The Event Maturity Matrix (EMM) is a comprehensive framework that provides clarity regarding the capabilities and nuances of SaaS audit logging. It is a valuable resource for security practitioners who want to obtain visibility into the different types of user activities that are logged, see real-world examples of SaaS audit logs, and use these insights to guide security monitoring and operational objectives.
The SaaS Event Maturity Matrix (EMM) was developed with the defensive security practitioner in mind. As such, the matrix’s overarching theme is to provide context regarding the depth of visibility as it pertains to security monitoring use cases. The Matrix consists of the following concepts:
Events (3)
An account attempted to login to a system.
An account attempted to login to a system.
{
"action_at": "2023-06-22T19:06:47.149965+00:00",
"action_data":
{
"access_token_id": null,
"detail_str": null,
"detection_alert_id": null,
"detection_rule_id": null,
"detection_rule_name": null,
"detection_ruleset_id": null,
"detection_ruleset_name": null,
"element_id": null,
"element_list_id": null,
"element_type": null,
"email_addresses": null,
"email_identifier": null,
"email_reason": null,
"error_str": null,
"external_entity_id": null,
"file_id": null,
"global_value_list_collection_id": null,
"group_id": null,
"group_name": null,
"md_kind": "core.aoaudit.auditdata",
"md_version": 1,
"new_value": null,
"oauth_application_id": null,
"old_value": null,
"platform_ingest_job_id": null,
"policy_assessment_completion_date": null,
"policy_assessment_id": null,
"policy_id": null,
"policy_name": null,
"reason_str": null,
"refresh_token_id": null,
"rule_id": null,
"ruleevent_id": null,
"ruleexception_id": null,
"setting_name": null,
"sink_id": null,
"sink_name": null,
"tag_id": null,
"tag_name": null,
"target_user_id": null,
"target_user_username": null,
"third_party_application_id": null,
"third_party_application_name": null,
"type_str": null,
"unified_identity_email": null,
"unified_identity_id": null,
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36",
"user_ip": "198.51.100.2",
"user_username": "jane@example.com",
"workflow_instance_id": null,
"workflow_instance_name": null
},
"action_type": "user_login_google",
"log_id": "ad9ddec3-8542-4d5a-b710-67928321abdc",
"omnitab_user_id": null,
"org_id": 176,
"perspective_id": null,
"perspective_name": null,
"policy_id": null,
"service_id": null,
"service_name": null,
"service_type": "None",
"user_id": 3187
}
{
"action_at": "2023-06-14T21:57:50.583325+00:00",
"action_data":
{
"access_token_id": null,
"detail_str": null,
"detection_alert_id": null,
"detection_rule_id": null,
"detection_rule_name": null,
"detection_ruleset_id": null,
"detection_ruleset_name": null,
"element_id": null,
"element_list_id": null,
"element_type": null,
"email_addresses": null,
"email_identifier": null,
"email_reason": null,
"error_str": null,
"external_entity_id": null,
"file_id": null,
"global_value_list_collection_id": null,
"group_id": null,
"group_name": null,
"md_kind": "core.aoaudit.auditdata",
"md_version": 1,
"new_value": null,
"oauth_application_id": null,
"old_value": null,
"platform_ingest_job_id": null,
"policy_assessment_completion_date": null,
"policy_assessment_id": null,
"policy_id": null,
"policy_name": null,
"reason_str": null,
"refresh_token_id": null,
"rule_id": null,
"ruleevent_id": null,
"ruleexception_id": null,
"setting_name": null,
"sink_id": null,
"sink_name": null,
"tag_id": null,
"tag_name": null,
"target_user_id": null,
"target_user_username": null,
"third_party_application_id": null,
"third_party_application_name": null,
"type_str": null,
"unified_identity_email": null,
"unified_identity_id": null,
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36",
"user_ip": "198.51.100.2",
"user_username": "pmcandrew+test10",
"workflow_instance_id": null,
"workflow_instance_name": null
},
"action_type": "user_login_failed",
"log_id": "6cbd2dc5-c125-40d1-8dcf-9936abda6c5f",
"omnitab_user_id": null,
"org_id": 176,
"perspective_id": null,
"perspective_name": null,
"policy_id": null,
"service_id": null,
"service_name": null,
"service_type": "None",
"user_id": null
}
An account attempted to logout of a system.
An account attempted to logout of a system.
{
"action_at": "2023-06-22T20:48:41.714659+00:00",
"action_data":
{
"access_token_id": null,
"detail_str": null,
"detection_alert_id": null,
"detection_rule_id": null,
"detection_rule_name": null,
"detection_ruleset_id": null,
"detection_ruleset_name": null,
"element_id": null,
"element_list_id": null,
"element_type": null,
"email_addresses": null,
"email_identifier": null,
"email_reason": null,
"error_str": null,
"external_entity_id": null,
"file_id": null,
"global_value_list_collection_id": null,
"group_id": null,
"group_name": null,
"md_kind": "core.aoaudit.auditdata",
"md_version": 1,
"new_value": null,
"oauth_application_id": null,
"old_value": null,
"platform_ingest_job_id": null,
"policy_assessment_completion_date": null,
"policy_assessment_id": null,
"policy_id": null,
"policy_name": null,
"reason_str": null,
"refresh_token_id": null,
"rule_id": null,
"ruleevent_id": null,
"ruleexception_id": null,
"setting_name": null,
"sink_id": null,
"sink_name": null,
"tag_id": null,
"tag_name": null,
"target_user_id": null,
"target_user_username": null,
"third_party_application_id": null,
"third_party_application_name": null,
"type_str": null,
"unified_identity_email": null,
"unified_identity_id": null,
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36",
"user_ip": "198.51.100.5",
"user_username": "bob@example.com",
"workflow_instance_id": null,
"workflow_instance_name": null
},
"action_type": "user_logout",
"log_id": "49fc4cd2-653e-4261-bb59-25dc6ee7a1c0",
"omnitab_user_id": null,
"org_id": 176,
"perspective_id": null,
"perspective_name": null,
"policy_id": null,
"service_id": null,
"service_name": null,
"service_type": "None",
"user_id": 3187
}
Enter or acknowledge an MFA factor which indicates success or failure.
Enter or acknowledge an MFA factor which indicates success or failure.
{
"action_at": "2023-06-23T20:11:06.106260+00:00",
"action_data":
{
"access_token_id": null,
"detail_str": null,
"detection_alert_id": null,
"detection_rule_id": null,
"detection_rule_name": null,
"detection_ruleset_id": null,
"detection_ruleset_name": null,
"element_id": null,
"element_list_id": null,
"element_type": null,
"email_addresses": null,
"email_identifier": null,
"email_reason": null,
"error_str": null,
"external_entity_id": null,
"file_id": null,
"global_value_list_collection_id": null,
"group_id": null,
"group_name": null,
"md_kind": "core.aoaudit.auditdata",
"md_version": 1,
"new_value": null,
"oauth_application_id": null,
"old_value": null,
"platform_ingest_job_id": null,
"policy_assessment_completion_date": null,
"policy_assessment_id": null,
"policy_id": null,
"policy_name": null,
"reason_str": null,
"refresh_token_id": null,
"rule_id": null,
"ruleevent_id": null,
"ruleexception_id": null,
"setting_name": null,
"sink_id": null,
"sink_name": null,
"tag_id": null,
"tag_name": null,
"target_user_id": 12893,
"target_user_username": "pmcandrew_test10",
"third_party_application_id": null,
"third_party_application_name": null,
"type_str": null,
"unified_identity_email": null,
"unified_identity_id": null,
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36",
"user_ip": "198.51.100.5",
"user_username": "pmcandrew_test10",
"workflow_instance_id": null,
"workflow_instance_name": null
},
"action_type": "user_mfa_totp_challenge",
"log_id": "76812b0e-d9b0-4730-b5a1-5d4169743e2e",
"omnitab_user_id": null,
"org_id": 176,
"perspective_id": null,
"perspective_name": null,
"policy_id": null,
"service_id": null,
"service_name": null,
"service_type": "None",
"user_id": 12893
}
Events (18)
Creates a user.
Creates a user.
{
"action_at": "2023-06-20T14:20:30.626150+00:00",
"action_data":
{
"access_token_id": null,
"detail_str": null,
"detection_alert_id": null,
"detection_rule_id": null,
"detection_rule_name": null,
"detection_ruleset_id": null,
"detection_ruleset_name": null,
"element_id": null,
"element_list_id": null,
"element_type": null,
"email_addresses": null,
"email_identifier": null,
"email_reason": null,
"error_str": null,
"external_entity_id": null,
"file_id": null,
"global_value_list_collection_id": null,
"group_id": null,
"group_name": null,
"md_kind": "core.aoaudit.auditdata",
"md_version": 1,
"new_value": null,
"oauth_application_id": null,
"old_value": null,
"platform_ingest_job_id": null,
"policy_assessment_completion_date": null,
"policy_assessment_id": null,
"policy_id": null,
"policy_name": null,
"reason_str": null,
"refresh_token_id": null,
"rule_id": null,
"ruleevent_id": null,
"ruleexception_id": null,
"setting_name": null,
"sink_id": null,
"sink_name": null,
"tag_id": null,
"tag_name": null,
"target_user_id": 13148,
"target_user_username": "pmcandrew_test11",
"third_party_application_id": null,
"third_party_application_name": null,
"type_str": null,
"unified_identity_email": null,
"unified_identity_id": null,
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36",
"user_ip": "198.51.100.4",
"user_username": "mallory@example.com",
"workflow_instance_id": null,
"workflow_instance_name": null
},
"action_type": "user_created",
"log_id": "188fdcf3-143a-49e9-ba80-452b48f42e4f",
"omnitab_user_id": null,
"org_id": 176,
"perspective_id": null,
"perspective_name": null,
"policy_id": null,
"service_id": null,
"service_name": null,
"service_type": "None",
"user_id": 3187
}
Reads information about a user.
Reads information about a user.
Updates information about a user.
Updates information about a user.
Removes or deletes a user.
Removes or deletes a user.
{
"action_at": "2023-06-15T02:02:19.147946+00:00",
"action_data":
{
"access_token_id": null,
"detail_str": null,
"detection_alert_id": null,
"detection_rule_id": null,
"detection_rule_name": null,
"detection_ruleset_id": null,
"detection_ruleset_name": null,
"element_id": null,
"element_list_id": null,
"element_type": null,
"email_addresses": null,
"email_identifier": null,
"email_reason": null,
"error_str": null,
"external_entity_id": null,
"file_id": null,
"global_value_list_collection_id": null,
"group_id": null,
"group_name": null,
"md_kind": "core.aoaudit.auditdata",
"md_version": 1,
"new_value": null,
"oauth_application_id": null,
"old_value": null,
"platform_ingest_job_id": null,
"policy_assessment_completion_date": null,
"policy_assessment_id": null,
"policy_id": null,
"policy_name": null,
"reason_str": null,
"refresh_token_id": null,
"rule_id": null,
"ruleevent_id": null,
"ruleexception_id": null,
"setting_name": null,
"sink_id": null,
"sink_name": null,
"tag_id": null,
"tag_name": null,
"target_user_id": 12893,
"target_user_username": "pmcandrew_test10",
"third_party_application_id": null,
"third_party_application_name": null,
"type_str": null,
"unified_identity_email": null,
"unified_identity_id": null,
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36",
"user_ip": "198.51.100.3",
"user_username": "john@example.com",
"workflow_instance_id": null,
"workflow_instance_name": null
},
"action_type": "user_disabled",
"log_id": "7f75c117-f8f8-4739-bfcf-cac8a728d486",
"omnitab_user_id": null,
"org_id": 176,
"perspective_id": null,
"perspective_name": null,
"policy_id": null,
"service_id": null,
"service_name": null,
"service_type": "None",
"user_id": 3187
}
Creates a logical group.
Creates a logical group.
Reads a group.
Reads a group.
Updates a group.
Updates a group.
Removes or deletes a group.
Removes or deletes a group.
Adds a service, user or account to a group.
Adds a service, user or account to a group.
Removes a service, user or account from a group.
Removes a service, user or account from a group.
Creates a new role.
Creates a new role.
Reads a role.
Reads a role.
Updates a role.
Updates a role.
Removes or deletes a role.
Removes or deletes a role.
Adds a permission to a resource.
Adds a permission to a resource.
Removes a permission from a resource.
Removes a permission from a resource.
A MFA enrollment was added to an account.
A MFA enrollment was added to an account.
{
"action_at": "2023-06-14T22:00:24.705316+00:00",
"action_data":
{
"access_token_id": null,
"detail_str": "TOTP",
"detection_alert_id": null,
"detection_rule_id": null,
"detection_rule_name": null,
"detection_ruleset_id": null,
"detection_ruleset_name": null,
"element_id": null,
"element_list_id": null,
"element_type": null,
"email_addresses": null,
"email_identifier": null,
"email_reason": null,
"error_str": null,
"external_entity_id": null,
"file_id": null,
"global_value_list_collection_id": null,
"group_id": null,
"group_name": null,
"md_kind": "core.aoaudit.auditdata",
"md_version": 1,
"new_value": null,
"oauth_application_id": null,
"old_value": null,
"platform_ingest_job_id": null,
"policy_assessment_completion_date": null,
"policy_assessment_id": null,
"policy_id": null,
"policy_name": null,
"reason_str": null,
"refresh_token_id": null,
"rule_id": null,
"ruleevent_id": null,
"ruleexception_id": null,
"setting_name": null,
"sink_id": null,
"sink_name": null,
"tag_id": null,
"tag_name": null,
"target_user_id": 12893,
"target_user_username": "pmcandrew_test10",
"third_party_application_id": null,
"third_party_application_name": null,
"type_str": null,
"unified_identity_email": null,
"unified_identity_id": null,
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36",
"user_ip": "198.51.100.4",
"user_username": "pmcandrew_test10",
"workflow_instance_id": null,
"workflow_instance_name": null
},
"action_type": "user_mfa_enabled",
"log_id": "7ed13faf-9e3c-4905-839d-ff44309c2f72",
"omnitab_user_id": null,
"org_id": 176,
"perspective_id": null,
"perspective_name": null,
"policy_id": null,
"service_id": null,
"service_name": null,
"service_type": "None",
"user_id": 12893
}
A MFA enrollment was removed from an account.
A MFA enrollment was removed from an account.
{
"action_at": "2023-06-23T20:12:09.106337+00:00",
"action_data":
{
"access_token_id": null,
"detail_str": null,
"detection_alert_id": null,
"detection_rule_id": null,
"detection_rule_name": null,
"detection_ruleset_id": null,
"detection_ruleset_name": null,
"element_id": null,
"element_list_id": null,
"element_type": null,
"email_addresses": null,
"email_identifier": null,
"email_reason": null,
"error_str": null,
"external_entity_id": null,
"file_id": null,
"global_value_list_collection_id": null,
"group_id": null,
"group_name": null,
"md_kind": "core.aoaudit.auditdata",
"md_version": 1,
"new_value": "+1 856-981-2588",
"oauth_application_id": null,
"old_value": null,
"platform_ingest_job_id": null,
"policy_assessment_completion_date": null,
"policy_assessment_id": null,
"policy_id": null,
"policy_name": null,
"reason_str": null,
"refresh_token_id": null,
"rule_id": null,
"ruleevent_id": null,
"ruleexception_id": null,
"setting_name": null,
"sink_id": null,
"sink_name": null,
"tag_id": null,
"tag_name": null,
"target_user_id": 12893,
"target_user_username": "pmcandrew_test10",
"third_party_application_id": null,
"third_party_application_name": null,
"type_str": null,
"unified_identity_email": null,
"unified_identity_id": null,
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36",
"user_ip": "198.51.100.5",
"user_username": "pmcandrew_test10",
"workflow_instance_id": null,
"workflow_instance_name": null
},
"action_type": "user_mfa_disabled",
"log_id": "34628772-1560-46da-81d0-2371c5cc3106",
"omnitab_user_id": null,
"org_id": 176,
"perspective_id": null,
"perspective_name": null,
"policy_id": null,
"service_id": null,
"service_name": null,
"service_type": "None",
"user_id": 12893
}
Events (8)
Creates a security configuration policy or enables settings.
