the information accurate and reliable. This information can be used during compliance or to help identify and resolve issues more quickly.

Before you begin

Viewing the audit trail

note

The audit trail can only be viewed at the account and organization scope. Audit events for the account scope do not appear in the audit trail at the organization scope.

To view the audit trail at the account scope (for organization scope events, go to the Organization Settings), follow these steps:

  1. In Harness, go to Account Settings.

  2. Navigate to the Security and Governance section, then click Audit Trail.

  3. The Audit Trail page opens, showing audit logs from the past 7 days by default.

    Each record logs an activity that happens within the system. These records may take a few minutes to appear in the Audit Trail. If you still can't see an event, try refreshing your browser.

Filter by date and time

Limit the audit events displayed to a specific time range, from 1 day up to 2 years. Use the date picker to select the exact start and end dates, including the time of day.

Audit trail types

By default, all audit events are displayed. You can refine the records using the following filters:

  • Exclude Login Events: Hides authentication-related events, such as successful or failed logins, 2FA, and so on from the records.
  • Exclude System Events: Hides events generated by the system.

Add a filter

To add a filter, perform the following steps:

  1. In Account Audit Trail, click the filter icon.

  2. In the New Filter settings, select filters to refine audit events. Narrow the viewable events by adding filters and selecting:

    • User

    • Organization

    • Project

    • Resource Type

    • Resource Identifier

    • Action

      note

      The Resource Identifier operates in conjunction with the Resource Type. It allows you to use the resource identifier to filter audit events related to a specific resource using that identifier.

      Infrastructure Audit Trail

      To retrieve the infrastructure audit trail, use the Environment resource type and provide your environment identifier as the Resource Identifier.

  3. In Filter Name, enter a name for your filter.

  4. For Who can view and edit the filter?, select Only me or Everyone based on the visibility you want to set for this filter.

  5. Select Save to create a filter.

  6. Select Apply to view the audit events as per the filter you just created.

    By default, the events of the last 7 days are returned for the filter. To view more results, you can select the date range accordingly.

Audit trail data fields

The data fields capture the information for each audit event, including the user, action, time, and affected resources.

  • Time: The date and time when the activity occurred.
  • User: The user who performed the action (typically shown as an email ID or username).
  • Action: The action that was performed (created, updated, deleted and so on).
  • Resource: The Harness entity that was affected by the action.
  • Organization: The organization name corresponding to the affected entity, if applicable.
  • Project: The project name corresponding to the affected entity, if applicable.
  • Module: The module corresponding to the affected entity (pipeline, Platform and so on).
  • Event Summary: A detailed summary of the event, highlighting the changes made, along with the corresponding YAML differences.
IMPORTANT

By default, the Audit Trail does not capture pipeline execution events such as Pipeline Start, Pipeline End, Stage Start, and Stage End. To capture these events, enable the Enable Pipeline Execution Audit Events setting under the pipeline category in account scope settings.

This setting is available only at the account scope.

Audit trail for events

Audit trail are stored for up to 2 years. If you need to retain them for a longer period, you can use audit log streaming to export logs externally.

Audit logs capture key activities performed in your account. For example, when a new user is added, an audit log records the action (created, updated, revoked, etc.) along with relevant user details.

note

This is not an exhaustive list, as audit logs are generated dynamically based on user and system activities.

