SourcesSource TypesFireblocks

Fireblocks

Collect audit logs from your Fireblocks digital asset custody platform to monitor user actions and security events.

Fireblocks audit logs provide visibility into user actions, configuration changes, and security events within your Fireblocks workspace. RunReveal polls the Fireblocks API every 1 minute to retrieve your audit logs.

Setup

To set up your Fireblocks source, you’ll need to create an API user in your Fireblocks Console and generate API credentials.

Creating an API User

  1. Log in to your Fireblocks Console and navigate to Developer CenterAPI Users
  2. Click Add API User and provide a meaningful name for the API user
  3. Give the API user a unique name and assign the “Non-signing Admin” role.
  4. Select “Automatic CSR” if you want fireblocks to generate a private key for you, or “Custom CSR” to upload your own.
  5. Download the generated private key if using Automatic CSR and store if for later. fireblock-add-user
  6. Add the new user. In the API user list, copy the “API User (ID)” for later setup. fireblock-key

Configuring RunReveal

  1. In RunReveal, navigate to Sources and click Add Source

  2. Search for Fireblocks and select it

  3. Enter a name for your source

  4. Select your Environment:

    • US Sandbox - For sandbox/testing workspaces
    • US Mainnet - For US production workspaces
    • EU Mainnet - For EU production workspaces
    • EU2 Mainnet - For EU2 production workspaces

  5. Enter the API Key from your Fireblocks Console, this is your “API User (ID)”

  6. Upload the fireblocks secret key file (fireblocks_secret.key) source-add

  7. Verify the source is working

  8. Click Create Source

Verify It’s Working

Once added, audit logs should begin flowing within a few minutes.

You can validate we are receiving your logs by running the following SQL query:

SELECT * FROM runreveal.logs WHERE sourceType = 'fireblocks' LIMIT 1

Or use the dedicated view for Fireblocks-specific fields:

SELECT
  fireblocksTimestamp,
  fireblocksEvent,
  fireblocksUser,
  fireblocksSubject
FROM runreveal.fireblocks_audit_logs
ORDER BY fireblocksTimestamp DESC
LIMIT 10

Available Fields

The fireblocks_audit_logs view provides the following Fireblocks-specific fields in addition to standard RunReveal normalized fields:

FieldDescription
fireblocksIdUnique identifier for the audit log entry
fireblocksTimestampWhen the event occurred
fireblocksCreatedAtWhen the audit log was created
fireblocksUserUsername of the user who performed the action
fireblocksSubjectSubject of the audit event
fireblocksEventType of event that occurred
fireblocksTenantIdTenant ID for the Fireblocks account
fireblocksUserIdUser ID of the user who performed the action
ZendeskForwarders