Creates a security configuration policy or enables settings.
Reads a security configuration policy or settings.
Reads a security configuration policy or settings.
Updates a security configuration policy or settings.
Updates a security configuration policy or settings.
{
"action_at": "2023-06-22T15:51:50.253793+00:00",
"action_data":
{
"access_token_id": null,
"detail_str": null,
"detection_alert_id": null,
"detection_rule_id": null,
"detection_rule_name": null,
"detection_ruleset_id": null,
"detection_ruleset_name": null,
"element_id": null,
"element_list_id": null,
"element_type": null,
"email_addresses": null,
"email_identifier": null,
"email_reason": null,
"error_str": null,
"external_entity_id": null,
"file_id": null,
"global_value_list_collection_id": null,
"group_id": null,
"group_name": null,
"md_kind": "core.aoaudit.auditdata",
"md_version": 1,
"new_value": "True",
"oauth_application_id": null,
"old_value": "False",
"platform_ingest_job_id": null,
"policy_assessment_completion_date": null,
"policy_assessment_id": null,
"policy_id": null,
"policy_name": null,
"reason_str": null,
"refresh_token_id": null,
"rule_id": null,
"ruleevent_id": null,
"ruleexception_id": null,
"setting_name": "Direct Auth Enabled",
"sink_id": null,
"sink_name": null,
"tag_id": null,
"tag_name": null,
"target_user_id": null,
"target_user_username": null,
"third_party_application_id": null,
"third_party_application_name": null,
"type_str": null,
"unified_identity_email": null,
"unified_identity_id": null,
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36",
"user_ip": "198.51.100.5",
"user_username": "jane@example.com",
"workflow_instance_id": null,
"workflow_instance_name": null
},
"action_type": "ao_sys_setting_change",
"log_id": "d2c46cde-44f7-43ac-84f5-79b8184c8105",
"omnitab_user_id": null,
"org_id": 176,
"perspective_id": null,
"perspective_name": null,
"policy_id": null,
"service_id": null,
"service_name": null,
"service_type": "None",
"user_id": 3187
}
Removes or deletes a security configuration policy or setting.
Removes or deletes a security configuration policy or setting.
Creates a new integration.
Creates a new integration.
Reads an existing integration.
Reads an existing integration.
Updates an existing integration.
Updates an existing integration.
Removes or deletes an existing integration.
Removes or deletes an existing integration.
Events (5)
A resource was created.
A resource was created.
{
"action_at": "2023-06-22T20:21:55.407230+00:00",
"action_data":
{
"access_token_id": null,
"detail_str": null,
"detection_alert_id": null,
"detection_rule_id": null,
"detection_rule_name": null,
"detection_ruleset_id": null,
"detection_ruleset_name": null,
"element_id": null,
"element_list_id": null,
"element_type": null,
"email_addresses": null,
"email_identifier": null,
"email_reason": null,
"error_str": null,
"external_entity_id": null,
"file_id": null,
"global_value_list_collection_id": null,
"group_id": null,
"group_name": null,
"md_kind": "core.aoaudit.auditdata",
"md_version": 1,
"new_value": null,
"oauth_application_id": null,
"old_value": null,
"platform_ingest_job_id": null,
"policy_assessment_completion_date": null,
"policy_assessment_id": null,
"policy_id": 442431,
"policy_name": "EMM Test Policy",
"reason_str": null,
"refresh_token_id": null,
"rule_id": null,
"ruleevent_id": null,
"ruleexception_id": null,
"setting_name": null,
"sink_id": null,
"sink_name": null,
"tag_id": null,
"tag_name": null,
"target_user_id": null,
"target_user_username": null,
"third_party_application_id": null,
"third_party_application_name": null,
"type_str": null,
"unified_identity_email": null,
"unified_identity_id": null,
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36",
"user_ip": "198.51.100.1",
"user_username": "jane@example.com",
"workflow_instance_id": null,
"workflow_instance_name": null
},
"action_type": "policy_created",
"log_id": "cb89b034-2f3b-4b41-9a34-6fdb289f4a6a",
"omnitab_user_id": null,
"org_id": 176,
"perspective_id": null,
"perspective_name": null,
"policy_id": 442431,
"service_id": null,
"service_name": null,
"service_type": "box",
"user_id": 3187
}
A resource was read.
A resource was read.
A resource was updated.
A resource was updated.
{
"action_at": "2023-06-22T20:05:09.728571+00:00",
"action_data":
{
"access_token_id": null,
"detail_str": null,
"detection_alert_id": null,
"detection_rule_id": null,
"detection_rule_name": null,
"detection_ruleset_id": null,
"detection_ruleset_name": null,
"element_id": null,
"element_list_id": null,
"element_type": null,
"email_addresses": null,
"email_identifier": null,
"email_reason": null,
"error_str": null,
"external_entity_id": null,
"file_id": null,
"global_value_list_collection_id": null,
"group_id": null,
"group_name": null,
"md_kind": "core.aoaudit.auditdata",
"md_version": 1,
"new_value": null,
"oauth_application_id": null,
"old_value": null,
"platform_ingest_job_id": null,
"policy_assessment_completion_date": null,
"policy_assessment_id": null,
"policy_id": null,
"policy_name": null,
"reason_str": null,
"refresh_token_id": null,
"rule_id": null,
"ruleevent_id": null,
"ruleexception_id": null,
"setting_name": null,
"sink_id": null,
"sink_name": null,
"tag_id": null,
"tag_name": null,
"target_user_id": null,
"target_user_username": null,
"third_party_application_id": null,
"third_party_application_name": null,
"type_str": null,
"unified_identity_email": null,
"unified_identity_id": null,
"user_agent": null,
"user_ip": null,
"user_username": "mallory@example.com",
"workflow_instance_id": null,
"workflow_instance_name": null
},
"action_type": "ms_detection_ingestion_disabled",
"log_id": "ea080b00-2cf0-49fe-b1ba-6081f17a66ff",
"omnitab_user_id": null,
"org_id": 176,
"perspective_id": null,
"perspective_name": null,
"policy_id": null,
"service_id": 35781,
"service_name": "AppOmni",
"service_type": "box",
"user_id": 3187
}
A resource was removed or deleted.
A resource was removed or deleted.
{
"action_at": "2023-07-12T19:07:57.569196+00:00",
"action_data":
{
"md_kind": "core.aoaudit.auditdata",
"md_version": 1,
"policy_id": 410860,
"policy_name": "Test Salesforce Policy",
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36",
"user_ip": "198.51.100.4",
"user_username": "bob@example.com"
},
"action_type": "policy_deleted",
"log_id": "d4b105e8-d29b-436e-947e-52a6be5f58de",
"org_id": 176,
"service_type": "sfdc",
"user_id": 3187
}
A resource was downloaded.
A resource was downloaded.
AppOmni audit logs that provide a record of user activity.
Storage Duration: 180 days
Historical audit logs are stored for 180 days.
Duration: Near Real-Time
Historical audit logs are stored for 180 days.
AppOmni is a cloud-based platform designed to help organizations assess, monitor, and protect their data and configurations within SaaS applications. AppOmni audit logs are collected via the *auditlogs* API, and can be streamed to a Threat Detection event sink. Historical audit logs are also stored for 180 days and can be accessed via the scheduled reports feature. There are currently minor formatting differences between API/Event Sink logs, and the logs retrieved via scheduled reports.
To collect events, make a call to the /core/auditlogs endpoint and specify the desired parameters.
Audit logs are delivered to all Threat Detection event sinks.
Create a scheduled report of type "AppOmni Audit Logs" to download audit logs.
Events (3)
An account attempted to login to a system.
An account attempted to login to a system.
{
"action_by": null,
"additional_details": null,
"created_at": "2023-05-09T08:28:41-07:00",
"created_by":
{
"id": "16779123456",
"login": "alice@example.com",
"name": "Alice Brown",
"type": "user"
},
"event_id": "00000000-abcd-1234-ab08-2cfe92d42606",
"event_type": "LOGIN",
"ip_address": "198.51.100.1",
"session_id": null,
"source":
{
"id": "16779123456",
"login": "alice@example.com",
"name": "Alice Brown",
"type": "user"
},
"type": "event"
}
{
"action_by": null,
"additional_details": null,
"created_at": "2023-05-09T09:08:06-07:00",
"created_by":
{
"id": "2",
"login": "",
"name": "Unknown User",
"type": "user"
},
"event_id": "00000000-abcd-1234-84ee-12298e09cfa9",
"event_type": "FAILED_LOGIN",
"ip_address": "198.51.100.2",
"session_id": null,
"source":
{
"id": "12345648385",
"login": "john@example.com",
"name": "John Doe",
"type": "user"
},
"type": "event"
}
An account attempted to logout of a system.
An account attempted to logout of a system.
Enter or acknowledge an MFA factor which indicates success or failure.
Enter or acknowledge an MFA factor which indicates success or failure.
Events (18)
Creates a user.
Creates a user.
{
"action_by": null,
"additional_details": null,
"created_at": "2023-05-09T09:34:43-07:00",
"created_by":
{
"id": "12345648385",
"login": "bob@example.com",
"name": "Bob Smith",
"type": "user"
},
"event_id": "00000000-abcd-1234-92ad-46f2f69e45cd",
"event_type": "NEW_USER",
"ip_address": "198.51.100.3",
"session_id": null,
"source":
{
"id": "25512345631",
"login": "mallory@example.com",
"name": "Mallory Jones",
"type": "user"
},
"type": "event"
}
Reads information about a user.
Reads information about a user.
Updates information about a user.
Updates information about a user.
{
"action_by": null,
"additional_details": null,
"created_at": "2023-05-09T09:35:29-07:00",
"created_by":
{
"id": "12345648385",
"login": "jane@example.com",
"name": "Jane Miller",
"type": "user"
},
"event_id": "00000000-abcd-1234-be64-7fdc0421e478",
"event_type": "EDIT_USER",
"ip_address": "198.51.100.5",
"session_id": null,
"source":
{
"id": "18863123456",
"login": "alice@example.com",
"name": "Alice Brown",
"type": "user"
},
"type": "event"
}
Removes or deletes a user.
Removes or deletes a user.
{
"action_by": null,
"additional_details": null,
"created_at": "2023-05-09T09:35:58-07:00",
"created_by":
{
"id": "12345648385",
"login": "bob@example.com",
"name": "Bob Smith",
"type": "user"
},
"event_id": "00000000-abcd-1234-9c97-5e32f323b9f0",
"event_type": "DELETE_USER",
"ip_address": "198.51.100.4",
"session_id": null,
"source":
{
"id": "18863123456",
"login": "jane@example.com",
"name": "Jane Miller",
"type": "user"
},
"type": "event"
}
Creates a logical group.
Creates a logical group.
{
"action_by": null,
"additional_details": null,
"created_at": "2023-05-09T09:36:36-07:00",
"created_by":
{
"id": "18863648385",
"login": "John Doe",
"name": "john@example.com",
"type": "user"
},
"event_id": "00000000-abcd-1234-a8a6-6f5474e5d86d",
"event_type": "GROUP_CREATION",
"ip_address": "198.51.100.3",
"session_id": null,
"source":
{
"group_id": "15297703631",
"group_name": "my_sample_group"
},
"type": "event"
}
Reads a group.
Reads a group.
Updates a group.
Updates a group.
{
"action_by": null,
"additional_details": null,
"created_at": "2023-05-09T09:36:46-07:00",
"created_by":
{
"id": "18863648385",
"login": "john@example.com",
"name": "John Doe",
"type": "user"
},
"event_id": "49d24c58-a0e5-4ec7-9ccd-347827b0afed",
"event_type": "GROUP_EDITED",
"ip_address": "198.51.100.1",
"session_id": null,
"source":
{
"group_id": "15297703631",
"group_name": "a_sample_group"
},
"type": "event"
}
Removes or deletes a group.
Removes or deletes a group.
{
"action_by": null,
"additional_details": null,
"created_at": "2023-05-09T10:46:19-07:00",
"created_by":
{
"id": "18863648385",
"login": "alice@example.com",
"name": "Alice Brown",
"type": "user"
},
"event_id": "24ada35a-a9e9-4c67-8fc9-33b5b9f9b52b",
"event_type": "GROUP_DELETION",
"ip_address": "198.51.100.2",
"session_id": null,
"source":
{
"group_id": "15299083860",
"group_name": "a_sample_group"
},
"type": "event"
}
Adds a service, user or account to a group.
Adds a service, user or account to a group.
{
"action_by": null,
"additional_details":
{
"group_id": "15297703631",
"group_name": "a_sample_group"
},
"created_at": "2023-05-09T10:24:15-07:00",
"created_by":
{
"id": "18863648385",
"login": "bob@example.com",
"name": "Bob Smith",
"type": "user"
},
"event_id": "f0545aa9-4be4-451e-a8d2-3c56aa257b8a",
"event_type": "GROUP_ADD_USER",
"ip_address": "198.51.100.3",
"session_id": null,
"source":
{
"id": "18863890488",
"login": "mallory@example.com",
"name": "Mallory Jones",
"type": "user"
},
"type": "event"
}
Removes a service, user or account from a group.
Removes a service, user or account from a group.
{
"action_by": null,
"additional_details":
{
"group_id": "9744086129",
"group_name": "a_sample_group"
},
"created_at": "2023-05-09T10:45:45-07:00",
"created_by":
{
"id": "18863648385",
"login": "mallory@example.com",
"name": "Mallory Jones",
"type": "user"
},
"event_id": "56ae6ebb-7d6c-418e-bdeb-98d067c52af2",
"event_type": "GROUP_REMOVE_USER",
"ip_address": "198.51.100.4",
"session_id": null,
"source":
{
"id": "18863890488",
"login": "jane@example.com",
"name": "Jane Miller",
"type": "user"
},
"type": "event"
}
Creates a new role.
Creates a new role.
Reads a role.
Reads a role.
Updates a role.
Updates a role.
Removes or deletes a role.
Removes or deletes a role.
Adds a permission to a resource.
Adds a permission to a resource.
{
"accessible_by":
{
"id": "25575650631",
"login": "john@example.com",
"name": "John Doe",
"type": "user"
},
"action_by": null,
"additional_details":
{
"collab_id": "44582004179",
"is_performed_by_admin": false,
"role": "Editor",
"type": "box://event/additional_details/collaboration",
"version_id": "1328658101408"
},
"created_at": "2023-05-18T12:57:12-07:00",
"created_by":
{
"id": "18863648385",
"login": "jane@example.com",
"name": "Jane Miller",
"type": "user"
},
"event_id": "15f0f70a-4502-496a-badf-5a0b12e49656",
"event_type": "COLLABORATION_INVITE",
"ip_address": "198.51.100.5",
"session_id": null,
"source":
{
"file_id": "1209733707368",
"file_name": "a_sample_file.doc",
"owned_by":
{
"id": "18863648385",
"login": "jane@example.com",
"name": "Jane Miller",
"type": "user"
},
"parent":
{
"id": "206846635609",
"name": "My Box Notes",
"type": "folder"
},
"user_id": "25575650631",
"user_name": "John Doe"
},
"type": "event"
}
Removes a permission from a resource.
Removes a permission from a resource.
