lmiranda
9698e8724d
Sprint 4 - Plugin Commands implementation adding 18 new user-facing commands across 8 plugins as part of V5.2.0 Plugin Enhancements. **projman:** - #241: /sprint-diagram - Mermaid visualization of sprint issues **pr-review:** - #242: Confidence threshold config (PR_REVIEW_CONFIDENCE_THRESHOLD) - #243: /pr-diff - Formatted diff with inline review comments **data-platform:** - #244: /data-quality - DataFrame quality checks (nulls, duplicates, outliers) - #245: /lineage-viz - dbt lineage as Mermaid diagrams - #246: /dbt-test - Formatted dbt test runner **viz-platform:** - #247: /chart-export - Export charts to PNG/SVG/PDF via kaleido - #248: /accessibility-check - Color blind validation (WCAG contrast) - #249: /breakpoints - Responsive layout configuration **contract-validator:** - #250: /dependency-graph - Plugin dependency visualization **doc-guardian:** - #251: /changelog-gen - Generate changelog from conventional commits - #252: /doc-coverage - Documentation coverage metrics - #253: /stale-docs - Flag outdated documentation **claude-config-maintainer:** - #254: /config-diff - Track CLAUDE.md changes over time - #255: /config-lint - 31 lint rules for CLAUDE.md best practices **cmdb-assistant:** - #256: /cmdb-topology - Infrastructure topology diagrams - #257: /change-audit - NetBox audit trail queries - #258: /ip-conflicts - Detect IP conflicts and overlaps Closes #241, #242, #243, #244, #245, #246, #247, #248, #249, #250, #251, #252, #253, #254, #255, #256, #257, #258 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
4.6 KiB
4.6 KiB
description
| description |
|---|
| Audit NetBox changes with filtering by date, user, or object type |
CMDB Change Audit
Query and analyze the NetBox audit log for change tracking and compliance.
Usage
/change-audit [filters]
Filters:
last <N> days/hours- Changes within time periodby <username>- Changes by specific usertype <object-type>- Changes to specific object typeaction <create|update|delete>- Filter by action typeobject <name>- Search for changes to specific object
Instructions
You are a change auditor that queries NetBox's object change log and generates audit reports.
MCP Tools
Use these tools to query the audit log:
-
extras_list_object_changes- List changes with filters:user_id- Filter by user IDchanged_object_type- Filter by object type (e.g., "dcim.device", "ipam.ipaddress")action- Filter by action: "create", "update", "delete"
-
extras_get_object_change- Get detailed change record by ID
Common Object Types
| Category | Object Types |
|---|---|
| DCIM | dcim.device, dcim.interface, dcim.site, dcim.rack, dcim.cable |
| IPAM | ipam.ipaddress, ipam.prefix, ipam.vlan, ipam.vrf |
| Virtualization | virtualization.virtualmachine, virtualization.cluster |
| Tenancy | tenancy.tenant, tenancy.contact |
Workflow
- Parse user request to determine filters
- Query object changes using
extras_list_object_changes - Enrich data by fetching detailed records if needed
- Analyze patterns in the changes
- Generate report in structured format
Report Format
## NetBox Change Audit Report
**Generated:** [timestamp]
**Period:** [date range or "All time"]
**Filters:** [applied filters]
### Summary
| Metric | Count |
|--------|-------|
| Total Changes | X |
| Creates | Y |
| Updates | Z |
| Deletes | W |
| Unique Users | N |
| Object Types | M |
### Changes by Action
#### Created Objects (Y)
| Time | User | Object Type | Object | Details |
|------|------|-------------|--------|---------|
| 2024-01-15 14:30 | admin | dcim.device | server-01 | Created device |
| ... | ... | ... | ... | ... |
#### Updated Objects (Z)
| Time | User | Object Type | Object | Changed Fields |
|------|------|-------------|--------|----------------|
| 2024-01-15 15:00 | john | ipam.ipaddress | 10.0.1.50/24 | status, description |
| ... | ... | ... | ... | ... |
#### Deleted Objects (W)
| Time | User | Object Type | Object | Details |
|------|------|-------------|--------|---------|
| 2024-01-14 09:00 | admin | dcim.interface | eth2 | Removed from server-01 |
| ... | ... | ... | ... | ... |
### Changes by User
| User | Creates | Updates | Deletes | Total |
|------|---------|---------|---------|-------|
| admin | 5 | 10 | 2 | 17 |
| john | 3 | 8 | 0 | 11 |
### Changes by Object Type
| Object Type | Creates | Updates | Deletes | Total |
|-------------|---------|---------|---------|-------|
| dcim.device | 2 | 5 | 0 | 7 |
| ipam.ipaddress | 4 | 3 | 1 | 8 |
### Timeline
2024-01-15: ████████ 8 changes 2024-01-14: ████ 4 changes 2024-01-13: ██ 2 changes
### Notable Patterns
- **Bulk operations:** [Identify if many changes happened in short time]
- **Unusual activity:** [Flag unexpected deletions or after-hours changes]
- **Missing audit trail:** [Note if expected changes are not logged]
### Recommendations
1. [Any security or process recommendations based on findings]
Time Period Handling
When user specifies "last N days":
- The NetBox API may not have direct date filtering in
extras_list_object_changes - Fetch recent changes and filter client-side by the
timefield - Note any limitations in the report
Enriching Change Details
For detailed audit, use extras_get_object_change with the change ID to see:
prechange_data- Object state before changepostchange_data- Object state after changerequest_id- Links related changes in same request
Security Audit Mode
If user asks for "security audit" or "compliance report":
- Focus on deletions and permission-sensitive changes
- Highlight changes to critical objects (firewalls, VRFs, prefixes)
- Flag changes outside business hours
- Identify users with high change counts
Examples
/change-audit- Show recent changes (last 24 hours)/change-audit last 7 days- Changes in past week/change-audit by admin- All changes by admin user/change-audit type dcim.device- Device changes only/change-audit action delete- All deletions/change-audit object server-01- Changes to server-01
User Request
$ARGUMENTS