Enterprises need to have better visibility into the Automation Cloud automation and audit logs.
Currently, there is no way to have the logs generated from Automation Cloud automatically pushed to a third-party log aggregation service such as Splunk or Elastic.
This creates a problem for enterprise security organizations to have a view into who’s accessing the system, when, and what actions are being performed. It also means that the organizations lose control of general logs and how that data can be used internally within the organization.
This request is to have a method whereby logs that are generated on Automation Cloud, whether it be audit in nature or automation execution (not Robot) in nature, that those logs can be pushed to a third-party log aggregation service in real-time.
Thank you for the feedback. We realize the challenge of utilizing the Automation Cloud log/audit data within your company tools and have an audit & api feature in plan to address this type of use case and hope to have news for you soon.
I wanted to clarify my understanding of this; when you say, “automation execution (not [Robot] in nature” do you mean to exclude all the one that started via the desktop Assistant (attended robot) and include all robot execution that was innated & ran on the cloud only?
Audit Logs (who did what, when, and how) across all services
Service Specific Logs
Orchestrator (Activities performed within Orchestrator via the UI, activities related to the execution of the automations from Orchestrator, who did what, when, and how)
Logs related to the specific work that’s being performed by the Robots on the virtual device.
I’m really focusing this feature request on the first two. My assumption is that Robot Logs can use nLog to route those logs to local files that can then be ingested into log aggregation tools like Splunk universal forwarder or something like that since more than likely logs on those virtual devices are already being aggregated (Windows Event Logs, etc). Additionally, since (in our case) UiPath has a native Crowdstrike/Robot integration, anything the Robot does that would require an audit can be done via Crowdstrike. tl;dr, I think the Robot logs are covered in a variety of different ways to service a variety of use cases and needs.
Since we are operating in a vendor saas solution for Automation Cloud, this is really where the gap is in terms of understanding who did what, when, and how from a security perspective, as well as logging what the applications are doing to meet each enterprises need to maintain all application logs in one place.