{
"action_by": null,
"additional_details":
{
"collab_id": "44582741378",
"is_performed_by_admin": false,
"type": "box://event/additional_details/collaboration",
"version_id": "1328658101408"
},
"created_at": "2023-05-18T12:47:09-07:00",
"created_by":
{
"id": "18863648385",
"login": "john@example.com",
"name": "John Doe",
"type": "user"
},
"event_id": "052e68a2-7a29-4694-a77f-fec5713cb26f",
"event_type": "COLLABORATION_REMOVE",
"ip_address": "198.51.100.1",
"session_id": null,
"source":
{
"file_id": "1209733707368",
"file_name": "a_sample_file.doc",
"owned_by":
{
"id": "18863648385",
"login": "john@example.com",
"name": "John Doe",
"type": "user"
},
"parent":
{
"id": "206846635609",
"name": "My Box Notes",
"type": "folder"
},
"user_email": "alice@example.com"
},
"type": "event"
}
A MFA enrollment was added to an account.
A MFA enrollment was added to an account.
{
"action_by": null,
"additional_details": null,
"created_at": "2023-05-09T09:27:03-07:00",
"created_by":
{
"id": "18863648385",
"login": "alice@example.com",
"name": "Alice Brown",
"type": "user"
},
"event_id": "7fd655c7-5a4a-4e13-8375-dc08cd2cf8b9",
"event_type": "MULTI_FACTOR_AUTH_ENABLE",
"ip_address": "Unknown IP",
"session_id": null,
"source":
{
"id": "18863648385",
"login": "alice@example.com",
"name": "Alice Brown",
"type": "user"
},
"type": "event"
}
A MFA enrollment was removed from an account.
A MFA enrollment was removed from an account.
{
"action_by": null,
"additional_details": null,
"created_at": "2023-05-09T09:29:19-07:00",
"created_by":
{
"id": "18863648385",
"login": "bob@example.com",
"name": "Bob Smith",
"type": "user"
},
"event_id": "0bf5e6ad-a068-4770-9979-c7f409eb976b",
"event_type": "MULTI_FACTOR_AUTH_DISABLE",
"ip_address": "Unknown IP",
"session_id": null,
"source":
{
"id": "18863648385",
"login": "bob@example.com",
"name": "Bob Smith",
"type": "user"
},
"type": "event"
}
Events (8)
Creates a security configuration policy or enables settings.
Creates a security configuration policy or enables settings.
Reads a security configuration policy or settings.
Reads a security configuration policy or settings.
Updates a security configuration policy or settings.
Updates a security configuration policy or settings.
Removes or deletes a security configuration policy or setting.
Removes or deletes a security configuration policy or setting.
Creates a new integration.
Creates a new integration.
Reads an existing integration.
Reads an existing integration.
Updates an existing integration.
Updates an existing integration.
Removes or deletes an existing integration.
Removes or deletes an existing integration.
Events (5)
A resource was created.
A resource was created.
{
"action_by": null,
"additional_details":
{
"ekm_id": "b87156a9-6aff-4c21-910b-c5f1a8a02afd",
"service_id": "231318",
"service_name": "Multiput Uploads",
"size": 2584,
"version_id": "1319684204015"
},
"created_at": "2023-05-09T11:15:47-07:00",
"created_by":
{
"id": "18863648385",
"login": "mallory@example.com",
"name": "Mallory Jones",
"type": "user"
},
"event_id": "aeffeb99-f9a5-4243-9d3c-93f862dceec7",
"event_type": "UPLOAD",
"ip_address": "198.51.100.4",
"session_id": null,
"source":
{
"item_id": "1209714644015",
"item_name": "a_sample_file.csv",
"item_type": "file",
"owned_by":
{
"id": "18863648385",
"login": "mallory@example.com",
"name": "Mallory Jones",
"type": "user"
},
"parent":
{
"id": "206849236842",
"name": "Test Folder",
"type": "folder"
}
},
"type": "event"
}
A resource was read.
A resource was read.
{
"action_by": null,
"additional_details":
{
"access_token_identifier": "16c1948d38e23d80203df77a0273928ff0eb50bad8b62fcc6b4fe73e03482a11",
"ekm_id": "fb01c788-3be7-444d-b165-89a52741235f",
"service_id": "553530",
"service_name": "Box Elements (used in Box Web App)",
"size": 2584,
"version_id": "1319684204015"
},
"created_at": "2023-05-09T11:16:00-07:00",
"created_by":
{
"id": "18863648385",
"login": "jane@example.com",
"name": "Jane Miller",
"type": "user"
},
"event_id": "80ddc3b3-dd44-4377-9fe7-a634228cc952",
"event_type": "CONTENT_ACCESS",
"ip_address": "198.51.100.5",
"session_id": null,
"source":
{
"item_id": "1209714644015",
"item_name": "a_sample_file.csv",
"item_type": "file",
"owned_by":
{
"id": "18863648385",
"login": "jane@example.com",
"name": "Jane Miller",
"type": "user"
},
"parent":
{
"id": "206849236842",
"name": "Test Folder",
"type": "folder"
}
},
"type": "event"
}
A resource was updated.
A resource was updated.
{
"action_by": null,
"additional_details":
{
"file_hash": "0d012f12345678de3df12345b0b123a59f123456",
"file_path": "/SAMPLE/Reference Documents",
"hash_type": "sha1",
"service_id": "254429",
"service_name": "Box Drive",
"size": 4398971,
"version_id": "1319736874242"
},
"created_at": "2023-05-09T11:30:38-07:00",
"created_by":
{
"id": "12345678124",
"login": "john@example.com",
"name": "John Doe",
"type": "user"
},
"event_id": "00000000-abcd-1234-8b08-418033e43a4b",
"event_type": "RENAME",
"ip_address": "198.51.100.1",
"session_id": null,
"source":
{
"item_id": "12012345678942",
"item_name": "a_sample_file.pdf",
"item_type": "file",
"owned_by":
{
"id": "12345678124",
"login": "john@example.com",
"name": "John Doe",
"type": "user"
},
"parent":
{
"id": "1234567807873",
"name": "Reference Documents",
"type": "folder"
}
},
"type": "event"
}
A resource was removed or deleted.
A resource was removed or deleted.
{
"action_by": null,
"additional_details":
{
"size": 360705,
"version_id": "1319678729473"
},
"created_at": "2023-05-09T11:15:12-07:00",
"created_by":
{
"id": "18863648385",
"login": "alice@example.com",
"name": "Alice Brown",
"type": "user"
},
"event_id": "9fbcf20f-aeb7-4149-ab8e-3f56cab43337",
"event_type": "DELETE",
"ip_address": "198.51.100.2",
"session_id": null,
"source":
{
"item_id": "1209709863073",
"item_name": "a_sample_file.pdf",
"item_type": "file",
"owned_by":
{
"id": "18863648385",
"login": "alice@example.com",
"name": "Alice Brown",
"type": "user"
},
"parent":
{
"id": "206849236842",
"name": "Test Folder",
"type": "folder"
}
},
"type": "event"
}
A resource was downloaded.
A resource was downloaded.
{
"action_by": null,
"additional_details":
{
"ekm_id": "5b300b24-36d8-493a-a823-41ac400d284e",
"size": 360705,
"version_id": "1319678729473"
},
"created_at": "2023-05-09T11:14:52-07:00",
"created_by":
{
"id": "18863648385",
"login": "bob@example.com",
"name": "Bob Smith",
"type": "user"
},
"event_id": "f70ed75d-9a96-4aac-aef8-5cce1a5c1eb8",
"event_type": "DOWNLOAD",
"ip_address": "198.51.100.3",
"session_id": null,
"source":
{
"item_id": "1209709863073",
"item_name": "a_sample_report.pdf",
"item_type": "file",
"owned_by":
{
"id": "18863648385",
"login": "bob@example.com",
"name": "Bob Smith",
"type": "user"
},
"parent":
{
"id": "206849236842",
"name": "Test Folder",
"type": "folder"
}
},
"type": "event"
}
Box enterprise logs that provide an audit trail of user activity.
Storage Duration: 365 Days
Based on the admin_logs stream type.
Duration: Near Real-Time
Based on the admin_logs stream type.
Box is a cloud-based content management and file sharing service. It's designed to help organizations store, manage, and collaborate on files and documents. The Box Events API provides an event feed for enterprise events that have been generated within Box across the enterprise. Depending on the specified stream_type, the Events API can provide real-time monitoring or historical querying of events. The admin_logs_streaming stream type provides low latency, real-time access to events as they are processed by Box. Only two weeks of events are available via this stream type. The admin_logs stream type emphasizes completeness over latency, and provides access to events up to one year.
To collect enterprise events, make a call to the /events API and specify the desired stream_type.
Events (3)
An account attempted to login to a system.
An account attempted to login to a system.
{
"action": "admin_login",
"description":
{
"device": "123-456-7890",
"factor": "push",
"ip_address": "192.168.10.1",
"primary_auth_method": "Password",
"role": "Owner"
},
"isotimestamp": "2024-05-17T17:24:21+00:00",
"object": null,
"timestamp": 1715966661,
"username": "John Doe"
}
{
"action": "admin_login_error",
"description":
{
"email": "jane.doe@acme.com",
"error": "Invalid password attempt",
"ip_address": "192.168.1.1"
},
"isotimestamp": "2024-05-20T19:23:45+00:00",
"object": null,
"timestamp": 1716233025,
"username": "Jane Doe"
}
An account attempted to logout of a system.
An account attempted to logout of a system.
Enter or acknowledge an MFA factor which indicates success or failure.
Enter or acknowledge an MFA factor which indicates success or failure.
{
"action": "admin_2fa_error",
"description":
{
"email": "john.smith@example.com",
"error": "Invalid passcode.",
"factor": "sms",
"ip_address": "192.168.10.1"
},
"isotimestamp": "2024-05-21T17:58:04+00:00",
"object": null,
"timestamp": 1716314284,
"username": "Smith, John"
}
{
"action": "admin_2fa_error",
"description":
{
"email": "joe.smith@example.com",
"error": "Login request reported as fraudulent.",
"factor": "push",
"ip_address": "192.168.1.2"
},
"isotimestamp": "2024-05-23T19:17:28+00:00",
"object": null,
"timestamp": 1716491848,
"username": "Joe Smith"
}
Events (18)
Creates a user.
Creates a user.
{
"action": "user_create",
"description":
{
"email": "",
"enable_auto_prompt": true,
"notes": "",
"realname": "",
"status": "Active",
"uname": "bbanner@example.com"
},
"isotimestamp": "2024-05-17T17:24:53+00:00",
"object": "bbanner@example.com",
"timestamp": 1715966693,
"username": "Jane Doe"
}
{
"action": "admin_create",
"description":
{
"administrative_units": "",
"email": "bwayne@batman.com",
"hardtoken": null,
"is_temporary_password": false,
"name": "Bruce Wayne",
"phone": null,
"restricted_by_admin_units": false,
"role": "Administrator",
"status": "Pending Activation",
"subaccount_access_tags":
[]
},
"isotimestamp": "2024-05-23T20:16:23+00:00",
"object": "Bruce Wayne",
"timestamp": 1716495383,
"username": "Jane Doe"
}
Reads information about a user.
Reads information about a user.
Updates information about a user.
Updates information about a user.
{
"action": "user_update",
"description":
{
"email": "tonystark@acme.com",
"realname": "Tony Stark"
},
"isotimestamp": "2024-05-23T19:41:21+00:00",
"object": "tonystark",
"timestamp": 1716493281,
"username": "James Doe"
}
{
"action": "admin_update",
"description":
{
"administrative_units": "",
"restricted_by_admin_units": false,
"role": "Help Desk"
},
"isotimestamp": "2024-05-29T12:54:47+00:00",
"object": "Bruce Banner",
"timestamp": 1716987287,
"username": "John Doe"
}
Removes or deletes a user.
Removes or deletes a user.
{
"action": "user_pending_delete",
"description":
{
"status": "Pending Deletion"
},
"isotimestamp": "2024-05-17T17:30:04+00:00",
"object": "sally.smith@example.com",
"timestamp": 1715967004,
"username": "John Doe"
}
{
"action": "admin_delete",
"description":
{
"administrative_units": "",
"email": "bob.smith@example.com",
"hardtoken": null,
"is_temporary_password": false,
"name": "Bob Smith",
"phone": null,
"restricted_by_admin_units": false,
"role": "Administrator",
"status": "Pending Activation",
"subaccount_role": "Administrator"
},
"isotimestamp": "2024-05-23T20:16:36+00:00",
"object": "Bob Smith",
"timestamp": 1716495396,
"username": "Jane Doe"
}
Creates a logical group.
Creates a logical group.
{
"action": "group_create",
"description":
{
"_status": "Active",
"administrative_units": "",
"desc": "East coast admin group",
"name": "custom_admin_group_east"
},
"isotimestamp": "2024-05-17T17:31:18+00:00",
"object": "custom_admin_group_east",
"timestamp": 1715967078,
"username": "Jane Doe"
}
Reads a group.
Reads a group.
Updates a group.
Updates a group.
{
"action": "group_update",
"description":
{
"_status": "Disabled"
},
"isotimestamp": "2024-05-23T19:42:49+00:00",
"object": "custom_group_bypass_users",
"timestamp": 1716493369,
"username": "John Doe"
}
Removes or deletes a group.
Removes or deletes a group.
{
"action": "group_delete",
"description":
{
"_status": "Disabled",
"administrative_units": "",
"desc": "",
"name": "local_login"
},
"isotimestamp": "2024-05-23T19:43:09+00:00",
"object": "custom_group_west_users",
"timestamp": 1716493389,
"username": "John Doe"
}
Adds a service, user or account to a group.
Adds a service, user or account to a group.
{
"action": "user_update",
"description":
{
"groups":
[
{
"_status": "Bypass",
"desc": "custom group for bypass users",
"name": "custom_group_user_bypass"
}
]
},
"isotimestamp": "2024-05-23T19:43:23+00:00",
"object": "Mary Smith",
"timestamp": 1716493403,
"username": "Jane Doe"
}
Removes a service, user or account from a group.
Removes a service, user or account from a group.
{
"action": "user_update",
"description":
{
"groups":
[
null
]
},
"isotimestamp": "2024-05-23T19:43:42+00:00",
"object": "Steve Smith",
"timestamp": 1716493422,
"username": "Jane Doe"
}
Creates a new role.
Creates a new role.
Reads a role.
Reads a role.
Updates a role.
Updates a role.
Removes or deletes a role.
Removes or deletes a role.
Adds a permission to a resource.
Adds a permission to a resource.
Removes a permission from a resource.
Removes a permission from a resource.
A MFA enrollment was added to an account.
A MFA enrollment was added to an account.
{
"action": "webauthncredential_create",
"description":
{
"authenticator_type": "Security key",
"browser": "Chrome",
"browser_version": "125.0.0.0",
"credential_name": "Security key",
"os": "Mac OS X",
"os_version": "10.15.7",
"owner_id": "DURTAOK2HW7ORVKHXQDU",
"owner_name": "luke.skywalker@republic.com",
"owner_type": "user",
"passwordless_authorized": false,
"transport_types": "nfc,usb",
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36"
},
"isotimestamp": "2024-05-17T17:36:03+00:00",
"object": "WAB9XG0DD12N34EQDGTP",
"timestamp": 1715967363,
"username": "Jane Doe"
}
A MFA enrollment was removed from an account.
A MFA enrollment was removed from an account.
{
"action": "user_update",
"description": "{\"phones\": \"\"}",
"isotimestamp": "2024-05-28T17:17:58+00:00",
"object": "bob.smith@acme.com",
"timestamp": 1716916678,
"username": "John Doe"
}
{
"action": "admin_update",
"description": "{\"phone\": null}",
"isotimestamp": "2024-05-28T17:18:45+00:00",
"object": "Bruce Banner",
"timestamp": 1716916725,
"username": "Jane Doe"
}
Events (8)
Creates a security configuration policy or enables settings.
