Enterprise grade Audit: implementation suggestions
Hello, we're running a self-hosted instance of Novu as a trial in AWS ECS.
Being a financial services company we are audited to exacting standards (FCA in UK).
For Novu/Notifications, this means capturing and storing all outgoing communications from Novu.
Question:
What is the best way to capture all outgoing communication that is:
1) Complete - emails and texts "as seen" by the client/receiver.
2) Immutable - self contained flat values and not object references
3) Ideally maintenance free
Our best idea so far is to simply capture the outgoing traffic from the EC2 instance using one of the aws audit services.
I've noticed there is no Audit thread in the Support channel, so if there are any details we should watch out for, or indeed a better, more straightforward approach, any recommendations are welcome.
Thank you
ps.: existing Activity Feed is not a replacement as it's more targeted, relies on novu instance and contains API request details rather than the full end-product notification content.
7 Replies
Hi @FilipS, I'm an AI assistant for Novu. While a team member reviews this question, I'll see if I can find relevant sources for your question.
-----------------------------
While I generate an answer, here are some sources that might be helpful:
* Introduction
* AWS SNS
* Run Novu in local machine
* How to send PUSH notifications to iOS devices with FCM using Novu
-----------------------------
Answer
I apologize, but I wasn't able to find any specific information about enterprise-grade audit implementation or capturing all outgoing communications from Novu in an immutable and maintenance-free way in the provided documentation. The activity feed feature you mentioned is indeed not designed for the comprehensive audit requirements you described. (1)
While I don't have a direct answer to your specific audit needs, here are some relevant resources that might be helpful:
1. Introduction to Novu concepts
2. AWS SNS integration guide
3. Running Novu in a local machine
Your approach of capturing outgoing traffic from the EC2 instance using AWS audit services seems like a reasonable starting point, given the limitations of the built-in features. However, for such specific and critical requirements in a financial services context, I suggest clicking on the "Ask for help" button to tag a team member who can review your question and provide more tailored advice for your enterprise audit needs.
Feel free to tag @Ask Inkeep with additional questions.
@Dima Grossman
Hi @FilipS unfortuently we don't have something like this out of the box. You can try on relying upon logs reported to cloudwatch or something similiar
thanks @Dima Grossman , we're deciding between Traffic Mirroring and a dedicated sidecar container in the actual Task Definition.
In case of Traffic Mirroring we're seeing a lot of encrypted traffic.
Does Novu encrypt outgoing Provider communications as they leave the container or is it relying on the cloud provider/infra to encrypt traffic please? Figuring out how to tackle decryption
Depending on the delivery provider you will be using, but all of the vendors have encryption in transit over HTTPS (unless you do some custom non https vendor)