Compliance monitoring
Available on Enterprise plans
self-hosted deployments
Available in legacy Mattermost Enterprise Edition E20
This feature enables compliance exports to be produced from the System Console, with all query and download actions logged in an audit history to enable oversight and prevent unauthorized queries.
Compliance exports can be filtered to date range, user account, and keyword list. Requests from queries can be downloaded from the user interface in .csv
format, with a .json
metafile documenting the query, as well as placed in a directory set by the System Admin.
Daily compliance reports may also be generated, supporting integration with compliance solutions like Global Relay.
By default, all Mattermost deployments retain all messages, including edits and deletes, along with all files uploaded.
Enable compliance reporting
To enable the option to generate daily compliance reports:
Go to System Console > Compliance > Compliance Monitoring and set the Enable Compliance Reporting value to true.
(Optional) In Compliance Report Directory specify the directory in which to place completed compliance reports. Defaults to
./data/
if left blank.Select Save.
Turn on daily compliance reports
After enabling compliance reporting:
Go to System Console > Compliance > Compliance Monitoring and set the Enable Daily Report value to true.
Select Save.
Your system will now export all new messages posted within a 24-hour period as a .csv
file to the location specified in Compliance Report Directory. This feature can be used in conjunction with centralized compliance reporting systems that move.
Run compliance reports
Compliance reports are exports of all messages in Mattermost that match the report criteria. To run a report:
Go to System Console > Compliance > Compliance Monitoring.
Fill in the following:
Job Name: Name the compliance report you are about to run (e.g. “HR Audit 455”).
From: Start date for search in YYYY-MM-DD format (e.g. “2016-03-11”).
To: End date of search in YYYY-MM-DD format (e.g. “2016-05-11”).
Emails: Comma-separated list of email addresses of users whose posted messages you want to search (e.g.
bill@example.com, bob@example.com
).Keywords: Indicate the words that would be contained in a message for it to be included in the compliance report results.
Select Run Compliance Report.
The report will be queued in the display below the fields described above. The properties of each compliance report run is explained as follows:
Timestamp: Time at which the report was requested.
Status:
running
indicates the report is being run;finished
indicates the report is complete and ready for download.Records: Shows the number of search results.
Type:
adhoc
indicates the report was requested by completing query fields;daily
indicates the report is a daily export.Description: Job Name indicated in request.
Requested by: Email of person requesting the report.
Params: Parameters of the compliance report request.
Each compliance report includes a Download link which downloads a compressed file named adhoc-[UNIQUE_ID].zip
. Inside the file is meta.json
, which includes the parameters of the search executed and posts.csv
which includes the contents of messages found by the request.
Compliance query definition stored in meta.json
The meta.json
file contains the following information about the compliance query:
Field |
Description |
Example |
---|---|---|
id |
Unique identifier for compliance query |
ja8z8egap7nq9kqetz3rt98khe |
create_at |
Timestamp at which compliance query was executed |
1463637842478 |
user_id |
Mattermost User ID for person creating query |
3bq1shta93yztg3i6aiu1tzi5h |
status |
Status of query: finished or failed |
“finished” |
count |
Count of messages found matching keyword |
36 |
desc |
User entered description of compliance query |
Example Compliance Report |
type |
Type of compliance query: adhoc or daily |
“adhoc” |
start_at |
Timestamp at which query began to run |
1451606400000 |
end_at |
Timestamp at which query ended |
1463529600000 |
keywords |
Comma-separated, case insensitive keywords to match in query |
“drinking” |
emails |
Comma-separated emails of users to search. Blank returns all |
|
Compliance query results stored in posts.csv
file
posts.csv
contains the following information about the compliance query results, one search result per row:
Field |
Description |
Example |
---|---|---|
TeamName |
URL name of team |
contosi |
TeamDisplayName |
Display name of team |
Contosi Corporation |
ChannelDisplayName |
Display name of channel where keyword was found |
Community Heartbeat |
ChannelName |
URL name of channel |
community-heartbeat |
UserUsername |
Username of user posting the message containing keyword |
frank.yu |
UserEmail |
Email of user posting the message containing keyword |
|
UserNickname |
Nickname of user posting the message containing keyword |
fan du |
UserType |
Type of user posting the message (“user” or “bot”) |
user |
PostId |
Unique ID of message post containing keyword |
xt9anyx6x3fx9y84aehgakdpze |
PostCreateAt |
Timestamp at which post was created |
2016-03-02T16:01:59Z |
PostDeletedAt |
Timestamp at which post was deleted (if applicable) |
2016-03-02T16:01:59Z |
PostUpdatedAt |
Timestamp at which post was last edited (if applicable) |
2016-03-02T16:01:59Z |
PostParentId |
Unique ID of parent post if post is a comment |
xt9anyx6x3fx9y84aehgakdpze |
PostOriginalId |
Unique ID of post if deleted or edited |
xt9anyx6x3fx9y84aehgakdpze |
PostMessage |
Message containing keyword |
Drinking from the fire hose |
PostFilenames |
Comma separated list of filesnames attached to post |
[“/f../ho.png”,”/f../hi.png”] |
Global Relay support
Mattermost daily compliance reports are compatible with Global Relay compliance solutions through the conversion of Mattermost .CSV
exports into Global Relay EML
files.
This conversion can be done by in-house developers who have previously written scripts to convert other communication systems into Global Relay format based on your organization’s specific needs.
You can also contact your Global Relay account manager about a services project to establish this conversion.
We recommend using the new Compliance Export feature for Global Relay exports.