Creates a security configuration policy or enables settings.
{
"action": "cloudsso_add_saml_authsource",
"description": null,
"isotimestamp": "2024-05-29T15:03:35+00:00",
"object": null,
"timestamp": 1716995015,
"username": "John Doe"
}
Reads a security configuration policy or settings.
Reads a security configuration policy or settings.
Updates a security configuration policy or settings.
Updates a security configuration policy or settings.
{
"action": "updated_risk_profile",
"description":
{
"applications": "Admin API",
"countries": "Ascension, Afghanistan, Albania, Algeria, Antigua and Barbuda",
"groups": "",
"ips": "192.168.100.10",
"net_blocks": "",
"non_authentication_events":
{
"bypass_status_enablement": "Always"
}
},
"isotimestamp": "2024-05-29T14:34:59+00:00",
"object": null,
"timestamp": 1716993299,
"username": "Jane Doe"
}
Removes or deletes a security configuration policy or setting.
Removes or deletes a security configuration policy or setting.
{
"action": "policy_delete",
"description":
{
"admin_email": "jane.doe@example.com",
"anonymous_ip_policy": "Deny access",
"browser_max_ood_days": 30,
"chrome_remediation": "notify and allow",
"edge_remediation": "notify and allow",
"enroll_policy": "Require Enrollment",
"firefox_remediation": "notify and allow",
"ie_remediation": "notify and allow",
"mobile_chrome_remediation": "notify and allow",
"mobile_edge_remediation": "notify and allow",
"mobile_firefox_remediation": "notify and allow",
"mobile_safari_remediation": "notify and allow",
"name": "TEST POLICY",
"other_browsers_remediation": "notify and allow",
"pretty_trusted_devices": "",
"safari_remediation": "block all"
},
"isotimestamp": "2024-05-29T14:49:14+00:00",
"object": "TEST POLICY",
"timestamp": 1716994154,
"username": "Jane Doe"
}
Creates a new integration.
Creates a new integration.
{
"action": "integration_create",
"description":
{
"greeting": "",
"group_access": "",
"missing_web_referer_policy": "deny",
"name": "Salesforce - Single Sign-On",
"networks_for_api_access": "",
"notes": "",
"offline_auth_enabled": 0,
"offline_max_attempts": 0,
"offline_max_days": 0,
"os_logon_pwl_enabled": false,
"raw_type": "sso-salesforce",
"self_service_allowed": false,
"type": "Salesforce - Single Sign-On",
"username_normalization_policy": "None"
},
"isotimestamp": "2024-05-21T15:49:00+00:00",
"object": "Salesforce - Single Sign-On",
"timestamp": 1716306540,
"username": "Jane Doe"
}
Reads an existing integration.
Reads an existing integration.
Updates an existing integration.
Updates an existing integration.
{
"action": "integration_update",
"description":
{
"adminapi_admins": true,
"adminapi_info": true,
"adminapi_read_log": true,
"adminapi_read_resource": true,
"adminapi_settings": true
},
"isotimestamp": "2024-05-24T18:51:14+00:00",
"object": "Admin API",
"timestamp": 1716576674,
"username": "John Doe"
}
Removes or deletes an existing integration.
Removes or deletes an existing integration.
{
"action": "integration_delete",
"description":
{
"greeting": "",
"group_access": "",
"missing_web_referer_policy": "deny",
"name": "Workday - Single Sign-On",
"networks_for_api_access": "",
"notes": "",
"offline_auth_enabled": 0,
"offline_max_attempts": 0,
"offline_max_days": 0,
"os_logon_pwl_enabled": false,
"raw_type": "sso-workday",
"self_service_allowed": false,
"type": "Workday - Single Sign-On",
"username_normalization_policy": "None"
},
"isotimestamp": "2024-05-21T15:52:12+00:00",
"object": "Workday - Single Sign-On",
"timestamp": 1716306732,
"username": "Jane Doe"
}
Events (5)
A resource was created.
A resource was created.
{
"action": "administrative_unit_create",
"description":
{
"Administrators": "No assignments",
"Applications": "No assignments",
"Description": "",
"Groups": "No assignments",
"Name": "Test Admin Unit",
"Restricted by applications": "True",
"Restricted by groups": "True"
},
"isotimestamp": "2024-05-29T15:55:42+00:00",
"object": "Test Admin Unit",
"timestamp": 1716998142,
"username": "John Doe"
}
A resource was read.
A resource was read.
A resource was updated.
A resource was updated.
{
"action": "custom_messaging_update",
"description":
{
"help_links":
[],
"help_text_by_locale":
{
"en_US": "This is a custom Help Desk Message"
}
},
"isotimestamp": "2024-05-29T16:04:19+00:00",
"object": null,
"timestamp": 1716998659,
"username": "John Doe"
}
A resource was removed or deleted.
A resource was removed or deleted.
{
"action": "phone_delete",
"description":
{
"extension": "",
"number": "+11234567890",
"platform": "Generic Smartphone",
"pname": "",
"postdelay": null,
"predelay": null,
"type": "Mobile"
},
"isotimestamp": "2024-05-28T17:17:58+00:00",
"object": "123-456-6789",
"timestamp": 1716916678,
"username": "Jane Doe"
}
A resource was downloaded.
A resource was downloaded.
Provides an audit trail of administrative actions taken within the Duo Security platform.
Storage Duration: Configurable
Administrator logs are stored based on the log retention interval setting. If no custom log retention interval has been specified, Administrator logs can be retrieved from the time the account was initially created, reference https://help.duo.com/s/article/2990?language=en_US
Duration: Near real-time
Administrator logs are stored based on the log retention interval setting. If no custom log retention interval has been specified, Administrator logs can be retrieved from the time the account was initially created, reference https://help.duo.com/s/article/2990?language=en_US
Events (3)
An account attempted to login to a system.
An account attempted to login to a system.
An account attempted to logout of a system.
An account attempted to logout of a system.
Enter or acknowledge an MFA factor which indicates success or failure.
Enter or acknowledge an MFA factor which indicates success or failure.
{
"access_device":
{
"browser": "Chrome",
"browser_version": "125.0.6422.61",
"flash_version": "uninstalled",
"java_version": "uninstalled",
"os": "Mac OS X",
"os_version": "14.5.0",
"trusted_endpoint_status": "unknown"
},
"alias": "",
"device": "123-456-7890",
"email": "",
"factor": "Verified Duo Push",
"integration": "Salesforce - Single Sign-On",
"ip": "192.168.10.1",
"isotimestamp": "2024-05-21T18:09:57.825584+00:00",
"location":
{
"city": "San Francisco",
"country": "US",
"state": "California"
},
"new_enrollment": false,
"ood_software": null,
"reason": "Push answered with correct verification code",
"result": "SUCCESS",
"timestamp": 1716314997,
"username": "Bruce Wayne"
}
{
"access_device":
{
"browser": "Chrome",
"browser_version": "125.0.6422.61",
"flash_version": "uninstalled",
"java_version": "uninstalled",
"os": "Mac OS X",
"os_version": "14.5.0",
"trusted_endpoint_status": "unknown"
},
"alias": "",
"device": "123-456-7890",
"email": "",
"factor": "Verified Duo Push",
"integration": "Duo Central",
"ip": "192.168.10.1",
"isotimestamp": "2024-05-21T18:08:48.081423+00:00",
"location":
{
"city": "San Francisco",
"country": "US",
"state": "California"
},
"new_enrollment": false,
"ood_software": null,
"reason": "User entered incorrect verification code",
"result": "FAILURE",
"timestamp": 1716314928,
"username": "Tony Stark"
}
Events (18)
Creates a user.
Creates a user.
Reads information about a user.
Reads information about a user.
Updates information about a user.
Updates information about a user.
Removes or deletes a user.
Removes or deletes a user.
Creates a logical group.
Creates a logical group.
Reads a group.
Reads a group.
Updates a group.
Updates a group.
Removes or deletes a group.
Removes or deletes a group.
Adds a service, user or account to a group.
Adds a service, user or account to a group.
Removes a service, user or account from a group.
Removes a service, user or account from a group.
Creates a new role.
Creates a new role.
Reads a role.
Reads a role.
Updates a role.
Updates a role.
Removes or deletes a role.
Removes or deletes a role.
Adds a permission to a resource.
Adds a permission to a resource.
Removes a permission from a resource.
Removes a permission from a resource.
A MFA enrollment was added to an account.
A MFA enrollment was added to an account.
A MFA enrollment was removed from an account.
A MFA enrollment was removed from an account.
Events (8)
Creates a security configuration policy or enables settings.
Creates a security configuration policy or enables settings.
Reads a security configuration policy or settings.
Reads a security configuration policy or settings.
Updates a security configuration policy or settings.
Updates a security configuration policy or settings.
Removes or deletes a security configuration policy or setting.
Removes or deletes a security configuration policy or setting.
Creates a new integration.
Creates a new integration.
Reads an existing integration.
Reads an existing integration.
Updates an existing integration.
Updates an existing integration.
Removes or deletes an existing integration.
Removes or deletes an existing integration.
Events (5)
A resource was created.
A resource was created.
A resource was read.
A resource was read.
A resource was updated.
A resource was updated.
A resource was removed or deleted.
A resource was removed or deleted.
A resource was downloaded.
A resource was downloaded.
Provides an audit trail of authentication activity within the Duo Security platform.
Storage Duration: 180 days
Maximum retention of 180 days, even if the log retention interval is set to a value greater than 180 days, reference https://help.duo.com/s/article/2990?language=en_US
Duration: Near real-time
Maximum retention of 180 days, even if the log retention interval is set to a value greater than 180 days, reference https://help.duo.com/s/article/2990?language=en_US
Duo is a cloud-based security platform which provides multi-factor authentication, identity and device verification, and single sign-on to company resources. The Duo Admin API provides programmatic access to the Duo platform. The Admin API can be used to to manage users, tokens, bypass codes, and retrieve audit logs.
The Duo Admin API provides programmatic access to the administrative functionality of Duo Security's two-factor authentication platform.
Events (3)
An account attempted to login to a system.
An account attempted to login to a system.
{
"@timestamp": 1685981286101,
"_document_id": "mdvjC2kuRvXW_3Gkg7ni7Q",
"action": "org.sso_response",
"actor": "john.doe",
"actor_id": 12345678,
"actor_location": {
"country_code": "US"
},
"created_at": 1685981286101,
"issuer": "https://accounts.google.com/o/saml2?idpid=C02abcd01",
"operation_type": "authentication",
"org": "acme-inc",
"org_id": 1234000,
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/198.51.100.1 Safari/537.36"
}
An account attempted to logout of a system.
An account attempted to logout of a system.
Enter or acknowledge an MFA factor which indicates success or failure.
Enter or acknowledge an MFA factor which indicates success or failure.
Events (18)
Creates a user.
Creates a user.
Reads information about a user.
Reads information about a user.
Updates information about a user.
Updates information about a user.
Removes or deletes a user.
Removes or deletes a user.
Creates a logical group.
Creates a logical group.
{
"@timestamp": 1686001364120,
"_document_id": "FLl6thHIizqa55S1P1tjIA",
"action": "team.create",
"actor": "john.doe",
"actor_id": 12345678,
"actor_ip": "198.51.100.1",
"actor_location": {
"country_code": "US"
},
"created_at": 1686001364120,
"operation_type": "create",
"org": "acme-inc",
"org_id": 1234000,
"team": "acme-inc/approvers",
"user": "alice.brown",
"user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36",
"user_id": 95659676
}
Reads a group.
Reads a group.
Updates a group.
Updates a group.
{
"@timestamp": 1694792374166,
"_document_id": "JLMgkpYMkGmRiukmKjn4CQ",
"action": "team.rename",
"actor": "john.doe",
"actor_id": 12345678,
"actor_ip": "198.51.100.1",
"actor_location": {
"country_code": "US"
},
"business": "acme",
"business_id": 1122,
"created_at": 1694792374166,
"name": "Acme_Devs",
"operation_type": "modify",
"org": "acme-inc",
"org_id": 1234000,
"team": "acme-inc/devs",
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.6 Safari/605.1.15"
}
Removes or deletes a group.
Removes or deletes a group.
{
"@timestamp": 1714145080936,
"_document_id": "alg4QbCba1UhZA2VFJSTxQ",
"action": "team.destroy",
"actor": "john.doe",
"actor_id": 12345678,
"actor_ip": "198.51.100.1",
"actor_is_bot": false,
"actor_location":
{
"country_code": "US"
},
"business": "acme-inc",
"business_id": 1234000,
"created_at": 1714145080936,
"external_identity_nameid": "john@example.com",
"external_identity_username": null,
"operation_type": "remove",
"org": "acme-inc",
"org_id": 1234000,
"team": "acme-inc/approvers",
"user_agent": "Mozilla/5.0 (Macintosh Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36"
}
Adds a service, user or account to a group.
Adds a service, user or account to a group.
{
"@timestamp": 1686151363489,
"_document_id": "rLVAJb3ZtiugVygHs84Agw",
"action": "org.add_member",
"actor": "john.doe",
"actor_id": 12345678,
"actor_ip": "198.51.100.1",
"actor_location": {
"country_code": "US"
},
"business": "acme",
"business_id": 1122,
"created_at": 1686151363489,
"operation_type": "create",
"org": "acme-inc",
"org_id": 1234000,
"permission": "read",
"user": "alice.brown",
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36",
"user_id": 98490879
}
{
"@timestamp": 1686159261336,
"_document_id": "8s0hw2CW8Y44_rjiM9yNkw",
"action": "repo.add_member",
"actor": "john.doe",
"actor_id": 12345678,
"actor_ip": "198.51.100.1",
"actor_location": {
"country_code": "US"
},
"business": "acme",
"business_id": 1122,
"created_at": 1686159261336,
"operation_type": "create",
"org": "acme-inc",
"org_id": 1234000,
"permission": "admin",
"public_repo": false,
"repo": "acme-inc/example-repo",
"repo_id": 100056789,
"user": "alice.brown",
"user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/113.0",
"user_id": 24304531,
"visibility": "private"
}
{
"@timestamp": 1686096308885,
"_document_id": "SwDxpQo4Gs5NMybfaD9mig",
"action": "team.add_member",
"actor": "john.doe",
"actor_id": 12345678,
"actor_ip": "198.51.100.1",
"actor_location": {
"country_code": "US"
},
"business": "acme",
"business_id": 1122,
"created_at": 1686096308885,
"hashed_token": "mZp8g+OGBjSnsxiRSjcYhBTpoXi5BfdF2q8F1+kPW4M=",
"operation_type": "create",
"org": "acme-inc",
"org_id": 1234000,
"programmatic_access_type": "Personal access token (classic)",
"team": "acme-inc/approvers",
"token_id": 720527199,
"token_scopes": "admin:enterprise,admin:gpg_key,admin:org,admin:org_hook,admin:public_key,admin:repo_hook,delete:packages,delete_repo,gist,notifications,project,repo,user,workflow,write:discussion,write:packages",
"user": "alice.brown",
"user_agent": "python-requests/2.25.1",
"user_id": 87766365
}
Removes a service, user or account from a group.
Removes a service, user or account from a group.
