Event Center

Firefly's Event Center provides a centralized and chronological view of all cloud events, including mutations, ClickOps events and CLI/SDK events. By consolidating scattered event data into a unified interface, the Event Center enhances investigation workflows, enables efficient issue tracking, and improves visibility into changes across cloud environments.

Think of the Event Center as an audit log for your cloud: it's where you go to answer "What happened recently in my infrastructure?".

Overview

The Event Center presents a chronological log of events across your integrated cloud accounts. Each event corresponds to a change in an asset's state, displayed in a timeline and table format where each entry includes details like timestamp, asset affected, type of change, source of change, and the actor who made the change.

This gives you a unified history of infrastructure changes across both ClickOps (manual changes) and IaC-driven changes.

Key Benefits

  • Enhanced User Experience: Users can easily access a chronological list of cloud events for efficient tracking and issue resolution.

  • Improved Troubleshooting: Helps trace the chain of events that led to cloud mutations, drifts, or unmanaged assets due to ClickOps.

  • Real-time Visibility: Events are updated in near real-time as Firefly listens to cloud events (AWS CloudTrail, Azure Activity Logs, etc.) and IaC tool events.

  • Comprehensive Audit Trail: Complete visibility into your cloud's evolution with attribution to specific users or processes.

Event Types

The Event Center currently supports the following event types:

ClickOps Events

Identifies manual changes made directly in cloud consoles, not managed by Infrastructure as Code (IaC). These events help track unauthorized or out-of-process changes that could lead to configuration drift.

When someone manually opens the AWS console and changes an S3 bucket setting, Firefly logs a ClickOps event noting that the bucket's configuration was altered. These entries are often highlighted since unmanaged changes are important to address quickly.

CLI/SDK Events

Identifies changes made through CLI/SDK tools, such as AWS CLI, Azure CLI, automated scripts, etc. These events help track changes made through these tools.

When a user runs aws s3 mb s3://my-bucket, Firefly logs a CLI/SDK event noting that the bucket was created.

Mutation Events

Tracks configuration changes to cloud assets, whether from manual changes, automated processes, or IaC deployments. Mutation events include detailed information about what changed, providing before and after configuration states like a code diff.

If a Terraform apply changes configuration of 5 resources, you'll see 5 mutation events for those changes. If a CI/CD pipeline or auto-scaling event occurs, those changes are also captured as mutation events.

Capabilities

Filtering Options

Users can filter events based on multiple criteria to drill down into specific changes:

  • Event Type: Filter by Mutations, ClickOps, CLI/SDK events, or other event categories.

  • Action Type: Filter by create, update, delete, etc.

  • Data Source: Filter by cloud provider (AWS, GCP, Azure, etc.) as categorized in Inventory.

  • Location: Region-based filtering to focus on specific geographical areas.

  • Asset Type: Filter by resource types such as EC2 instances, S3 buckets, RDS databases, etc.

  • Owner: Track events by the user responsible for changes.

  • Timeframe: Choose from predefined options:

    • 24 hours (default)

    • 7 days

    • 30 days

    • Custom date ranges

Search and Investigation

The Event Center provides powerful search capabilities to help you investigate specific issues:

  • Free-text search across event details.

  • Asset-specific filtering to track changes to particular resources.

  • Timeline navigation to understand the sequence of events.

  • Export to CSV/JSON: Export all filtered events for external analysis, reporting, or integration with other tools.

Data Integration

The Event Center consolidates event data from multiple sources, providing comprehensive metadata for each event type:

ClickOps & CLI/SDK Events Metadata

Each ClickOps and CLI/SDK event includes the following detailed information:

  • Date: Exact timestamp of the event.

  • Event ID: Unique identifier linked to cloud audit logs (e.g., AWS CloudTrail) for detailed investigation.

  • Event Name: Description of the specific action performed.

  • Region: Geographic location where the change occurred.

  • Service: The cloud service involved (e.g., EC2, S3, IAM).

  • Owner: The user or role responsible for the change.

  • Source IP: The IP address from which the change was initiated.

  • User Agent: Information about the client used to make the change.

  • Request Parameters: Details of what was requested.

  • Response Elements: Information about the cloud provider's response.

  • TLS Details: Security-related information about the connection.

Mutation Events Metadata

Each mutation event captures comprehensive change information:

  • Date: When the change occurred.

  • Data Source: The cloud provider or system where the change happened.

  • Location: Region or zone information.

  • Asset Type: The type of resource that changed.

  • Asset Name: The specific resource identifier.

  • Before/After Configuration States: Detailed configuration diff showing exactly what changed, similar to a code diff.

Integration with Notifications & Alerting

To ensure you don't miss critical events, the Event Center integrates with external logging and alerting systems. For the full configuration details, see the Notifications guide.

Best Practices

Daily Operations

  • Review the Event Center daily to stay aware of infrastructure changes.

  • Set up alerts for unexpected manual changes in production environments.

  • Use filtering to focus on specific resources or timeframes during investigations.

Compliance and Auditing

  • Track the ratio of IaC vs. manual changes to measure infrastructure maturity.

  • Use ownership information for post-incident analysis and accountability.

Troubleshooting

  • Correlate events with system issues to understand root causes.

  • Use before/after configuration states to quickly identify problematic changes.

  • Follow the event timeline to understand the sequence of changes leading to issues.

The Event Center transforms chaotic change management into an organized, auditable process that's essential for both reliability and security. By providing complete visibility into your cloud's evolution with proper attribution and integration capabilities, it serves as your single source of truth for infrastructure changes.

Last updated

Was this helpful?