Show HN: Apptrail – SaaS audit trails as a Service https://ift.tt/MUvOBLG

Show HN: Apptrail – SaaS audit trails as a Service Hi Hacker News! We're Samrose and Shaeq from Apptrail (https://apptrail.com). We let B2B SaaS companies easily add customer-facing audit trails to their products. It's currently too hard to build and consume SaaS audit logs. Organizations use audit logs to access and monitor the activity coming from their SaaS tools for security and compliance reasons. For example, a security admin at an enterprise company would use Slack audit logs to see messages sent and what devices and IP addresses they were sent from. Many SaaS companies don’t offer audit trails to their customers, which results in a lack of insight for the SaaS user (for example, they have to make a support ticket every time they need information). For SaaS companies, adding audit logs to their products is a daunting task that often gets delayed because audit logs are full of hidden complexity. Designing a multi-tenant audit trail solution involves careful consideration around scalability, availability, durability, verifiable immutability, configurable data retention, and guaranteed delivery, to name a few requirements. The audit logs need to be viewable through a UI, searchable & filterable, accessible programmatically via a REST API, and ideally support streaming delivery to consumers. SaaS companies are overwhelmed by the complexity, and often implement subpar solutions, which results in more work for their customers to actually consume the audit logs. As an example, SaaS companies are often unable to support extended data retention times (7-10 years is common for larger customers) because their systems aren’t designed for long-term storage. At AWS, we worked on the infrastructure that allows Amazon to easily bake audit logs into their services. Whether it’s S3 or Sagemaker, every AWS service needs to offer audit logs to all customers for it to launch. We realized that enterprise & security-conscious customers have the same needs when using SaaS tools, but SaaS companies are left entirely to figure out building customer-facing audit logs themselves. Apptrail is a fully managed service that enables any B2B SaaS company to easily add full-featured audit trails to their product and deliver audit logs to their end customers' destinations (data lakes, SIEM, etc.) in near real time. Check out a short demo here: https://ift.tt/mlJ4CeB. The way it works is SaaS companies record user and API activity using our language native SDKs, and Apptrail takes care of everything else. Apptrail automatically aggregates and indexes audit data in the cloud and surfaces it to SaaS customers through a self-service portal UI and REST API that we host on your behalf. There's full support for analytical queries and fast data retrieval while keeping audit logs in S3 for durability and optimal scaling. Apptrail offers audit log delivery as a first-class feature using "trails", which allows audit log consumers to add rules to filter audit logs based on their content and configure streaming delivery to destinations like S3 or Splunk. We’re built entirely on AWS, using services like S3, SQS, Kinesis, and ECS on EC2 extensively, with good ol’ JVM powering the application logic. We’ve built Apptrail to scale horizontally, so it can ingest an unlimited number of audit logs. Apptrail is also completely replicated in independent cloud regions, so you can use our regional endpoints to keep audit log data in a specified region (currently we’re launching with US West - Oregon as our first region). We have a usage-based pricing model and charge for each audit log sent and delivered. Our extensive always free tier allows 100k events to be sent for free every month forever. You can sign up for and try Apptrail today. We offer a no credit card required free trial. We would love to hear your thoughts about what we’re building or your experiences with SaaS audit logs in general. Feel free to also reach out to us at founders@apptrail.com February 21, 2022 at 05:39AM

Comments

Popular posts from this blog