Secure event service
reQord is a secure service that stores audit events in an encrypted database. It is designed to provide write-only, tamper-proof audit recording. Whenever a user performs an action with a software tool from the intaQt® framework, the event information of the action is sent to reQord, where it is securely stored, safe from tampering. Event data is encrypted in transit. Stored events are encrypted and only accessible to authorized users.
Secure database event storage
reQord captures audit events created by use of the intaQt® framework. For example, whenever a user downloads PCAP traces or a comparison is made in cheQ, when a search for CDRs is carried out in cdr-linQ, or whenever a test case runs in intaQt®, an audit event is created. These audit events are then encrypted, sent and stored in reQord. Test data itself is not stored.
Solution to track interaction
reQord was created in response to our customers’ desire for secure auditing capabilities for all intaQt® functions. Clients can now read out any information about anybody who has performed any operation, whether this is looking up a test case or downloading something. Similar to a log file, audit events are sent to reQord and securely stored, but with the difference that the events are stored in a tamper-proof manner.
Audit events in the intaQt framework
With minimal configuration, any software tool and service of the intaQt® framework can send audit events to reQord. For an intaQt® testing project, its use is not obligatory. Currently, it is mainly used for ensuring security of audit event information sent to and from cdr-linQ and cheQ. If necessary, it can be extended to other products, including third parties.
Flexible configuration
The software tools can be flexibly configured according to the desired auditing security level. For example, cheQ can be configured to continue running even if the audit service is not reachable for some reason. Audit events can be buffered and sent later or, for the strictest security requirements, tools can be configured not to perform actions unless secure auditing via reQord is available.
Full audit information
The reQord database stores audit events. These are useful events that have taken place in any configured software. They are defined by various fields of information which it is mandatory to store in reQord: the start and end time of an event; the effective user and the user instigating the operation; the application-defined string; the application-defined structured audit data.
In practice, an audit event looks like this:
- appID: appId: cdr-linQ
- eventType: query
- startTime: “2023-05-23T09:20:54.284Z”
- endTime: “2023-05-23T09:20:54.3Z”
- effectiveUser: user1
- originalUser: user1
- audit: {“cdrType”: “HUA” …}
Capturing on separate VM
Depending on security requirements, audit logs may be captured on a separate virtual machine. This is recommended to enhance security and prevent tampering.
Encrypted data at rest
All audit data is strongly encrypted at rest. The data may later be queried, archived or deleted. Sending events to reQord requires a user with write-only access. Reading events from reQord requires a user with read-only access.
Remote, secure access
reQord exposes a GRPC interface. This allows a remote, TLS-secured connection between the event sender and reQord. Mutual TLS is used to ensure that both the client and server are identified.
syslog integration
reQord has support for syslog and can forward all audit events to a provided syslog service. That way, security-relevant information can be forwarded between servers in different networks. For example, information on audit events created inside the QiTASC network can be sent to a client’s external server.
Commands via CLI
There are two ways to talk to reQord: you can either communicate with the reQord database directly (when sending events) or via a command line interface (when querying or performing admin actions). You can then manage information from previous audit events and read them out. The reQord query client allows secure querying of reQord, in addition to secure backups and restores of the event database.
Secure querying process
Audit events can be searched for using a filter query. For example, users can read out audit events with cdr-linQ and submit a query for all events in a given period. When querying, all matching events are stored in an encrypted ZIP file, which is password protected. Querying requires a user with read permissions.
Managed database
reQord has a management tool that allows the management of events. You can back up, archive and restore information from all previous audit events.
- Backup extracts all events from the database, without touching any data
- Archive puts audit events older than a specified time in a file and removes all events from the database that are older than a certain time.
- Restore loads previously backed up or archived ZIP files to the reQord database as duplicates.
Easy integration
reQord has a Go client library and a Kotlin client library, which allow easy integration into services that wish to store audit events. Client libraries transparently handle encryption and any buffering required when sending events.
Table of contents
List of other software tools
intaQt®
Runtime environment for test automation framework
intaQt studio®
Test case development UI
intaQt client®
Command-line interface of the test automation framework
intaQt verification®
Charging verification
intaQt web-ui®
Web-based test case development UI
cheQ
Trace comparison
conQlude
Reporting and issue tracking
colleQtor
Evidence collector
cdr-linQ
CDR search engine
mimiQ
Simulator/message sequence generator.
mimiQ load: load generator
reloQate
Seamless SIM mapping
restriQt
User management
reQord
Secure event service
marQ
Alarm generator