{
"@timestamp": 1685999458723,
"_document_id": "7IscVOcqIFzcj5OSXLDtig",
"action": "org.remove_member",
"actor": "john.doe",
"actor_id": 12345678,
"actor_ip": "198.51.100.1",
"actor_location": {
"country_code": "US"
},
"business": "acme",
"business_id": 1122,
"created_at": 1685999458723,
"hashed_token": "zQVfYwWXODOOEd4WcNdcJCBfPDJBrFXRGvmX25Q7ZjU=",
"operation_type": "remove",
"org": "acme-inc",
"org_id": 1234000,
"programmatic_access_type": "GitHub App server-to-server token",
"token_id": 47105702648,
"user": "alice.brown",
"user_agent": "PyGithub/Python",
"user_id": 1234567
}
{
"@timestamp": 1686096006218,
"_document_id": "Pm9_xkuRvV-rrHd2Tjk0Tw",
"action": "repo.remove_member",
"actor": "john.doe",
"actor_id": 12345678,
"actor_ip": "198.51.100.1",
"actor_location": {
"country_code": "US"
},
"business": "acme",
"business_id": 1122,
"created_at": 1686096006218,
"hashed_token": "mZp8g+OGBjSnsxiRSjcYhBTpoXi5BfdF2q8F1+kLW4M=",
"operation_type": "remove",
"org": "acme-inc",
"org_id": 1234000,
"programmatic_access_type": "Personal access token (classic)",
"public_repo": false,
"repo": "acme-inc/example-repo",
"repo_id": 100056789,
"token_id": 720527199,
"token_scopes": "admin:enterprise,admin:gpg_key,admin:org,admin:org_hook,admin:public_key,admin:repo_hook,delete:packages,delete_repo,gist,notifications,project,repo,user,workflow,write:discussion,write:packages",
"user": "alice.brown",
"user_agent": "python-requests/2.25.1",
"user_id": 116757057,
"visibility": "internal"
}
{
"@timestamp": 1685998981304,
"_document_id": "XQwkRXOV8tJYCbbgk9d6TQ",
"action": "team.remove_member",
"actor": "john.doe",
"actor_id": 12345678,
"actor_ip": "198.51.100.1",
"actor_location": {
"country_code": "US"
},
"business": "acme",
"business_id": 1122,
"created_at": 1685998981304,
"hashed_token": "zQVfYwWXODOOEd4WcNdcJCBfPDJBrFXRGvmX25Q7ZjU=",
"operation_type": "remove",
"org": "acme-inc",
"org_id": 1234000,
"programmatic_access_type": "GitHub App server-to-server token",
"team": "acme-inc/approvers",
"token_id": 57105909618,
"user": "alice.brown",
"user_agent": "PyGithub/Python",
"user_id": 110431782
}
Creates a new role.
Creates a new role.
Reads a role.
Reads a role.
Updates a role.
Updates a role.
Removes or deletes a role.
Removes or deletes a role.
Adds a permission to a resource.
Adds a permission to a resource.
{
"@timestamp": 1686215687636,
"_document_id": "TrmGicxMRvbKCHwf3vmJdD",
"action": "team.update_repository_permission",
"actor": "john.doe",
"actor_id": 12345678,
"actor_ip": "198.51.100.1",
"actor_location": {
"country_code": "US"
},
"business": "acme",
"business_id": 1122,
"created_at": 1686215687636,
"hashed_token": "mZp8g+OGBjSnsxiRAjcYhBTpoXi5BfdF2d8F1+kLW4M=",
"new_repo_base_role": null,
"new_repo_permission": "maintain",
"old_permissions": {
"admin": true,
"maintain": true,
"pull": true,
"push": true,
"triage": true
},
"old_repo_base_role": null,
"old_repo_permission": "admin",
"operation_type": "modify",
"org": "acme-inc",
"org_id": 1234000,
"programmatic_access_type": "Personal access token (classic)",
"public_repo": false,
"repo": "acme-inc/example-repo",
"repo_id": 641582886,
"team": "acme-inc/dev-leads",
"token_id": 720527199,
"token_scopes": "admin:enterprise,admin:gpg_key,admin:org,admin:org_hook,admin:public_key,admin:repo_hook,delete:packages,delete_repo,gist,notifications,project,repo,user,workflow,write:discussion,write:packages",
"user": "gh-automate-prod",
"user_agent": "python-requests/2.25.0",
"user_id": 92325258
}
Removes a permission from a resource.
Removes a permission from a resource.
{
"@timestamp": 1686215687636,
"_document_id": "TrmGicxMRvbKCHwb3vmJdQ",
"action": "team.update_repository_permission",
"actor": "john.doe",
"actor_id": 12345678,
"actor_ip": "198.51.100.1",
"actor_location": {
"country_code": "US"
},
"business": "acme",
"business_id": 1122,
"created_at": 1686215687636,
"hashed_token": "mZp8g+OGBjSnsxiRSjcYhBTpoXi5BfdF2q8F1+kLW4M=",
"new_repo_base_role": null,
"new_repo_permission": "maintain",
"old_permissions": {
"admin": true,
"maintain": true,
"pull": true,
"push": true,
"triage": true
},
"old_repo_base_role": null,
"old_repo_permission": "admin",
"operation_type": "modify",
"org": "acme-inc",
"org_id": 1234000,
"programmatic_access_type": "Personal access token (classic)",
"public_repo": false,
"repo": "acme-inc/example-repo",
"repo_id": 641582886,
"team": "acme-inc/dev-leads",
"token_id": 720527199,
"token_scopes": "admin:enterprise,admin:gpg_key,admin:org,admin:org_hook,admin:public_key,admin:repo_hook,delete:packages,delete_repo,gist,notifications,project,repo,user,workflow,write:discussion,write:packages",
"user": "gh-automate-prod",
"user_agent": "python-requests/2.25.0",
"user_id": 92325258
}
A MFA enrollment was added to an account.
A MFA enrollment was added to an account.
A MFA enrollment was removed from an account.
A MFA enrollment was removed from an account.
Events (8)
Creates a security configuration policy or enables settings.
Creates a security configuration policy or enables settings.
{
"@timestamp": 1686011086644,
"_document_id": "RxxlJ0MRNMQR8olkdIgPvQ",
"action": "private_repository_forking.enable",
"actor": "john.doe",
"actor_id": 12345678,
"actor_ip": "198.51.100.1",
"actor_location": {
"country_code": "US"
},
"created_at": 1686011086644,
"operation_type": "modify",
"org": "acme-inc",
"org_id": 1234000,
"public_repo": false,
"repo": "acme-inc/example-repo",
"repo_id": 649922249,
"user": "john.doe",
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36",
"user_id": 12345678
}
Reads a security configuration policy or settings.
Reads a security configuration policy or settings.
Updates a security configuration policy or settings.
Updates a security configuration policy or settings.
{
"@timestamp": 1686158250381,
"_document_id": "_I3yfAxtGRuNaaiuffqtvA",
"action": "hook.config_changed",
"active": true,
"actor": "john.doe",
"actor_id": 12345678,
"actor_ip": "198.51.100.1",
"actor_location": {
"country_code": "US"
},
"config": {
"content_type": "json",
"insecure_ssl": "0",
"url": "https://webhook.acme.com/deliver/fghij"
},
"config_was": {
"content_type": "json",
"insecure_ssl": "0",
"url": "https://webhook.acme.com/deliver/abcde"
},
"created_at": 1686158250381,
"events": [
"deployment",
"pull_request",
"push"
],
"hook_id": 418200273,
"name": "webhook",
"operation_type": "modify",
"org": "acme-inc",
"org_id": 1234000,
"public_repo": false,
"repo": "acme-inc/example-repo",
"repo_id": 649951183,
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36"
}
{
"@timestamp": 1686246022669,
"_document_id": "Ko2tnAiduqWy3KZSsh1nGA",
"action": "repo.change_merge_setting",
"actor": "john.doe",
"actor_id": 12345678,
"actor_ip": "198.51.100.1",
"actor_location": {
"country_code": "US"
},
"business": "acme",
"business_id": 1122,
"created_at": 1686246022669,
"hashed_token": "WQH64WU0ciJ0EBQcMlkneYRFGeQoW6FocQt8NYpNy5c=",
"operation_type": "modify",
"org": "acme-inc",
"org_id": 1234000,
"programmatic_access_type": "Personal access token (classic)",
"public_repo": false,
"repo": "acme-inc/example-repo",
"repo_id": 651188699,
"token_id": 1139584588,
"token_scopes": "admin:repo_hook,delete_repo,repo",
"user_agent": "octokit.js/2.0.10 octokit-core.js/4.1.0 Node.js/16.20.0 (linux; x64)",
"visibility": "private"
}
Removes or deletes a security configuration policy or setting.
Removes or deletes a security configuration policy or setting.
Creates a new integration.
Creates a new integration.
{
"@timestamp": 1686093901098,
"_document_id": "-hMpj-RFDXOlc43Zf9woMw",
"action": "integration.create",
"actor": "john.doe",
"actor_id": 12345678,
"actor_ip": "198.51.100.1",
"actor_location": {
"country_code": "US"
},
"business": "acme",
"business_id": 1122,
"created_at": 1686093901098,
"integration": "Acme: integration 001",
"name": "Acme: integration 001",
"operation_type": "create",
"org": "acme-inc",
"org_id": 1234000,
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36"
}
Reads an existing integration.
Reads an existing integration.
Updates an existing integration.
Updates an existing integration.
Removes or deletes an existing integration.
Removes or deletes an existing integration.
{
"@timestamp": 1689093550092,
"_document_id": "IrAm5tty1DHWLJG7uRCusA",
"action": "integration.destroy",
"actor": "john.doe",
"actor_id": 12345678,
"actor_ip": "198.51.100.1",
"actor_location": {
"country_code": "US"
},
"business": "acme",
"business_id": 120,
"created_at": 1689093550092,
"integration": "Acme: integration 1",
"name": "Acme: integration 1",
"operation_type": "remove",
"org": "acme",
"org_id": 1234000,
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36"
}
Events (5)
A resource was created.
A resource was created.
{
"@timestamp": 1686078595170,
"_document_id": "sMyjmd8KUm6uTtRwQJ1hsw",
"action": "hook.create",
"active": true,
"actor": "john.doe",
"actor_id": 12345678,
"actor_ip": "198.51.100.1",
"actor_location": {
"country_code": "US"
},
"business": "acme",
"business_id": 1122,
"config": {
"content_type": "json",
"insecure_ssl": "0",
"secret": "********",
"url": "https://us-west-2.webhooks.aws/trigger"
},
"created_at": 1686078595170,
"events": [
"push"
],
"hashed_token": "DfeiN4v7CaRl56/VnmeKJ3+U9G9A1/zW9IFvFB3r268=",
"hook_id": 418227875,
"name": "webhook",
"oauth_application": null,
"oauth_application_id": null,
"operation_type": "create",
"org": "acme-inc",
"org_id": 1234000,
"programmatic_access_type": "Personal access token (classic)",
"public_repo": false,
"repo": "acme-inc/example-repo",
"repo_id": 100056789,
"token_id": 610414153,
"token_scopes": "admin:repo_hook,repo",
"user_agent": "AWS CodePipeline"
}
{
"@timestamp": 1686078898897,
"_document_id": "Dn-NJGInb1qGinKSmx-Hhg",
"action": "pull_request.create",
"actor": "john.doe",
"actor_id": 12345678,
"actor_ip": "198.51.100.1",
"actor_location": {
"country_code": "US"
},
"business": "acme",
"business_id": 1122,
"created_at": 1686078898897,
"operation_type": "create",
"org": "acme-inc",
"org_id": 1234000,
"public_repo": false,
"pull_request_id": 1381374259,
"pull_request_title": "Release 2345",
"pull_request_url": "https://github.com/acme-inc/example-repo/pull/64",
"repo": "acme-inc/example-repo",
"repo_id": 100056789,
"user": "alice.brown",
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36",
"user_id": 105299763
}
{
"@timestamp": 1686163479794,
"_document_id": "HxMMNJg2Ek8AJoNUGZ_6Yw",
"action": "pull_request_review.submit",
"actor": "john.doe",
"actor_id": 12345678,
"actor_ip": "198.51.100.1",
"actor_location": {
"country_code": "US"
},
"business": "acme",
"business_id": 1122,
"created_at": 1686163479794,
"operation_type": "modify",
"org": "acme-inc",
"org_id": 1234000,
"public_repo": false,
"pull_request_id": 1383147660,
"pull_request_title": "Release 2345",
"pull_request_url": "https://github.com/acme-inc/dice-instl-reset-password-ui/pull/159",
"repo": "acme-inc/example-repo",
"repo_id": 343699946,
"user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36"
}
{
"@timestamp": 1686079082576,
"_document_id": "GohZoGvnLxIsTepkIgnPuA",
"action": "pull_request_review_comment.create",
"actor": "john.doe",
"actor_id": 12345678,
"actor_ip": "198.51.100.1",
"actor_location": {
"country_code": "US"
},
"business": "acme",
"business_id": 1122,
"created_at": 1686079082576,
"operation_type": "create",
"org": "acme-inc",
"org_id": 1234000,
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36"
}
{
"@timestamp": 1686077942218,
"_document_id": "Mgash4pqBYVy5lV3xeohLg",
"action": "repo.create",
"actor": "john.doe",
"actor_id": 12345678,
"actor_ip": "198.51.100.1",
"actor_location": {
"country_code": "US"
},
"business": "acme",
"business_id": 1122,
"created_at": 1686077942218,
"operation_type": "create",
"org": "acme-inc",
"org_id": 1234000,
"public_repo": false,
"repo": "acme-inc/example-repo",
"repo_id": 100056789,
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36",
"visibility": "private"
}
{
"@timestamp": 1685772210579,
"_document_id": "CyTAhfqvaaz5kqONoaJ1hg",
"action": "repo.create_actions_secret",
"actor": "john.doe",
"actor_id": 12345678,
"actor_ip": "198.51.100.1",
"actor_location": {
"country_code": "US"
},
"business": "acme",
"business_id": 1122,
"created_at": 1685772210579,
"key": "ACME_TOKEN",
"operation_type": "create",
"org": "acme-inc",
"org_id": 1234000,
"public_repo": false,
"repo": "acme-inc/example-repo",
"repo_id": 100056789,
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36",
"visibility": null
}
{
"@timestamp": 1686078701893,
"_document_id": "RDSIX6X7F8WlXCkyaBqtOA",
"action": "workflows.created_workflow_run",
"actor": "john.doe",
"actor_id": 12345678,
"actor_ip": "198.51.100.1",
"actor_location": {
"country_code": "US"
},
"business": "acme",
"business_id": 1122,
"created_at": 1686078701893,
"event": "pull_request",
"hashed_token": "nfd4LqkxPUWZZgY4Gw0ouzqnR6Vil/6QVSKnIeDsKjk=",
"head_branch": "master-1",
"head_sha": "39c3ffd3a48a3b8e1dd17329724f503e508a5d71",
"name": "ci-pr",
"operation_type": "create",
"org": "acme-inc",
"org_id": 1234000,
"programmatic_access_type": "GitHub App server-to-server token",
"public_repo": false,
"repo": "acme-inc/example-repo",
"repo_id": 100056789,
"run_number": 5754,
"started_at": "2023-06-06T19:11:41.000Z",
"token_id": 57189181686,
"trigger_id": 1380004667,
"user_agent": "launch/production",
"workflow_id": 36840124,
"workflow_run_id": 5192442613
}
A resource was read.
A resource was read.
A resource was updated.
A resource was updated.
