Audit Trails for Enterprise Accounts

Last updated 15 June 2019

Audit Trail is part of the Enterprise Accounts product which is in Public Beta currently. Please visit this article to learn how to opt in.

Enterprise Accounts enable you to export an audit trail, which is a chronological, JSON-formatted archive of certain events associated with the account. This archive helps you meet a variety of compliance, auditing, and accountability requirements.

Installation

Run the following CLI command to enable audit trails for your Enterprise Account:

$ heroku labs:enable audit-trail

Then run the following command to install the associated CLI plugin:

$ heroku plugins:install heroku-audit-trail

Usage

Heroku provides a separate event archive for each calendar month. It does not provide real-time event logging. If you request the event archive for the current month, the archive includes all events from the start of the current month up to midnight UTC of the current day.

To list all available event archives:

$ heroku audit-trail -e my-enterprise-account-name

To export the current month’s archive:

$ heroku audit-trail:export -e my-enterprise-account-name

To export a particular month’s archive:

$ heroku audit-trail:export 2018-01 -e my-enterprise-account-name

Access

Any member of your Enterprise Account with the manage permission can export audit trail archives. Learn more about Enterprise Account permissions

Supported events

Currently, audit trails include the following event types, selected to help you meet various auditing and compliance requirements:

[
 "addon.attach",
 "addon.create",
 "addon.destroy",
 "addon.detach",
 "addon.update",
 "app.create",
 "app.destroy",
 "app.update",
 "app_transfer.create",
 "app_transfer.update",
 "code_release.create",
 "collaborator.create",
 "collaborator.destroy",
 "config_change.remove",
 "config_change.set",
 "domain.create",
 "domain.destroy",
 "heroku_config_change.update",
 "sni_endpoint.create",
 "sni_endpoint.destroy",
 "sni_endpoint.update",
 "space.create",
 "space.destroy",
 "space.update",
 "ssl_endpoint.create",
 "ssl_endpoint.destroy",
 "ssl_endpoint.update",
 "team.destroy",
 "team.update"
]

Feedback

Log in to submit feedback.