Enable Workspace File Audits

Enable Workspace File Access auditing to capture file-level operations in workspaces. This feature is opt-in and requires enablement before use.

Prerequisites

Verify that you have the following:

  • AWS-based Domino deployment (cloud or on-prem)

  • Domino version 6.2 or later

Note
 Azure and GCP support will be available in future releases.

Enable the service

Enable Workspace File Audits by configuring object storage buckets and Domino settings. You need two S3 buckets for temporary staging and an archive bucket for long-term storage.

You can provision these buckets using the Domino Terraform module or create them manually.

Use the Domino Terraform Module

The Domino Terraform module contains the bucket configuration details.

  1. Enable the workspace_audit option in the Terraform configuration.

  2. Re-run the Terraform module to provision the required S3 buckets (working and archive).

  3. Contact your Domino administrator if you have questions or run into issues.

Without the Terraform Module

Create and configure the S3 buckets manually.

  1. Create two S3 buckets in your cloud blob storage provider:

    1. Working bucket: Temporary staging for raw audit events

    2. Archive bucket: Long-term storage for processed audit events

  2. Verify that both buckets have the required IAM permissions for Domino to read and write.

After you create the bucket

Next, you’ll need to update the agent.yaml file to enable workspace audit and provide the bucket details.

The setting enabled: true triggers the full infrastructure setup: enabling Falco, updating the Falco configuration, deploying the workspace audit service, and connecting to the provisioned buckets.

workspace_audit:
  cloud_provider: aws
  enabled: true
  event_archive_storage_aws:
    bucket: <your-archive-bucket-name>
    region: <your-region>
    sse_kms_key_id: <your-kms-key-id>
  event_working_storage_aws:
    bucket: <your-working-bucket-name>
    region: <your-region>
    sse_kms_key_id: <your-kms-key-id>

Next steps