{
"@timestamp": 1686141043334,
"_document_id": "1Ed3MPt5rEKAbpW-k9jKVQ",
"action": "pull_request.create_review_request",
"actor": "john.doe",
"actor_id": 12345678,
"actor_ip": "198.51.100.1",
"actor_location": {
"country_code": "US"
},
"business": "acme",
"business_id": 1122,
"created_at": 1686141043334,
"operation_type": "create",
"org": "acme-inc",
"org_id": 1234000,
"public_repo": false,
"pull_request_id": 1382584132,
"pull_request_title": "Release 2345",
"pull_request_url": "https://github.com/acme-inc/example-repo/pull/4298",
"repo": "acme-inc/example-repo",
"repo_id": 100056789,
"user": "alice.brown",
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36",
"user_id": 89937142
}
{
"@timestamp": 1686134016077,
"_document_id": "rRDqrkWAyr4etNHVBN2MdQ",
"action": "pull_request_review_comment.update",
"actor": "john.doe",
"actor_id": 12345678,
"actor_ip": "198.51.100.1",
"actor_location": {
"country_code": "US"
},
"business": "acme",
"business_id": 1122,
"created_at": 1686134016077,
"operation_type": "modify",
"org": "acme-inc",
"org_id": 1234000,
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36"
}
{
"@timestamp": 1686092778658,
"_document_id": "ySsAv7blcNhEhRvlw2cnbQ",
"action": "repo.rename",
"actor": "john.doe",
"actor_id": 12345678,
"actor_ip": "198.51.100.1",
"actor_location": {
"country_code": "US"
},
"business": "acme",
"business_id": 1122,
"created_at": 1686092778658,
"old_name": "copy-s3-objects",
"operation_type": "modify",
"org": "acme-inc",
"org_id": 1234000,
"public_repo": false,
"repo": "acme-inc/example-repo",
"repo_id": 100056789,
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Safari/605.1.15",
"visibility": "private"
}
A resource was removed or deleted.
A resource was removed or deleted.
{
"@timestamp": 1686089206322,
"_document_id": "4qrOaf_n_cB0BEUfoTXeyw",
"action": "hook.destroy",
"active": true,
"actor": "john.doe",
"actor_id": 12345678,
"actor_ip": "198.51.100.1",
"actor_location": {
"country_code": "US"
},
"business": "acme",
"business_id": 1122,
"config": {
"content_type": "form",
"insecure_ssl": "0"
},
"created_at": 1686089206322,
"events": [],
"hook_id": 418246386,
"name": "webhook",
"operation_type": "remove",
"org": "acme-inc",
"org_id": 1234000,
"public_repo": false,
"repo": "acme-inc/example-repo",
"repo_id": 100056789,
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36"
}
{
"@timestamp": 1686092779312,
"_document_id": "2AAQbnEVxg_qkh4S5XcQDg",
"action": "pull_request_review.delete",
"actor": "john.doe",
"actor_id": 12345678,
"actor_ip": "198.51.100.1",
"actor_location": {
"country_code": "US"
},
"business": "acme",
"business_id": 1122,
"created_at": 1686092779312,
"operation_type": "remove",
"org": "acme-inc",
"org_id": 1234000,
"public_repo": false,
"pull_request_id": 1376005422,
"pull_request_title": "Release 2345",
"pull_request_url": "https://github.com/acme-inc/example-repo/pull/965",
"repo": "acme-inc/example-repo",
"repo_id": 100056789,
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36"
}
{
"@timestamp": 1686093347760,
"_document_id": "4cV9xbCwSP5t5IT1TXEY1A",
"action": "pull_request_review_comment.delete",
"actor": "john.doe",
"actor_id": 12345678,
"actor_ip": "198.51.100.1",
"actor_location": {
"country_code": "US"
},
"business": "acme",
"business_id": 1122,
"created_at": 1686093347760,
"operation_type": "remove",
"org": "acme-inc",
"org_id": 1234000,
"public_repo": false,
"repo": "acme-inc/example-repo",
"repo_id": 100056789,
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36"
}
{
"@timestamp": 1686163467515,
"_document_id": "1V2e_uoTEqkgh4EIgIq28g",
"action": "repo.destroy",
"actor": "john.doe",
"actor_id": 12345678,
"actor_ip": "198.51.100.1",
"actor_location": {
"country_code": "US"
},
"business": "acme",
"business_id": 1122,
"created_at": 1686163467515,
"operation_type": "remove",
"org": "acme-inc",
"org_id": 1234000,
"public_repo": false,
"repo": "acme-inc/example-repo",
"repo_id": 100056789,
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36",
"visibility": "private"
}
A resource was downloaded.
A resource was downloaded.
{
"@timestamp": 1686153022502,
"_document_id": "TaE7QBpn7eLwzy62M2_I8g",
"action": "repo.download_zip",
"actor": "john.doe",
"actor_id": 12345678,
"actor_ip": "198.51.100.1",
"actor_location": {
"country_code": "US"
},
"business": "acme",
"business_id": 1122,
"created_at": 1686153022502,
"hashed_token": "wEEhJjHXoWXUrZ2RjPughm1z3SFJBMM1P7ezCwNHUtM=",
"operation_type": "access",
"org": "acme-inc",
"org_id": 1234000,
"programmatic_access_type": "GitHub App server-to-server token",
"public_repo": false,
"repo": "acme-inc/example-repo",
"repo_id": 100056789,
"token_id": 57266916082,
"user_agent": "AWS CodeStar Connections",
"visibility": "internal"
}
GitHub enterprise audit logs that provide an audit trail of user and system activity.
Storage Duration: Infinite
Can be changed by an enterprise admin
Duration: Near Real-Time
Can be changed by an enterprise admin
Events (3)
An account attempted to login to a system.
An account attempted to login to a system.
An account attempted to logout of a system.
An account attempted to logout of a system.
Enter or acknowledge an MFA factor which indicates success or failure.
Enter or acknowledge an MFA factor which indicates success or failure.
Events (18)
Creates a user.
Creates a user.
Reads information about a user.
Reads information about a user.
Updates information about a user.
Updates information about a user.
{
"X-GitHub-Event": "member",
"action": "edited",
"changes": {
"permission": {
"from": "admin",
"to": "maintain"
}
},
"enterprise": {
"avatar_url": "https://avatars.githubusercontent.com/b/120?v=4",
"created_at": "2019-05-06T23:02:11Z",
"description": "Enterprise Account",
"html_url": "https://github.com/enterprises/acme-inc",
"id": 120,
"name": "Acme, Inc. (Enterprise)",
"node_id": "MDEwOkVudGVycHJpc2UxMjA=",
"slug": "acme-inc",
"updated_at": "2023-09-18T18:37:11Z",
"website_url": ""
},
"installation": {
"id": 36327543,
"node_id": "MDIzOkludGVncmF0aW9uSW5zdGFsbGF0aW9uMzYzMjc1NDM="
},
"member": {
"avatar_url": "https://avatars.githubusercontent.com/u/125585944?v=4",
"events_url": "https://api.github.com/users/john.doe/events{/privacy}",
"followers_url": "https://api.github.com/users/john.doe/followers",
"following_url": "https://api.github.com/users/john.doe/following{/other_user}",
"gists_url": "https://api.github.com/users/john.doe/gists{/gist_id}",
"gravatar_id": "",
"html_url": "https://github.com/john.doe",
"id": 125585944,
"login": "john.doe",
"node_id": "U_kgDOB3xKGA",
"organizations_url": "https://api.github.com/users/john.doe/orgs",
"received_events_url": "https://api.github.com/users/john.doe/received_events",
"repos_url": "https://api.github.com/users/john.doe/repos",
"site_admin": false,
"starred_url": "https://api.github.com/users/john.doe/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/john.doe/subscriptions",
"type": "User",
"url": "https://api.github.com/users/john.doe"
},
"organization": {
"avatar_url": "https://avatars.githubusercontent.com/u/57419047?v=4",
"description": "Technology products that deliver great experiences.",
"events_url": "https://api.github.com/orgs/acme/events",
"hooks_url": "https://api.github.com/orgs/acme/hooks",
"id": 57419047,
"issues_url": "https://api.github.com/orgs/acme/issues",
"login": "acme",
"members_url": "https://api.github.com/orgs/acme/members{/member}",
"node_id": "MDEyOk9yZ2FuaXphdGlvbjU3NDE5MDQ3",
"public_members_url": "https://api.github.com/orgs/acme/public_members{/member}",
"repos_url": "https://api.github.com/orgs/acme/repos",
"url": "https://api.github.com/orgs/acme"
},
"repository": {
"allow_forking": false,
"archive_url": "https://api.github.com/repos/acme/acme-search-service/{archive_format}{/ref}",
"archived": false,
"assignees_url": "https://api.github.com/repos/acme/acme-search-service/assignees{/user}",
"blobs_url": "https://api.github.com/repos/acme/acme-search-service/git/blobs{/sha}",
"branches_url": "https://api.github.com/repos/acme/acme-search-service/branches{/branch}",
"clone_url": "https://github.com/acme/acme-search-service.git",
"collaborators_url": "https://api.github.com/repos/acme/acme-search-service/collaborators{/collaborator}",
"comments_url": "https://api.github.com/repos/acme/acme-search-service/comments{/number}",
"commits_url": "https://api.github.com/repos/acme/acme-search-service/commits{/sha}",
"compare_url": "https://api.github.com/repos/acme/acme-search-service/compare/{base}...{head}",
"contents_url": "https://api.github.com/repos/acme/acme-search-service/contents/{+path}",
"contributors_url": "https://api.github.com/repos/acme/acme-search-service/contributors",
"created_at": "2023-03-06T18:27:33Z",
"default_branch": "develop",
"deployments_url": "https://api.github.com/repos/acme/acme-search-service/deployments",
"description": "This repository has code for hosting associate search process endpoints",
"disabled": false,
"downloads_url": "https://api.github.com/repos/acme/acme-search-service/downloads",
"events_url": "https://api.github.com/repos/acme/acme-search-service/events",
"fork": false,
"forks": 0,
"forks_count": 0,
"forks_url": "https://api.github.com/repos/acme/acme-search-service/forks",
"full_name": "acme/acme-search-service",
"git_commits_url": "https://api.github.com/repos/acme/acme-search-service/git/commits{/sha}",
"git_refs_url": "https://api.github.com/repos/acme/acme-search-service/git/refs{/sha}",
"git_tags_url": "https://api.github.com/repos/acme/acme-search-service/git/tags{/sha}",
"git_url": "git://github.com/acme/acme-search-service.git",
"has_discussions": false,
"has_downloads": true,
"has_issues": true,
"has_pages": false,
"has_projects": true,
"has_wiki": true,
"homepage": "",
"hooks_url": "https://api.github.com/repos/acme/acme-search-service/hooks",
"html_url": "https://github.com/acme/acme-search-service",
"id": 610418220,
"is_template": false,
"issue_comment_url": "https://api.github.com/repos/acme/acme-search-service/issues/comments{/number}",
"issue_events_url": "https://api.github.com/repos/acme/acme-search-service/issues/events{/number}",
"issues_url": "https://api.github.com/repos/acme/acme-search-service/issues{/number}",
"keys_url": "https://api.github.com/repos/acme/acme-search-service/keys{/key_id}",
"labels_url": "https://api.github.com/repos/acme/acme-search-service/labels{/name}",
"language": "Python",
"languages_url": "https://api.github.com/repos/acme/acme-search-service/languages",
"license": null,
"merges_url": "https://api.github.com/repos/acme/acme-search-service/merges",
"milestones_url": "https://api.github.com/repos/acme/acme-search-service/milestones{/number}",
"mirror_url": null,
"name": "acme-search-service",
"node_id": "R_kgDOJGI-LA",
"notifications_url": "https://api.github.com/repos/acme/acme-search-service/notifications{?since,all,participating}",
"open_issues": 0,
"open_issues_count": 0,
"owner": {
"avatar_url": "https://avatars.githubusercontent.com/u/57419047?v=4",
"events_url": "https://api.github.com/users/acme/events{/privacy}",
"followers_url": "https://api.github.com/users/acme/followers",
"following_url": "https://api.github.com/users/acme/following{/other_user}",
"gists_url": "https://api.github.com/users/acme/gists{/gist_id}",
"gravatar_id": "",
"html_url": "https://github.com/acme",
"id": 57419047,
"login": "acme",
"node_id": "MDEyOk9yZ2FuaXphdGlvbjU3NDE5MDQ3",
"organizations_url": "https://api.github.com/users/acme/orgs",
"received_events_url": "https://api.github.com/users/acme/received_events",
"repos_url": "https://api.github.com/users/acme/repos",
"site_admin": false,
"starred_url": "https://api.github.com/users/acme/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/acme/subscriptions",
"type": "Organization",
"url": "https://api.github.com/users/acme"
},
"private": true,
"pulls_url": "https://api.github.com/repos/acme/acme-search-service/pulls{/number}",
"pushed_at": "2023-05-08T16:25:35Z",
"releases_url": "https://api.github.com/repos/acme/acme-search-service/releases{/id}",
"size": 65114,
"ssh_url": "git@github.com:acme/acme-search-service.git",
"stargazers_count": 1,
"stargazers_url": "https://api.github.com/repos/acme/acme-search-service/stargazers",
"statuses_url": "https://api.github.com/repos/acme/acme-search-service/statuses/{sha}",
"subscribers_url": "https://api.github.com/repos/acme/acme-search-service/subscribers",
"subscription_url": "https://api.github.com/repos/acme/acme-search-service/subscription",
"svn_url": "https://github.com/acme/acme-search-service",
"tags_url": "https://api.github.com/repos/acme/acme-search-service/tags",
"teams_url": "https://api.github.com/repos/acme/acme-search-service/teams",
"topics": [
"aa00003030"
],
"trees_url": "https://api.github.com/repos/acme/acme-search-service/git/trees{/sha}",
"updated_at": "2023-03-31T15:19:08Z",
"url": "https://api.github.com/repos/acme/acme-search-service",
"visibility": "private",
"watchers": 1,
"watchers_count": 1,
"web_commit_signoff_required": false
},
"sender": {
"avatar_url": "https://avatars.githubusercontent.com/u/124079944?v=4",
"events_url": "https://api.github.com/users/acme-bot/events{/privacy}",
"followers_url": "https://api.github.com/users/acme-bot/followers",
"following_url": "https://api.github.com/users/acme-bot/following{/other_user}",
"gists_url": "https://api.github.com/users/acme-bot/gists{/gist_id}",
"gravatar_id": "",
"html_url": "https://github.com/acme-bot",
"id": 124079944,
"login": "acme-bot",
"node_id": "U_kgDOB2VPSA",
"organizations_url": "https://api.github.com/users/acme-bot/orgs",
"received_events_url": "https://api.github.com/users/acme-bot/received_events",
"repos_url": "https://api.github.com/users/acme-bot/repos",
"site_admin": false,
"starred_url": "https://api.github.com/users/acme-bot/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/acme-bot/subscriptions",
"type": "User",
"url": "https://api.github.com/users/acme-bot"
}
}
Removes or deletes a user.
Removes or deletes a user.
Creates a logical group.
Creates a logical group.
{
"X-GitHub-Event": "team",
"action": "created",
"installation": {
"id": 20061973,
"node_id": "MDIzOkludGVncmF0aW9uSW5zdGFsbGF0aW9uMjAwNjE5NzM="
},
"organization": {
"avatar_url": "https://avatars.githubusercontent.com/u/57452020",
"description": null,
"events_url": "https://api.github.com/orgs/acme-inc/events",
"hooks_url": "https://api.github.com/orgs/acme-inc/hooks",
"id": 10001234,
"issues_url": "https://api.github.com/orgs/acme-inc/issues",
"login": "acme-inc",
"members_url": "https://api.github.com/orgs/acme-inc/members{/member}",
"node_id": "MDEyOk9yZ2FuaXphdGlvbjU3NDUyMDI4",
"public_members_url": "https://api.github.com/orgs/acme-inc/public_members{/member}",
"repos_url": "https://api.github.com/orgs/acme-inc/repos",
"url": "https://api.github.com/orgs/acme-inc"
},
"sender": {
"avatar_url": "https://avatars.githubusercontent.com/u/64659350",
"events_url": "https://api.github.com/users/john.doe/events{/privacy}",
"followers_url": "https://api.github.com/users/john.doe/followers",
"following_url": "https://api.github.com/users/john.doe/following{/other_user}",
"gists_url": "https://api.github.com/users/john.doe/gists{/gist_id}",
"gravatar_id": "",
"html_url": "https://github.com/john.doe",
"id": 64659356,
"login": "john.doe",
"node_id": "MDQ6VXNlcjY0NjU5MzU2",
"organizations_url": "https://api.github.com/users/john.doe/orgs",
"received_events_url": "https://api.github.com/users/john.doe/received_events",
"repos_url": "https://api.github.com/users/john.doe/repos",
"site_admin": false,
"starred_url": "https://api.github.com/users/john.doe/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/john.doe/subscriptions",
"type": "User",
"url": "https://api.github.com/users/john.doe"
},
"team": {
"description": "",
"html_url": "https://github.com/orgs/acme-inc/teams/python-dev-team",
"id": 8035041,
"members_url": "https://api.github.com/organizations/10001234/team/8035041/members{/member}",
"name": "python-dev-team",
"node_id": "T_kwDOA2yl_M4Aeprh",
"notification_setting": "notifications_enabled",
"parent": null,
"permission": "pull",
"privacy": "closed",
"repositories_url": "https://api.github.com/organizations/10001234/team/8035041/repos",
"slug": "python-dev-team",
"url": "https://api.github.com/organizations/10001234/team/8035041"
}
}
Reads a group.
