Visibility into End User Sessions for access audit purposes

Near the end of the talk on Secure Access Management with HashiCorp Boundary there is a section called “Using Boundary to Gain Visibility into End User Sessions” which briefly demonstrates using the data in postgres to show an access log. I would like to build something similar but have not found any documentation or posts going into this any deeper. I have connected to the portgres database, but there are a lot of tables there and I’m wondering if there is any documentation on the table structure and which ones I should be looking at for building a basic report of who accessed which resources and when.

Any tips on nice ways to export that report, or descriptions of how others are doing this would be appreciated as well.

Thanks,
Bjorn

Hi Bjorn,

The tables prefixed with wh_ are the data warehouse tables. There are 4 dimension tables and 2 accumulating fact tables. The wh_session_accumulating_fact table contains one row per session. The wh_session_connection_accumulating_fact table contains one row per connection in each session. Both of the fact tables have foreign key relationships to the 4 dimension tables.

The wh_date_dimension contains one row for each day for approximately the next 50 years. The wh_time_of_day_dimension contains one row for each second in a day. So, to get the date and time of day of a session, join the wh_session_accumulating_fact table with the wh_date_dimension and wh_time_of_day_dimension tables. To get the information about the user of a session join the wh_session_accumulating_fact with the wh_user_dimension. And to get the information about the host of a session join the wh_session_accumulating_fact with the wh_host_dimension.

Here is an ER diagram of the warehouse tables to help:

2 Likes

Thank you for the thorough answer!

1 Like