Audit Trails for Enterprise Accounts

Last updated October 10, 2022

Enterprise Accounts enable you to export an audit trail, which is a JSON-formatted archive of certain events associated with the account. This archive helps you meet a variety of compliance, auditing, and accountability requirements.

Installation

No installation is needed for the Audit Trail. If you are using the Enterprise Accounts and have the “Manage” permission in your company’s Enterprise Account, you should be able to find and use feature under the Settings tab.

Audit Trail

Usage

Heroku provides a separate event archive for each calendar month. It does not provide real-time event logging. If you request the event archive for the current month, the archive includes all events from the start of the current month up to midnight UTC of the current day.

First install the enterprise plugin:

$ heroku plugins:install @heroku-cli/plugin-enterprise

To list all available event archives:

$ heroku enterprise:audits -e my-enterprise-account-name

To export the current month’s archive:

$ heroku enterprise:audits:export -e my-enterprise-account-name

To export a particular month’s archive:

$ heroku enterprise:audits:export 2018-01 -e my-enterprise-account-name

The exported archive doesn’t always list audit trail entries in chronological order. You can use jq to sort the entries in the JSON file. For example, jq '.entries |= sort_by(.created_at)' your-exported-file.json.

Access

Any member of your Enterprise Account with the manage permission can export audit trail archives. Learn more about Enterprise Account permissions. Users can also export audit logs using the Enterprise Accounts CLI plugin. Please visit the Enterprise Accounts CLI Plugin Dev Center article to learn more about the Heroku CLI and installation instructions.

Supported events

Audit trails include the following event types, selected to help you meet various auditing and compliance requirements:

[
  "addon.attach",
  "addon.create",
  "addon.destroy",
  "addon.detach",
  "addon.update",
  "app.create",
  "app.destroy",
  "app.update",
  "app_transfer.create",
  "app_transfer.update",
  "code_release.create",
  "collaborator.create",
  "collaborator.destroy",
  "config_change.remove",
  "config_change.set",
  "domain.create",
  "domain.destroy",
  "enterprise_account_membership.create",
  "enterprise_account_membership.destroy",
  "enterprise_account_membership.update",
  "heroku_config_change.update",
  "sni_endpoint.create",
  "sni_endpoint.destroy",
  "sni_endpoint.update",
  "space.create",
  "space.destroy",
  "space.update",
  "team_membership.create",
  "team_membership.destroy",
  "team_membership.update",
  "team.destroy",
  "team.update",
  "trusted_ip.update"
]

Feedback

Log in to submit feedback.