AuditLog

Experimental

AuditLog records results from an audit performed against a target resource

criteria array[ArtifactMapping] Required

criteria defines the acceptable state for the audited resource

metadata object Required

results array[AuditResult] Required

results records audit results against the criteria

summary string Required

summary provides the high-level conclusion

owner RACI

owner defines the RACI roles responsible for managing the audit

ResultType

ResultType classifies the nature of an audit result

  • Type: string

AuditResult

Experimental

AuditResult records a single result with supporting evidence and recommendations.

criteria-reference MultiEntryMapping Required

criteria-reference maps this result to specific criteria entries

description string Required

description explains the result in detail

id string Required

id uniquely identifies this result

title string Required

title describes this result at a glance

type ResultType Required

type classifies the nature of this result

evidence array[Evidence]

evidence records the data sources that support this result

recommendations array[Recommendation]

recommendations records corrective actions for this result

Recommendation

Experimental

Recommendation provides a corrective action for an audit result

required string Required

required indicates whether this recommendation is a mandatory corrective action

text string Required

text describes the recommended corrective action

id string

id uniquely identifies this recommendation

Evidence

Experimental

Evidence records a specific data source consulted during an audit

collected Datetime Required

collected is the timestamp when the evidence was gathered

location ArtifactMapping Required

location references the artifact containing this evidence

type EvidenceType Required

type categorizes the kind of evidence

description string

description explains what this evidence represents

id string

id uniquely identifies this evidence

EvidenceType

EvidenceType categorizes the kind of evidence collected during an audit

  • Type: string