Merge pull request MicrosoftDocs#86653 from WentingWu666666/users/wentingwu/audit_whitelist

ktoliver · web-flow · commit 1ee0463bc410 · 2022-01-21T14:47:53.000-07:00
Configure audit whitelist
diff --git a/articles/managed-instance-apache-cassandra/monitor-clusters.md b/articles/managed-instance-apache-cassandra/monitor-clusters.md
@@ -132,7 +132,40 @@ Use the [Azure Monitor REST API](/rest/api/monitor/diagnosticsettings/createorup
 }
 ```
 
+## Audit whitelist
+
+> ![NOTE]
+> This article contains references to the term *whitelist*, a term that Microsoft no longer uses. When the term is removed from the software, we'll remove it from this article.
+
+By default, audit logging creates a record for every login attempt and CQL query. The result can be rather overwhelming and increase overhead. You can use the audit whitelist feature in Cassandra 3.11 to set what operations *don't* create an audit record. The audit whitelist feature is enabled by default in Cassandra 3.11. To learn how to configure your whitelist, see [Role-based whitelist management](https://github.com/Ericsson/ecaudit/blob/release/c2.2/doc/role_whitelist_management.md). 
+
+Examples:
+
+* To filter out all **select and modification** operations for the user **bob** from the audit log, execute the following statements:
+
+  ```
+  cassandra@cqlsh> ALTER ROLE bob WITH OPTIONS = { 'GRANT AUDIT WHITELIST FOR SELECT' : 'data' };
+  cassandra@cqlsh> ALTER ROLE bob WITH OPTIONS = { 'GRANT AUDIT WHITELIST FOR MODIFY' : 'data' };
+  ```
+  
+* To filter out all **select** operations on the **decisions** table in the **design** keyspace for user **jim** from the audit log, execute the following statement:
+
+  ```
+  cassandra@cqlsh> ALTER ROLE jim WITH OPTIONS = { 'GRANT AUDIT WHITELIST FOR SELECT' : 'data/design/decisions' };
+  ```
+
+* To revoke the whitelist for user **bob** on all the user's **select** operations, execute the following statement:
+
+  ```
+  cassandra@cqlsh> ALTER ROLE bob WITH OPTIONS = { 'REVOKE AUDIT WHITELIST FOR SELECT' : 'data' };
+  ```
+
+* To view current whitelists, execute the following statement:
+
+  ```
+  cassandra@cqlsh> LIST ROLES;
+  ```
 
 ## Next steps
 
-* For detailed information about how to create a diagnostic setting by using the Azure portal, CLI, or PowerShell, see [create diagnostic setting to collect platform logs and metrics in Azure](../azure-monitor/essentials/diagnostic-settings.md) article.
+* For detailed information about how to create a diagnostic setting by using the Azure portal, CLI, or PowerShell, see [create diagnostic setting to collect platform logs and metrics in Azure](../azure-monitor/essentials/diagnostic-settings.md) article.
