Audit Logs in AWS

_includes/searching-by-logs.md

@@ -7,8 +7,9 @@
 
 3. Select the desired log group.
 
-4. In the *Log streams* pane, select the log stream according the last event. The last event time should match the time when the issue occurred. 
+4. In the *Log streams* pane, select the log stream according the last event. The last event time should match the time when the issue occurred.
 
 ![select log stream](https://spryker.s3.eu-central-1.amazonaws.com/cloud-docs/Spryker+Cloud/Working+with+logs/select-log-stream.png)
 
 5. In the *Log events* pane, filter events by entering a query in the search bar.
+  When browsing audit logs, you might want to filter by tile, like `audit`, or by a user, like `sonia@spryker.com`.

docs/ca/dev/working-with-logs.md

@@ -16,9 +16,9 @@ This document describes how to work with logs(events). Logs provide information
 
 ## Log groups
 
-To make log browsing easier, logs from the same source form a log stream. Log streams with the same retention, monitoring, and access control settings form a log group. You can check logs from the following log groups.
+To make log browsing easier, logs from the same source form a log stream. Log streams with the same retention, monitoring, and access control settings form a log group. The following is an approximate list of log groups that can be available in your project. The actual list of log groups depends on your setup.
 
-| HEADER | HEADER |
+| LOG GROUP | PATH |
 | --- | --- |
 | AWS code build pipelines | DESTRUCTIVE pipeline jobs: /aws/codebuild/danger/{environment_name} <br> NORMAL pipeline jobs: /aws/codebuild/{environment_name} |
 | AWS Elasticsearch | /aws/elasticsearch/{environment_name} |
@@ -28,15 +28,38 @@ To make log browsing easier, logs from the same source form a log stream. Log st
 | EC2 Jenkins | /ec2/{environment_name}/jenkins/docker |
 | ECS blackfire | /ecs/fargate/{environment_name}/blackfire/docker |
 | Frontend service | /ecs/{environment_name}/frontend/docker |
-| GLUE service | /ecs/{environment_name}/glue/docker |
+| Glue API | /ecs/{environment_name}/glue/docker |
+| Glue Backend API | /ecs/{environment_name}/glue_backend/docker |
 | ECS Jenkins | /ecs/{environment_name}/jenkins/docker |
 | RabbitMQ ECS | /ecs/{environment_name}/rabbitmq/docker |
-| ECS YVES | /ecs/{environment_name}/yves/docker |
+| Storefront (Yves) | /ecs/{environment_name}/yves/docker |
 | ECS ZED | /ecs/{environment_name}/zed/docker |
+| Back Office | /ecs/{environment_name}/boffice/docker |
+| Merchant Portal | /ecs/{environment_name}/mportal/docker |
 
-## Search in logs
+### Audit logs
+
+Audit logs are a type of logs used to track user-related activities. If audit logs are installed<!--()](link to audit logs md) --> in your project, you can browse them for the following log groups.
+
+* Storefront (Yves)
+* Back Office
+* Merchant Portal
+* Glue API
+* Glue Backend API
+
+The actual list of applications for which audit logs are enabled depends on your setup.
 
-To search in logs:
+The following audit events are logged by default:
+
+* Successful login
+* Failed login
+* Password reset requested
+* Password updated after reset
+* [Agent Assist feature](/docs/pbc/all/user-management/{{site.version}}/base-shop/agent-assist-feature-overview.html) logs:
+  * Impersonation started
+  * Impersonation ended
+
+## Search in logs
 
 {% include searching-by-logs.md %} <!-- To edit, see /_includes/searching-by-logs.md -->