Track custom events

This guide will help you track custom events using the Sqreen SDK and automate security scenarios. Visit the security automation section to learn more.

The Sqreen SDK stores events locally in a queue until the next heartbeat. Every minute, it flushes tracked events to our servers. When your app exits, it flushes any remaining tracked events.

To complete this guide, you should have installed our library in your application. Follow the installation steps described here.

You can find a Go documentation reference of the SDK at https://godoc.org/github.com/sqreen/go-agent/sdk.

Tracking events

You use the TrackEvent() SDK method to record custom events.

To record an event, first name it:

sqreen := sdk.FromContext(ctx)
sqreen.TrackEvent("my.event")

The SDK supports optional parameters, such as properties:

props := sdk.EventPropertyMap{"key": "value"}
sqreen := sdk.FromContext(ctx)
sqreen.TrackEvent("my.event").WithProperties(props)

Later, when creating automation playbooks using this event, you can use these parameters to group events and apply conditions and detections.

Default properties

Out of the box, the Sqreen library collects some properties based on the HTTP request:

  • Client IP.
  • User agent.
  • Path requested.
  • Request HTTP verb.
  • HTTP parameters.

By default, the Sqreen SDK scrubs sensitive data from these properties. See PII scrubbing

Method definition

This is the TrackEvent() method:

func (ctx *HTTPRequestRecord) TrackEvent(event string) *HTTPRequestEvent

TrackEvent() creates a new event, named event. You can set the event options using the returned value's methods. Event options allow you to provide additional parameters:

func (e *HTTPRequestEvent) WithProperties(p EventPropertyMap) *HTTPRequestEvent
func (e *HTTPRequestEvent) WithTimestamp(t time.Time) *HTTPRequestEvent
func (e *HTTPRequestEvent) WithUserIdentifiers(id EventUserIdentifiersMap) *HTTPRequestEvent
  • WithProperties(): pass an object with arbitrary parameters to record custom event dimensions.

  • WithUserIdentifiers(): identify the user account which performed the event. This should be the same object provided to ForUser() method when used.

  • WithTimestamp(): manually set the event’s timestamp. By default, Sqreen uses the current server time.

User tracking

To associate the event tracked with a user account, you can pass it to every TrackEvent() using WithUserIdentifiers() or rely on the ForUser() method to globally set it to the following method calls.

When TrackEvent() receives user identifiers, it overrides the identify value for the context of this event.

uid := sdk.EventUserIdentifiersMap{"uid": "my-uid"}
sdk.FromContext(ctx).ForUser(uid).TrackEvent("my.event")

Monitor events

Congratulations! You've set up the Sqreen SDK and tracked your first custom events.

Now, go to your dashboard and visit the Event Explorer to check the events are properly recorded by Sqreen.

Next, depending on your traffic and the frequency of the tracked events, you may want to wait a few hours or days to collect enough events to craft a playbook.

event explorer

Create a security automation playbook

Once you are ready to automate a scenario, go to your dashboard and visit the Playbooks section to start building an automation playbook.