Module categories and resources

Modules CategoryResourcesDescription
Platform Core
  • ORGANIZATION
  • PROJECT
  • USER
  • USER_GROUP
  • ROLE
  • ROLE_ASSIGNMENT
  • PERMISSION
  • RESOURCE_GROUP
  • SERVICE_ACCOUNT
  • API_KEY
  • TOKEN
Core platform entities used to manage accounts, projects, users, access control, and authentication across Harness.
Continuous Delivery
  • SERVICE
  • ENVIRONMENT
  • ENVIRONMENT_GROUP
  • PIPELINE
  • TRIGGER
  • TEMPLATE
  • INPUT_SET
  • DEPLOYMENT_FREEZE
  • DB_SCHEMA
  • DB_INSTANCE
Resources used to define, configure, and execute application and database deployments.
GitOps
  • GITOPS_REPOSITORY
  • GITOPS_CLUSTER
  • GITOPS_CREDENTIAL_TEMPLATE
  • GITOPS_REPOSITORY_CERTIFICATE
  • GITOPS_GNUPG_KEY
  • GITOPS_AGENT
  • GITOPS_PROJECT_MAPPING
  • GITOPS_APPLICATION
  • GITOPS_APPLICATION_SET
  • GITOPS_ARGOPROJECT
GitOps resources for managing clusters and applications using Git as the source of truth.
Delegates
  • DELEGATE
  • DELEGATE_GROUPS
  • DELEGATE_CONFIGURATION
  • DELEGATE_TOKEN
Delegates enable secure connectivity between Harness and customer infrastructure to execute tasks.
Secrets Management
  • SECRET
  • CERTIFICATE
Secure storage and management of sensitive values such as secrets and certificates used by pipelines and services.
Connectors
  • CONNECTOR
Configurations that allow Harness to integrate with external systems such as cloud providers, Git, and artifact registries.
Dashboards
  • DASHBOARD
  • DASHBOARD_FOLDER
Visual dashboards and folders used to organize and display insights and reports across modules.
Governance
  • GOVERNANCE_POLICY
  • GOVERNANCE_POLICY_SET
Policies and policy sets used to enforce standards, compliance, and guardrails across the platform.
File Store
  • FILE
  • VARIABLE
Files and variables stored in Harness and referenced during pipeline execution and configuration.
Platform Settings
  • SETTING
  • NG_LOGIN_SETTINGS
  • NG_ACCOUNT_DETAILS
  • SMTP
  • IP_ALLOWLIST_CONFIG
  • STREAMING_DESTINATION
  • BRANDING_SETTINGS
  • BRANDING_ASSET
  • BANNER
  • DATA_SINK
Account-level and platform-wide settings that control security, notifications, branding, and integrations.
Resilience Testing (Chaos Engineering)
  • CHAOS_HUB
  • CHAOS_INFRASTRUCTURE
  • CHAOS_EXPERIMENT
  • CHAOS_GAMEDAY
  • CHAOS_PROBE
  • CHAOS_SECURITY_GOVERNANCE
  • CHAOS_IMAGE_REGISTRY
  • DR_TEST
Resources used to design, run, and govern chaos experiments to validate system resilience.
Security Testing Orchestration
  • STO_TARGET
  • STO_EXEMPTION
  • STO_OVERRIDE
  • TICKET
Security testing targets, exceptions, overrides, and ticketing artifacts for managing security findings.
Cloud Cost Management
  • PERSPECTIVE
  • PERSPECTIVE_BUDGET
  • PERSPECTIVE_REPORT
  • PERSPECTIVE_FOLDER
  • COST_CATEGORY
  • BUDGET_GROUP
  • AUTOSTOPPING_RULE
  • AUTOSTOPPING_LB
  • AUTOSTOPPING_STARTSTOP
  • COMMITMENT_ORCHESTRATOR_SETUP
  • COMMITMENT_ACTIONS
  • CLUSTER_ORCHESTRATOR_SETUP
  • CLUSTER_ORCHESTRATOR_VPA_RULE
  • CLUSTER_ACTIONS
  • CCM_ANOMALY
  • CCM_ANOMALY_ALERT
  • CCM_RECOMMENDATION
  • CCM_RECOMMENDATION_IGNORE_LIST
  • CCM_RECOMMENDATION_SETTINGS
  • CCM_RECOMMENDATION_TICKET_SYSTEM
  • CCM_UNIT_METRIC
  • CCM_ANOMALIES_WHITELIST_RULE
  • CLOUD_ASSET_GOVERNANCE_RULE
  • CLOUD_ASSET_GOVERNANCE_RULE_SET
  • CLOUD_ASSET_GOVERNANCE_RULE_ENFORCEMENT
  • CLOUD_ASSET_GOVERNANCE_RULE_EVALUATION
  • CLOUD_ASSET_GOVERNANCE_NOTIFICATION
  • CLOUD_ASSET_GOVERNANCE_RECOMMENDATION
Cost visibility, optimization, anomaly detection, and governance resources for managing cloud spend and efficiency.
Feature Flags
  • FEATURE_FLAG
  • FEATURE_FLAG_STALE_CONFIG
  • TARGET_GROUP
Feature Flags resources used to control feature rollout and targeting. These audit events apply to Feature Flags resources, not FME entities.
Code Repository
  • CODE_REPOSITORY
  • CODE_BRANCH_RULE
  • CODE_PUSH_RULE
  • CODE_TAG_RULE
  • CODE_BRANCH
  • CODE_TAG
  • CODE_REPOSITORY_SETTINGS
  • CODE_WEBHOOK
Source code repositories and governance rules for managing code changes and integrations.
Internal Developer Portal
  • IDP_APP_CONFIGS
  • IDP_CONFIG_ENV_VARIABLES
  • IDP_PROXY_HOST
  • IDP_SCORECARDS
  • IDP_CHECKS
  • IDP_ALLOW_LIST
  • IDP_OAUTH_CONFIG
  • IDP_CATALOG_CONNECTOR
  • IDP_BACKSTAGE_CATALOG_ENTITY
  • IDP_BACKSTAGE_SCAFFOLDER_TASK
  • IDP_LAYOUT
  • IDP_HOMEPAGE_LAYOUT
  • IDP_PERMISSIONS
  • IDP_PLUGINS
  • IDP_GIT_INTEGRATIONS
  • IDP_CATALOG_INTEGRATIONS
  • IDP_CATALOG
  • IDP_CATALOG_DECORATOR
  • IDP_CATALOG_TABLE
  • IDP_CATALOG_VERSION
  • IDP_CATALOG_CUSTOM_PROPERTIES
  • IDP_GROUPS
  • IDP_WORKFLOW
  • IDP_ENVIRONMENT
  • IDP_ENVIRONMENT_BLUEPRINT
  • IDP_AGGREGATION_RULE
  • IDP_KIND
Developer self-service portal resources including service catalog, workflows, scorecards, and integrations.
Supply Chain Security (Software Supply Chain Assurance)
  • SSCA_ARTIFACT
  • SSCA_COMPLIANCE
  • SSCA_COMPONENTS
Artifact and component-level compliance data for securing the software supply chain.
Infrastructure as Code Management
  • WORKSPACE
  • IAC_MODULE
Workspaces and modules used to manage infrastructure using infrastructure-as-code workflows.
Artifact Registry
  • ARTIFACT_REGISTRY
  • ARTIFACT_REGISTRY_UPSTREAM_PROXY
Artifact registries and upstream proxies for storing and serving build artifacts.
Release Management
  • RMG_PROCESS
  • RMG_ACTIVITY
  • RMG_PROCESS_INPUT
  • RMG_RELEASE_GROUP
  • RMG_RELEASE
Release orchestration resources used to model and manage release processes and workflows.
Other / System
  • MODULE_LICENSE
  • EULA
  • NETWORK_MAP
  • SERVICE_DISCOVERY_AGENT
  • APPLICATION_MAP
  • DAEMON_SET
  • RUNNER
  • GITX_WEBHOOK
  • RMG
  • DEFAULT_NOTIFICATION_TEMPLATE_SET
System-level, licensing, and miscellaneous resources used internally or across multiple modules.
Software Engineering Insights (1.0)
  • SEI_CONFIGURATION_SETTINGS
  • SEI_COLLECTIONS
  • SEI_INSIGHTS
  • SEI_PANORAMA
Metrics, insights, and configurations used to analyze software delivery and engineering performance.
Continuous Error Tracking
  • CET_AGENT_TOKEN
  • CET_CRITICAL_EVENT
  • CET_SAVED_FILTER
Error tracking resources used to capture, filter, and analyze application runtime issues.
Cloud Development Environments (Gitspaces)
  • CDE_GITSPACE
  • CDE_INFRAPROVIDER
Cloud development environments used to provision and manage Git-based workspaces.
Service Reliability Management
  • MONITORED_SERVICE
  • SERVICE_LEVEL_OBJECTIVE
  • DOWNTIME
  • NOTIFICATION_CHANNEL
  • NOTIFICATION_RULE
Resources for monitoring service health, defining SLOs, tracking downtime, and sending reliability notifications.

