audit-report
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseAudit Report Skill
审计报告技能
Generate audit reports and compliance trails using Harness MCP v2 tools.
通过Harness MCP v2工具生成审计报告与合规轨迹。
MCP v2 Tools Used
使用的MCP v2工具
- with
harness_list-- list audit events with filtersresource_type: "audit_event" - with
harness_describe-- discover available filters and fieldsresource_type: "audit_event"
Audit events are read-only. You can list and filter them but cannot create, update, or delete them.
- (参数
harness_list)——通过筛选条件列出审计事件resource_type: "audit_event" - (参数
harness_describe)——查看可用的筛选条件和字段resource_type: "audit_event"
审计事件为只读。您可以列出和筛选事件,但无法创建、更新或删除它们。
Instructions
操作步骤
Step 1: Discover Available Filters
步骤1:查看可用筛选条件
harness_describe(resource_type="audit_event")Understand the available filter parameters before querying.
harness_describe(resource_type="audit_event")查询前先了解可用的筛选参数。
Step 2: List Audit Events
步骤2:列出审计事件
harness_list(
resource_type="audit_event",
org_id="<org>", # optional - scope to organization
project_id="<project>", # optional - scope to project
search_term="<user or resource>", # optional
page=0,
size=100
)harness_list(
resource_type="audit_event",
org_id="<org>", # 可选 - 限定组织范围
project_id="<project>", # 可选 - 限定项目范围
search_term="<user or resource>", # 可选
page=0,
size=100
)Step 3: Filter by Action Type
步骤3:按操作类型筛选
Filter results by these standard action types:
| Action | Description |
|---|---|
| Resource creation |
| Resource modification |
| Resource deletion |
| User authentication |
| Session termination |
| Resource access |
| Pipeline execution |
可通过以下标准操作类型筛选结果:
| 操作类型 | 描述 |
|---|---|
| 资源创建 |
| 资源修改 |
| 资源删除 |
| 用户认证 |
| 会话终止 |
| 资源访问 |
| 流水线执行 |
Step 4: Filter by Resource Type
步骤4:按资源类型筛选
Common resource types in audit events:
| Resource Type | Examples |
|---|---|
| Pipeline create, update, delete |
| Secret access, rotation, deletion |
| Connector modifications |
| Service definition changes |
| Environment configuration changes |
| User management actions |
| Role assignment changes |
| Group membership changes |
审计事件中的常见资源类型:
| 资源类型 | 示例 |
|---|---|
| 流水线创建、更新、删除 |
| 密钥访问、轮换、删除 |
| 连接器修改 |
| 服务定义变更 |
| 环境配置变更 |
| 用户管理操作 |
| 角色分配变更 |
| 用户组成员变更 |
Step 5: Analyze and Correlate
步骤5:分析与关联
- Group events by user to identify activity patterns
- Group events by resource to track change history
- Correlate timestamps to reconstruct incident timelines
- Flag anomalies (off-hours activity, unusual access patterns, privilege escalation)
- 按用户分组事件,识别活动模式
- 按资源分组事件,追踪变更历史
- 关联时间戳,重建事件时间线
- 标记异常情况(非工作时间活动、异常访问模式、权限提升)
Step 6: Generate Report
步骤6:生成报告
Format findings using the templates in references/report-templates.md.
For report templates (General, User Activity, Security) and compliance framework mappings (SOC 2, GDPR, HIPAA), consult references/report-templates.md.
使用references/report-templates.md中的模板格式化调查结果。
如需报告模板(通用型、用户活动型、安全型)及合规框架映射(SOC 2、GDPR、HIPAA),请查阅references/report-templates.md。
Examples
示例
Generate a 30-day audit report
生成30天审计报告
/audit-report
Generate an audit report for the last 30 days/audit-report
生成过去30天的审计报告Investigate a specific user
调查特定用户
/audit-report
What has john.doe@company.com been doing in the last 7 days?/audit-report
john.doe@company.com过去7天的操作记录是什么?Track production changes
追踪生产环境变更
/audit-report
Show all pipeline and environment changes in the production project this month/audit-report
展示本月生产项目中所有流水线和环境的变更记录Security investigation
安全调查
/audit-report
Show all secret access events and privilege changes from last week/audit-report
展示上周所有密钥访问事件和权限变更记录Compliance evidence
合规证据
/audit-report
Generate SOC2 audit evidence for Q4 covering access control and change management/audit-report
生成第四季度涵盖访问控制和变更管理的SOC2审计证据Error Handling
错误处理
| Error | Cause | Solution |
|---|---|---|
| No audit events returned | Time range too narrow or wrong scope | Broaden time range; verify org_id/project_id |
| Access denied | User lacks audit view permissions | Request |
| Pagination incomplete | More events than page size | Increment |
| Search term returns nothing | User ID format mismatch | Try email, username, and display name variants |
| 错误 | 原因 | 解决方案 |
|---|---|---|
| 未返回审计事件 | 时间范围过窄或范围错误 | 扩大时间范围;验证org_id/project_id |
| 访问被拒绝 | 用户缺少审计查看权限 | 申请 |
| 分页不完整 | 事件数量超过单页大小 | 递增 |
| 搜索词无结果 | 用户ID格式不匹配 | 尝试邮箱、用户名和显示名等不同形式 |
Performance Notes
性能注意事项
- Paginate through all results before generating the report. Incomplete data leads to inaccurate audit trails.
- Cross-reference events across scopes (account, org, project) for a complete picture. Do not skip scope levels.
- For compliance reports, verify every claim against actual audit data. Do not infer or assume activity that is not in the logs.
- 生成报告前需遍历所有分页结果。数据不完整会导致审计轨迹不准确。
- 跨范围(账户、组织、项目)交叉引用事件,以获取完整视图。请勿跳过任何范围层级。
- 生成合规报告时,需对照实际审计数据验证所有内容。请勿推断或假设日志中未记录的活动。
Troubleshooting
故障排查
No Events Found
未找到事件
- Start with a broader time range and no filters
- Verify the org_id and project_id scope -- account-level events require no org/project filter
- Remove search_term to confirm events exist, then re-add filters
- 先使用更宽泛的时间范围且不设置筛选条件
- 验证org_id和project_id范围——账户级事件无需设置组织/项目筛选条件
- 移除search_term以确认事件是否存在,之后再重新添加筛选条件
Missing User Activity
用户活动记录缺失
- Check both email and username formats for the user
- Service account activity may appear under a different principal name
- API key usage may not show as the human user
- 检查该用户的邮箱和用户名两种格式
- 服务账户的活动可能显示在不同的主体名称下
- API密钥的使用记录可能不会关联到具体的人工用户
Incomplete Audit Trail
审计轨迹不完整
- Paginate through all results -- check if returned equals the
sizerequested (more pages likely)size - Account-level events are separate from org/project events -- query at the right scope
- Some event types may require specific permissions to view
- 遍历所有分页结果——检查返回的是否等于请求的
size(若不等则可能存在更多页面)size - 账户级事件与组织/项目级事件相互独立——需在正确的范围内查询
- 部分事件类型可能需要特定权限才能查看