Introducing Qonda Auditor
Qonda Auditor is an auditing solution for organizations that use Esri ArcGIS in restricted environments and require complete traceability of transactions and usage.
What does it support?
Qonda Auditor supports Esri ArcGIS Enterprise 10.8 and above. It also supports stand alone Esri ArcGIS Server 10.8 and above.
What does it audit?
Qonda Auditor can capture request metadata from ArcGIS Server. The ArcGIS Server can be stand-alone or federated with Portal for ArcGIS.
Qonda Auditor can capture request metadata from Web servers that implement the W3C log format. This includes user requests for Portal items (eg web maps, web apps, etc).
Portal does not record very useful user activity even with verbose logging enabled. Qonda Auditor can however capture request metadata from Portal servers such as successful or failed user logins.
How detailed is the auditing?
It depends on the level of auditing configured. For example you can audit per service request (e.g. user requests for a service) or with advanced auditing you can audit individual layers and fields.
Advanced auditing allows detailed reporting of sensitive data when accessed by users e.g. a user accessed senstive fields such as customer PII data.
Does Qonda Auditor store or duplicate sensitive data?
No Qonda Auditor never stores and sensitive data. Any requests for sensitive data are logged and any sensitive fields are hashed using a one way hash.
One way hash?
Advanced auditing of fields that contain sensitive or PII data are hashed before logging. Hashing the senstive data allows data comparison without storing the original sensitive data.
Who audits the auditor?
Qonda Auditor logs requests to audit data.
How is audit data presented?
Qonda Auditor presents data through a number of tools that allow querying, custom reports, custom charts and data pivot.
