Skip to main content

Access Logs (SecOps)

Overview

The Access Logs panel provides security operations (SecOps) capabilities for tracking and analyzing user access patterns across the Shakudo platform. This feature integrates with OAuth2 Proxy logs to monitor which users have accessed specific domains, offering visibility into authentication and access activities for security auditing and compliance purposes.

Access & Location

  • Route: ?panel=secops
  • Navigation: Admin → Access Logs
  • Access Requirements:
    • Dashboard admin role (rbacInfo[0] must be true)
    • User must be part of the dashboard-admin role
  • Feature Flags:
    • secOpsEnabled - Must be set via environment variable HYPERPLANE_DASHBOARD_SECOPS_ENABLED=true

Key Capabilities

User Access Tracking

Monitor OAuth2 Proxy logs to track user authentication and access patterns across domains. This provides a centralized view of who is accessing which services and when.

Grafana Dashboard Integration

Direct integration with a dedicated Grafana dashboard (secops-oauth2-proxy) that provides advanced filtering, visualization, and analysis capabilities for access logs.

Security Auditing

Enable security teams to audit user access patterns, identify unauthorized access attempts, and maintain compliance with security policies.

User Interface

Main View

The panel displays an embedded Grafana dashboard in kiosk mode (fullscreen, no Grafana navigation chrome) that shows OAuth2 Proxy logs. The view includes:

  • Title Section: "User Access Logs" with descriptive text explaining the panel's purpose
  • Embedded Dashboard: Full-height iframe displaying the Grafana SecOps dashboard
  • External Link Button: Icon button (open in new tab) to access the full Grafana dashboard with filtering capabilities

The interface is designed to provide immediate visibility into access logs while offering a path to more advanced analysis in Grafana.

Dialogs & Modals

No dialogs or modals are implemented in this panel. All interactions occur through the embedded Grafana dashboard or by opening the full Grafana interface in a new tab.

Tables & Data Grids

This panel does not implement its own tables. All data visualization and tabular display is handled by the embedded Grafana dashboard, which provides:

  • OAuth2 Proxy log entries
  • User access events
  • Domain access patterns
  • Timestamp and authentication details

For filtering and detailed analysis, users must click the "Open in new tab" button to access the full Grafana dashboard.

Technical Details

GraphQL Operations

This panel does not use any GraphQL operations. It relies entirely on Grafana for data retrieval and visualization.

Queries: None

Mutations: None

Subscriptions: None

Component Structure

  • Main Component: /root/gitrepos/monorepo/apps/hyperplane-dashboard/components/SecOps/SecOpsPanel.tsx
  • Dialogs: None
  • Tables: None (data visualization handled by Grafana)

External Dependencies

  • Grafana: Dashboard hosted at https://grafana.{domain}/d/ddv992wudcvlsd/secops-oauth2-proxy
  • OAuth2 Proxy: Source of authentication and access logs
  • Domain Context: Uses platform domain from PlatformParametersContext to construct Grafana URLs

Implementation Details

The component uses:

  • dayjs for time handling (with relativeTime, timezone, and UTC plugins loaded but not actively used in current implementation)
  • Material-UI components for layout and interaction (Stack, Typography, IconButton, Tooltip)
  • React Icons (MdOpenInNew) for the external link icon
  • Context API to access platform domain configuration

Common Workflows

Viewing Access Logs

  1. Navigate to Admin → Access Logs from the main navigation
  2. The embedded Grafana dashboard loads automatically showing recent OAuth2 Proxy logs
  3. Review access patterns in the default view

Advanced Filtering and Analysis

  1. From the Access Logs panel, click the "Open in new tab" button (icon with tooltip)
  2. The full Grafana dashboard opens in a new browser tab
  3. Use Grafana's native filtering, time range selection, and query capabilities
  4. Export or share specific views as needed

Security Audit Investigation

  1. Access the SecOps panel to get an overview of recent access activity
  2. Identify any suspicious patterns or unauthorized access attempts
  3. Open the full Grafana dashboard for detailed investigation
  4. Use time range filters to narrow down specific incidents
  5. Cross-reference with user management and authentication systems
  • Users Panel - Manage user accounts and roles
  • Keycloak Integration - Authentication and authorization system that generates the OAuth2 Proxy logs
  • Admin Panels - Other administrative features requiring dashboard-admin role

Notes & Tips

  • The embedded Grafana dashboard uses kiosk mode (?kiosk parameter) to provide a cleaner, full-screen view without Grafana's standard navigation
  • For complex filtering operations, always use the full Grafana dashboard (click the open in new tab button)
  • Access to this panel requires both the dashboard-admin role and the secOpsEnabled feature flag
  • The Grafana dashboard URL is dynamically constructed based on the platform's domain configuration
  • The panel is lazy-loaded for performance optimization
  • Time handling libraries (dayjs with plugins) are imported but not currently used in the component, suggesting potential future enhancements for time-based filtering or display
Last updated on by chyuen-devsentient