Resource type and supported actions

Each resource in Harness can perform specific actions that reflect how it is created, updated, executed, accessed, or governed across the platform.

Resource TypeSupported ActionsDescription
All Resources (Generic)
  • CREATE
  • UPDATE
  • DELETE
  • RESTORE
  • MOVE
Core lifecycle actions applicable to most resources across Harness.
Access & Identity Resources (USER, ROLE, SERVICE_ACCOUNT, TOKEN)
  • INVITE
  • ADD_MEMBERSHIP
  • REMOVE_MEMBERSHIP
  • CREATE_TOKEN
  • REVOKE_TOKEN
  • DELETE_TOKEN
Actions related to managing users, access, and authentication credentials.
Platform Authentication
  • LOGIN
  • LOGIN2FA
  • UNSUCCESSFUL_LOGIN
Records authentication activity for users and service accounts.
Pipeline Resources (PIPELINE, STAGE, INPUT_SET)
  • START
  • END
  • STAGE_START
  • STAGE_END
  • PAUSE
  • RESUME
  • ABORT
  • TIMEOUT
  • RERUN
Actions that track pipeline and stage execution lifecycle.
Governance & Policy Resources
  • ENABLED
  • DISABLED
  • BYPASS
  • FREEZE_BYPASS
Actions that reflect policy state changes or controlled overrides.
Git-Backed Resources (GitOps, Code, IACM)
  • SYNC_START
  • SYNC_SUCCEEDED
  • SYNC_FAILED
  • MOVE_TO_GIT
  • FORCE_PUSH
Actions related to Git synchronization and source-controlled changes.
SLO & Reliability Resources
  • ERROR_BUDGET_RESET
Actions associated with SLO and reliability management events.
Feature Flags Resources
  • ENABLED
  • DISABLED
Actions indicating Feature Flags state changes. These actions do not apply to FME entities.
Impersonation
  • START_IMPERSONATION
  • END_IMPERSONATION
Tracks when an identity assumes or exits impersonated access.
Tickets & Exceptions
  • TICKET_CREATED
  • TICKET_CREATE_FAILED
  • DISMISS_ANOMALY
Actions representing exceptions, alerts, or external ticketing outcomes.
System & Compliance Events
  • SIGNED_EULA
  • STABLE_VERSION_CHANGED
  • EXPIRED
One-time or system-level events recorded for audit and compliance.