Reads a group.
Updates a group.
Updates a group.
{
"X-GitHub-Event": "team",
"action": "edited",
"changes": {
"description": {
"from": "Acme devs"
}
},
"enterprise": {
"avatar_url": "https://avatars.githubusercontent.com/b/120",
"created_at": "2021-10-31T01:45:00Z",
"description": "Enterprise Account",
"html_url": "https://github.com/enterprises/acme",
"id": 120,
"name": "Acme, Inc. (Enterprise)",
"node_id": "MDEwOkVudGVycHJpc2UxMjA=",
"slug": "acme",
"updated_at": "2022-06-27T18:53:26Z",
"website_url": ""
},
"installation": {
"id": 36327988,
"node_id": "MDIzOkludGVncmF0aW9uSW5zdGFsbGF0aW9uMzYzMjc5ODg="
},
"organization": {
"avatar_url": "https://avatars.githubusercontent.com/u/52806770",
"description": "Acme, Inc.",
"events_url": "https://api.github.com/orgs/acme/events",
"hooks_url": "https://api.github.com/orgs/acme/hooks",
"id": 52806779,
"issues_url": "https://api.github.com/orgs/acme/issues",
"login": "acme",
"members_url": "https://api.github.com/orgs/acme/members{/member}",
"node_id": "MDEyOk9yZ2FuaXphdGlvbjUyODA2Nzc5",
"public_members_url": "https://api.github.com/orgs/acme/public_members{/member}",
"repos_url": "https://api.github.com/orgs/acme/repos",
"url": "https://api.github.com/orgs/acme"
},
"sender": {
"avatar_url": "https://avatars.githubusercontent.com/u/114508650",
"events_url": "https://api.github.com/users/john.doe/events{/privacy}",
"followers_url": "https://api.github.com/users/john.doe/followers",
"following_url": "https://api.github.com/users/john.doe/following{/other_user}",
"gists_url": "https://api.github.com/users/john.doe/gists{/gist_id}",
"gravatar_id": "",
"html_url": "https://github.com/john.doe",
"id": 114508655,
"login": "john.doe",
"node_id": "U_kgDOBtNDbw",
"organizations_url": "https://api.github.com/users/john.doe/orgs",
"received_events_url": "https://api.github.com/users/john.doe/received_events",
"repos_url": "https://api.github.com/users/john.doe/repos",
"site_admin": false,
"starred_url": "https://api.github.com/users/john.doe/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/john.doe/subscriptions",
"type": "User",
"url": "https://api.github.com/users/john.doe"
},
"team": {
"description": "Acme Dev Team",
"html_url": "https://github.com/orgs/acme/teams/acme-devs",
"id": 100123,
"members_url": "https://api.github.com/organizations/52806779/team/100123/members{/member}",
"name": "acme-devs",
"node_id": "T_kwDOAyXEe84AbHIq",
"notification_setting": "notifications_enabled",
"parent": null,
"permission": "pull",
"privacy": "closed",
"repositories_url": "https://api.github.com/organizations/52806779/team/100123/repos",
"slug": "acme-devs",
"url": "https://api.github.com/organizations/52806779/team/100123"
}
}
Removes or deletes a group.
Removes or deletes a group.
{
"X-GitHub-Event": "team",
"action": "deleted",
"enterprise": {
"avatar_url": "https://avatars.githubusercontent.com/b/2070",
"created_at": "2020-01-23T22:48:48Z",
"description": null,
"html_url": "https://github.com/enterprises/acme-inc",
"id": 2077,
"name": "Acme",
"node_id": "MDEwOkVudGVycHJpc2UyMDc3",
"slug": "acme-inc",
"updated_at": "2023-02-28T01:36:46Z",
"website_url": null
},
"installation": {
"id": 11045851,
"node_id": "MDIzOkludGVncmF0aW9uSW5zdGFsbGF0aW9uMTEwNDU4NTE="
},
"organization": {
"avatar_url": "https://avatars.githubusercontent.com/u/123456",
"description": "",
"events_url": "https://api.github.com/orgs/acme-inc/events",
"hooks_url": "https://api.github.com/orgs/acme-inc/hooks",
"id": 123456,
"issues_url": "https://api.github.com/orgs/acme-inc/issues",
"login": "acme-inc",
"members_url": "https://api.github.com/orgs/acme-inc/members{/member}",
"node_id": "MDEyOk9yZ2FuaXphdGlvbjM2MjQ2MA==",
"public_members_url": "https://api.github.com/orgs/acme-inc/public_members{/member}",
"repos_url": "https://api.github.com/orgs/acme-inc/repos",
"url": "https://api.github.com/orgs/acme-inc"
},
"sender": {
"avatar_url": "https://avatars.githubusercontent.com/u/74208070",
"events_url": "https://api.github.com/users/john.doe/events{/privacy}",
"followers_url": "https://api.github.com/users/john.doe/followers",
"following_url": "https://api.github.com/users/john.doe/following{/other_user}",
"gists_url": "https://api.github.com/users/john.doe/gists{/gist_id}",
"gravatar_id": "",
"html_url": "https://github.com/john.doe",
"id": 74208074,
"login": "john.doe",
"node_id": "MDQ6VXNlcjc0MjA4MDc0",
"organizations_url": "https://api.github.com/users/john.doe/orgs",
"received_events_url": "https://api.github.com/users/john.doe/received_events",
"repos_url": "https://api.github.com/users/john.doe/repos",
"site_admin": false,
"starred_url": "https://api.github.com/users/john.doe/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/john.doe/subscriptions",
"type": "User",
"url": "https://api.github.com/users/john.doe"
},
"team": {
"description": "",
"html_url": "https://github.com/orgs/acme-inc/teams/repo-admin",
"id": 7304304,
"members_url": "https://api.github.com/organizations/123456/team/7304304/members{/member}",
"name": "repo-admin",
"node_id": "T_kwDOAAWH3M4Ab3Rw",
"notification_setting": "notifications_enabled",
"parent": null,
"permission": "pull",
"privacy": "closed",
"repositories_url": "https://api.github.com/organizations/123456/team/7304304/repos",
"slug": "repo-admin",
"url": "https://api.github.com/organizations/123456/team/7304304"
}
}
Adds a service, user or account to a group.
Adds a service, user or account to a group.
{
"X-GitHub-Event": "organization",
"action": "member_added",
"enterprise": {
"avatar_url": "https://avatars.githubusercontent.com/b/120?v=4",
"created_at": "2021-10-31T01:45:00Z",
"description": "Enterprise Account",
"html_url": "https://github.com/enterprises/acme-inc",
"id": 120,
"name": "Acme, Inc. (Enterprise)",
"node_id": "MDEwOkVudGVycHJpc2UxMjA=",
"slug": "acme-inc",
"updated_at": "2022-06-27T18:53:26Z",
"website_url": ""
},
"installation": {
"id": 36327988,
"node_id": "MDIzOkludGVncmF0aW9uSW5zdGFsbGF0aW9uMzYzMjc5ODg="
},
"membership": {
"organization_url": "https://api.github.com/orgs/acme",
"role": "member",
"state": "pending",
"url": "https://api.github.com/orgs/acme/memberships/john.doe",
"user": {
"avatar_url": "https://avatars.githubusercontent.com/u/132913314?v=4",
"events_url": "https://api.github.com/users/john.doe/events{/privacy}",
"followers_url": "https://api.github.com/users/john.doe/followers",
"following_url": "https://api.github.com/users/john.doe/following{/other_user}",
"gists_url": "https://api.github.com/users/john.doe/gists{/gist_id}",
"gravatar_id": "",
"html_url": "https://github.com/john.doe",
"id": 132913314,
"login": "john.doe",
"node_id": "U_kgDOB-wYog",
"organizations_url": "https://api.github.com/users/john.doe/orgs",
"received_events_url": "https://api.github.com/users/john.doe/received_events",
"repos_url": "https://api.github.com/users/john.doe/repos",
"site_admin": false,
"starred_url": "https://api.github.com/users/john.doe/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/john.doe/subscriptions",
"type": "User",
"url": "https://api.github.com/users/john.doe"
}
},
"organization": {
"avatar_url": "https://avatars.githubusercontent.com/u/52806770",
"description": "Sample repo",
"events_url": "https://api.github.com/orgs/acme/events",
"hooks_url": "https://api.github.com/orgs/acme/hooks",
"id": 52806779,
"issues_url": "https://api.github.com/orgs/acme/issues",
"login": "acme",
"members_url": "https://api.github.com/orgs/acme/members{/member}",
"node_id": "MDEyOk9yZ2FuaXphdGlvbjUyODA2Nzc5",
"public_members_url": "https://api.github.com/orgs/acme/public_members{/member}",
"repos_url": "https://api.github.com/orgs/acme/repos",
"url": "https://api.github.com/orgs/acme"
},
"sender": {
"avatar_url": "https://avatars.githubusercontent.com/u/92325258?v=4",
"events_url": "https://api.github.com/users/gh-automate/events{/privacy}",
"followers_url": "https://api.github.com/users/gh-automate/followers",
"following_url": "https://api.github.com/users/gh-automate/following{/other_user}",
"gists_url": "https://api.github.com/users/gh-automate/gists{/gist_id}",
"gravatar_id": "",
"html_url": "https://github.com/gh-automate",
"id": 92325258,
"login": "gh-automate",
"node_id": "U_kgDOBYDFig",
"organizations_url": "https://api.github.com/users/gh-automate/orgs",
"received_events_url": "https://api.github.com/users/gh-automate/received_events",
"repos_url": "https://api.github.com/users/gh-automate/repos",
"site_admin": false,
"starred_url": "https://api.github.com/users/gh-automate/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/gh-automate/subscriptions",
"type": "User",
"url": "https://api.github.com/users/gh-automate"
}
}
Removes a service, user or account from a group.
Removes a service, user or account from a group.
{
"X-GitHub-Event": "organization",
"action": "member_removed",
"enterprise": {
"avatar_url": "https://avatars.githubusercontent.com/b/120",
"created_at": "2021-10-31T01:45:00Z",
"description": "Enterprise Account",
"html_url": "https://github.com/enterprises/acme",
"id": 120,
"name": "Acme, Inc. (Enterprise)",
"node_id": "MDEwOkVudGVycHJpc2UxMjA=",
"slug": "acme",
"updated_at": "2022-06-27T18:53:26Z",
"website_url": ""
},
"installation": {
"id": 36327988,
"node_id": "MDIzOkludGVncmF0aW9uSW5zdGFsbGF0aW9uMzYzMjc5ODg="
},
"membership": {
"organization_url": "https://api.github.com/orgs/acme",
"role": "unaffiliated",
"state": "inactive",
"url": "https://api.github.com/orgs/acme/memberships/john.doe",
"user": {
"avatar_url": "https://avatars.githubusercontent.com/u/127213976?v=4",
"events_url": "https://api.github.com/users/john.doe/events{/privacy}",
"followers_url": "https://api.github.com/users/john.doe/followers",
"following_url": "https://api.github.com/users/john.doe/following{/other_user}",
"gists_url": "https://api.github.com/users/john.doe/gists{/gist_id}",
"gravatar_id": "",
"html_url": "https://github.com/john.doe",
"id": 127213976,
"login": "john.doe",
"node_id": "U_kgDOB5UhmA",
"organizations_url": "https://api.github.com/users/john.doe/orgs",
"received_events_url": "https://api.github.com/users/john.doe/received_events",
"repos_url": "https://api.github.com/users/john.doe/repos",
"site_admin": false,
"starred_url": "https://api.github.com/users/john.doe/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/john.doe/subscriptions",
"type": "User",
"url": "https://api.github.com/users/john.doe"
}
},
"organization": {
"avatar_url": "https://avatars.githubusercontent.com/u/52806779?v=4",
"description": "Acme",
"events_url": "https://api.github.com/orgs/acme/events",
"hooks_url": "https://api.github.com/orgs/acme/hooks",
"id": 52806779,
"issues_url": "https://api.github.com/orgs/acme/issues",
"login": "acme",
"members_url": "https://api.github.com/orgs/acme/members{/member}",
"node_id": "MDEyOk9yZ2FuaXphdGlvbjUyODA2Nzc5",
"public_members_url": "https://api.github.com/orgs/acme/public_members{/member}",
"repos_url": "https://api.github.com/orgs/acme/repos",
"url": "https://api.github.com/orgs/acme"
},
"sender": {
"avatar_url": "https://avatars.githubusercontent.com/u/92325258?v=4",
"events_url": "https://api.github.com/users/gh-automate/events{/privacy}",
"followers_url": "https://api.github.com/users/gh-automate/followers",
"following_url": "https://api.github.com/users/gh-automate/following{/other_user}",
"gists_url": "https://api.github.com/users/gh-automate/gists{/gist_id}",
"gravatar_id": "",
"html_url": "https://github.com/gh-automate",
"id": 92325258,
"login": "gh-automate",
"node_id": "U_kgDOBYDFig",
"organizations_url": "https://api.github.com/users/gh-automate/orgs",
"received_events_url": "https://api.github.com/users/gh-automate/received_events",
"repos_url": "https://api.github.com/users/gh-automate/repos",
"site_admin": false,
"starred_url": "https://api.github.com/users/gh-automate/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/gh-automate/subscriptions",
"type": "User",
"url": "https://api.github.com/users/gh-automate"
}
}
Creates a new role.
Creates a new role.
Reads a role.
Reads a role.
Updates a role.
Updates a role.
Removes or deletes a role.
Removes or deletes a role.
Adds a permission to a resource.
Adds a permission to a resource.
Removes a permission from a resource.
Removes a permission from a resource.
A MFA enrollment was added to an account.
A MFA enrollment was added to an account.
A MFA enrollment was removed from an account.
A MFA enrollment was removed from an account.
Events (8)
Creates a security configuration policy or enables settings.
Creates a security configuration policy or enables settings.
Reads a security configuration policy or settings.
Reads a security configuration policy or settings.
Updates a security configuration policy or settings.
Updates a security configuration policy or settings.
Removes or deletes a security configuration policy or setting.
Removes or deletes a security configuration policy or setting.
Creates a new integration.
Creates a new integration.
Reads an existing integration.
Reads an existing integration.
Updates an existing integration.
Updates an existing integration.
Removes or deletes an existing integration.
Removes or deletes an existing integration.
Events (5)
A resource was created.
A resource was created.
{
"X-GitHub-Event": "repository",
"action": "created",
"enterprise": {
"avatar_url": "https://avatars.githubusercontent.com/b/120?v=4",
"created_at": "2019-05-06T23:02:11Z",
"description": "Enterprise Account",
"html_url": "https://github.com/enterprises/acme",
"id": 120,
"name": "Acme, Inc. (Enterprise)",
"node_id": "MDEwOkVudGVycHJpc2UxMjA=",
"slug": "acme",
"updated_at": "2022-06-27T18:53:26Z",
"website_url": ""
},
"installation": {
"id": 36327745,
"node_id": "MDIzOkludGVncmF0aW9uSW5zdGFsbGF0aW9uMzYzMjc3NDU="
},
"organization": {
"avatar_url": "https://avatars.githubusercontent.com/u/55462088?v=4",
"description": "Sample repo",
"events_url": "https://api.github.com/orgs/acme-inc/events",
"hooks_url": "https://api.github.com/orgs/acme-inc/hooks",
"id": 55462088,
"issues_url": "https://api.github.com/orgs/acme-inc/issues",
"login": "acme-inc",
"members_url": "https://api.github.com/orgs/acme-inc/members{/member}",
"node_id": "MDEyOk9yZ2FuaSrhdGlvbjU1NDYyMDg5",
"public_members_url": "https://api.github.com/orgs/acme-inc/public_members{/member}",
"repos_url": "https://api.github.com/orgs/acme-inc/repos",
"url": "https://api.github.com/orgs/acme-inc"
},
"repository": {
"allow_forking": false,
"archive_url": "https://api.github.com/repos/acme-inc/sample-repo/{archive_format}{/ref}",
"archived": false,
"assignees_url": "https://api.github.com/repos/acme-inc/sample-repo/assignees{/user}",
"blobs_url": "https://api.github.com/repos/acme-inc/sample-repo/git/blobs{/sha}",
"branches_url": "https://api.github.com/repos/acme-inc/sample-repo/branches{/branch}",
"clone_url": "https://github.com/acme-inc/sample-repo.git",
"collaborators_url": "https://api.github.com/repos/acme-inc/sample-repo/collaborators{/collaborator}",
"comments_url": "https://api.github.com/repos/acme-inc/sample-repo/comments{/number}",
"commits_url": "https://api.github.com/repos/acme-inc/sample-repo/commits{/sha}",
"compare_url": "https://api.github.com/repos/acme-inc/sample-repo/compare/{base}...{head}",
"contents_url": "https://api.github.com/repos/acme-inc/sample-repo/contents/{+path}",
"contributors_url": "https://api.github.com/repos/acme-inc/sample-repo/contributors",
"created_at": "2021-10-31T01:45:00Z",
"default_branch": "main",
"deployments_url": "https://api.github.com/repos/acme-inc/sample-repo/deployments",
"description": null,
"disabled": false,
"downloads_url": "https://api.github.com/repos/acme-inc/sample-repo/downloads",
"events_url": "https://api.github.com/repos/acme-inc/sample-repo/events",
"fork": false,
"forks": 0,
"forks_count": 0,
"forks_url": "https://api.github.com/repos/acme-inc/sample-repo/forks",
"full_name": "acme-inc/sample-repo",
"git_commits_url": "https://api.github.com/repos/acme-inc/sample-repo/git/commits{/sha}",
"git_refs_url": "https://api.github.com/repos/acme-inc/sample-repo/git/refs{/sha}",
"git_tags_url": "https://api.github.com/repos/acme-inc/sample-repo/git/tags{/sha}",
"git_url": "git://github.com/acme-inc/sample-repo.git",
"has_discussions": false,
"has_downloads": true,
"has_issues": true,
"has_pages": false,
"has_projects": true,
"has_wiki": true,
"homepage": null,
"hooks_url": "https://api.github.com/repos/acme-inc/sample-repo/hooks",
"html_url": "https://github.com/acme-inc/sample-repo",
"id": 651592972,
"is_template": false,
"issue_comment_url": "https://api.github.com/repos/acme-inc/sample-repo/issues/comments{/number}",
"issue_events_url": "https://api.github.com/repos/acme-inc/sample-repo/issues/events{/number}",
"issues_url": "https://api.github.com/repos/acme-inc/sample-repo/issues{/number}",
"keys_url": "https://api.github.com/repos/acme-inc/sample-repo/keys{/key_id}",
"labels_url": "https://api.github.com/repos/acme-inc/sample-repo/labels{/name}",
"language": null,
"languages_url": "https://api.github.com/repos/acme-inc/sample-repo/languages",
"license": null,
"merges_url": "https://api.github.com/repos/acme-inc/sample-repo/merges",
"milestones_url": "https://api.github.com/repos/acme-inc/sample-repo/milestones{/number}",
"mirror_url": null,
"name": "sample-repo",
"node_id": "R_kgDOJtaFDA",
"notifications_url": "https://api.github.com/repos/acme-inc/sample-repo/notifications{?since,all,participating}",
"open_issues": 0,
"open_issues_count": 0,
"owner": {
"avatar_url": "https://avatars.githubusercontent.com/u/55462080",
"events_url": "https://api.github.com/users/acme-inc/events{/privacy}",
"followers_url": "https://api.github.com/users/acme-inc/followers",
"following_url": "https://api.github.com/users/acme-inc/following{/other_user}",
"gists_url": "https://api.github.com/users/acme-inc/gists{/gist_id}",
"gravatar_id": "",
"html_url": "https://github.com/acme-inc",
"id": 55462088,
"login": "acme-inc",
"node_id": "MDEyOk9yZ2FuaXphdGlvbjU1NDYyMDg4",
"organizations_url": "https://api.github.com/users/acme-inc/orgs",
"received_events_url": "https://api.github.com/users/acme-inc/received_events",
"repos_url": "https://api.github.com/users/acme-inc/repos",
"site_admin": false,
"starred_url": "https://api.github.com/users/acme-inc/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/acme-inc/subscriptions",
"type": "Organization",
"url": "https://api.github.com/users/acme-inc"
},
"private": true,
"pulls_url": "https://api.github.com/repos/acme-inc/sample-repo/pulls{/number}",
"pushed_at": "2023-06-09T15:30:00Z",
"releases_url": "https://api.github.com/repos/acme-inc/sample-repo/releases{/id}",
"size": 0,
"ssh_url": "git@github.com:acme-inc/sample-repo.git",
"stargazers_count": 0,
"stargazers_url": "https://api.github.com/repos/acme-inc/sample-repo/stargazers",
"statuses_url": "https://api.github.com/repos/acme-inc/sample-repo/statuses/{sha}",
"subscribers_url": "https://api.github.com/repos/acme-inc/sample-repo/subscribers",
"subscription_url": "https://api.github.com/repos/acme-inc/sample-repo/subscription",
"svn_url": "https://github.com/acme-inc/sample-repo",
"tags_url": "https://api.github.com/repos/acme-inc/sample-repo/tags",
"teams_url": "https://api.github.com/repos/acme-inc/sample-repo/teams",
"topics": [],
"trees_url": "https://api.github.com/repos/acme-inc/sample-repo/git/trees{/sha}",
"updated_at": "2023-06-09T15:30:00Z",
"url": "https://api.github.com/repos/acme-inc/sample-repo",
"visibility": "private",
"watchers": 0,
"watchers_count": 0,
"web_commit_signoff_required": false
},
"sender": {
"avatar_url": "https://avatars.githubusercontent.com/u/126112697?v=4",
"events_url": "https://api.github.com/users/john.doe/events{/privacy}",
"followers_url": "https://api.github.com/users/john.doe/followers",
"following_url": "https://api.github.com/users/john.doe/following{/other_user}",
"gists_url": "https://api.github.com/users/john.doe/gists{/gist_id}",
"gravatar_id": "",
"html_url": "https://github.com/john.doe",
"id": 126112697,
"login": "john.doe",
"node_id": "U_kgDOB4RTuQ",
"organizations_url": "https://api.github.com/users/john.doe/orgs",
"received_events_url": "https://api.github.com/users/john.doe/received_events",
"repos_url": "https://api.github.com/users/john.doe/repos",
"site_admin": false,
"starred_url": "https://api.github.com/users/john.doe/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/john.doe/subscriptions",
"type": "User",
"url": "https://api.github.com/users/john.doe"
}
}
A resource was read.
A resource was read.
A resource was updated.
A resource was updated.
A resource was removed or deleted.
A resource was removed or deleted.
{
"X-GitHub-Event": "repository",
"action": "deleted",
"enterprise": {
"avatar_url": "https://avatars.githubusercontent.com/b/120?v=4",
"created_at": "2021-10-31T01:45:00Z",
"description": "Enterprise Account",
"html_url": "https://github.com/enterprises/acme",
"id": 120,
"name": "Acme, Inc. (Enterprise)",
"node_id": "MDEwOkVudGVycHJpc2UxMjA=",
"slug": "acme",
"updated_at": "2022-06-27T18:53:26Z",
"website_url": ""
},
"installation": {
"id": 36327988,
"node_id": "MDIzOkludGVncmF0aW9uSW5zdGFsbGF0aW9uMzYzMjc5ODg="
},
"organization": {
"avatar_url": "https://avatars.githubusercontent.com/u/52806770",
"description": "Sample repo",
"events_url": "https://api.github.com/orgs/acme-inc/events",
"hooks_url": "https://api.github.com/orgs/acme-inc/hooks",
"id": 52806779,
"issues_url": "https://api.github.com/orgs/acme-inc/issues",
"login": "acme-inc",
"members_url": "https://api.github.com/orgs/acme-inc/members{/member}",
"node_id": "MDEyOk9yZ2FuaXphdGlvbjUyODA2Nzc5",
"public_members_url": "https://api.github.com/orgs/acme-inc/public_members{/member}",
"repos_url": "https://api.github.com/orgs/acme-inc/repos",
"url": "https://api.github.com/orgs/acme-inc"
},
"repository": {
"allow_forking": false,
"archive_url": "https://api.github.com/repos/acme-inc/sample-repo/{archive_format}{/ref}",
"archived": false,
"assignees_url": "https://api.github.com/repos/acme-inc/sample-repo/assignees{/user}",
"blobs_url": "https://api.github.com/repos/acme-inc/sample-repo/git/blobs{/sha}",
"branches_url": "https://api.github.com/repos/acme-inc/sample-repo/branches{/branch}",
"clone_url": "https://github.com/acme-inc/sample-repo.git",
"collaborators_url": "https://api.github.com/repos/acme-inc/sample-repo/collaborators{/collaborator}",
"comments_url": "https://api.github.com/repos/acme-inc/sample-repo/comments{/number}",
"commits_url": "https://api.github.com/repos/acme-inc/sample-repo/commits{/sha}",
"compare_url": "https://api.github.com/repos/acme-inc/sample-repo/compare/{base}...{head}",
"contents_url": "https://api.github.com/repos/acme-inc/sample-repo/contents/{+path}",
"contributors_url": "https://api.github.com/repos/acme-inc/sample-repo/contributors",
"created_at": "2021-10-31T01:45:00Z",
"default_branch": "main",
"deployments_url": "https://api.github.com/repos/acme-inc/sample-repo/deployments",
"description": null,
"disabled": true,
"downloads_url": "https://api.github.com/repos/acme-inc/sample-repo/downloads",
"events_url": "https://api.github.com/repos/acme-inc/sample-repo/events",
"fork": false,
"forks": 0,
"forks_count": 0,
"forks_url": "https://api.github.com/repos/acme-inc/sample-repo/forks",
"full_name": "acme-inc/sample-repo",
"git_commits_url": "https://api.github.com/repos/acme-inc/sample-repo/git/commits{/sha}",
"git_refs_url": "https://api.github.com/repos/acme-inc/sample-repo/git/refs{/sha}",
"git_tags_url": "https://api.github.com/repos/acme-inc/sample-repo/git/tags{/sha}",
"git_url": "git://github.com/acme-inc/sample-repo.git",
"has_discussions": false,
"has_downloads": true,
"has_issues": true,
"has_pages": false,
"has_projects": true,
"has_wiki": true,
"homepage": null,
"hooks_url": "https://api.github.com/repos/acme-inc/sample-repo/hooks",
"html_url": "https://github.com/acme-inc/sample-repo",
"id": 621910567,
"is_template": false,
"issue_comment_url": "https://api.github.com/repos/acme-inc/sample-repo/issues/comments{/number}",
"issue_events_url": "https://api.github.com/repos/acme-inc/sample-repo/issues/events{/number}",
"issues_url": "https://api.github.com/repos/acme-inc/sample-repo/issues{/number}",
"keys_url": "https://api.github.com/repos/acme-inc/sample-repo/keys{/key_id}",
"labels_url": "https://api.github.com/repos/acme-inc/sample-repo/labels{/name}",
"language": null,
"languages_url": "https://api.github.com/repos/acme-inc/sample-repo/languages",
"license": null,
"merges_url": "https://api.github.com/repos/acme-inc/sample-repo/merges",
"milestones_url": "https://api.github.com/repos/acme-inc/sample-repo/milestones{/number}",
"mirror_url": null,
"name": "sample-repo",
"node_id": "R_kgDOJRGaJw",
"notifications_url": "https://api.github.com/repos/acme-inc/sample-repo/notifications{?since,all,participating}",
"open_issues": 0,
"open_issues_count": 0,
"owner": {
"avatar_url": "https://avatars.githubusercontent.com/u/52806779?v=4",
"events_url": "https://api.github.com/users/acme-inc/events{/privacy}",
"followers_url": "https://api.github.com/users/acme-inc/followers",
"following_url": "https://api.github.com/users/acme-inc/following{/other_user}",
"gists_url": "https://api.github.com/users/acme-inc/gists{/gist_id}",
"gravatar_id": "",
"html_url": "https://github.com/acme-inc",
"id": 52806779,
"login": "acme-inc",
"node_id": "MDEyOk9yZ2FuaXphdGlvbjUyODA2Nzc5",
"organizations_url": "https://api.github.com/users/acme-inc/orgs",
"received_events_url": "https://api.github.com/users/acme-inc/received_events",
"repos_url": "https://api.github.com/users/acme-inc/repos",
"site_admin": false,
"starred_url": "https://api.github.com/users/acme-inc/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/acme-inc/subscriptions",
"type": "Organization",
"url": "https://api.github.com/users/acme-inc"
},
"private": true,
"pulls_url": "https://api.github.com/repos/acme-inc/sample-repo/pulls{/number}",
"pushed_at": "2023-03-31T16:50:57Z",
"releases_url": "https://api.github.com/repos/acme-inc/sample-repo/releases{/id}",
"size": 0,
"ssh_url": "git@github.com:acme-inc/sample-repo.git",
"stargazers_count": 0,
"stargazers_url": "https://api.github.com/repos/acme-inc/sample-repo/stargazers",
"statuses_url": "https://api.github.com/repos/acme-inc/sample-repo/statuses/{sha}",
"subscribers_url": "https://api.github.com/repos/acme-inc/sample-repo/subscribers",
"subscription_url": "https://api.github.com/repos/acme-inc/sample-repo/subscription",
"svn_url": "https://github.com/acme-inc/sample-repo",
"tags_url": "https://api.github.com/repos/acme-inc/sample-repo/tags",
"teams_url": "https://api.github.com/repos/acme-inc/sample-repo/teams",
"topics": [],
"trees_url": "https://api.github.com/repos/acme-inc/sample-repo/git/trees{/sha}",
"updated_at": "2023-06-07T18:45:54Z",
"url": "https://api.github.com/repos/acme-inc/sample-repo",
"visibility": "private",
"watchers": 0,
"watchers_count": 0,
"web_commit_signoff_required": false
},
"sender": {
"avatar_url": "https://avatars.githubusercontent.com/u/19332120",
"events_url": "https://api.github.com/users/john.doe/events{/privacy}",
"followers_url": "https://api.github.com/users/john.doe/followers",
"following_url": "https://api.github.com/users/john.doe/following{/other_user}",
"gists_url": "https://api.github.com/users/john.doe/gists{/gist_id}",
"gravatar_id": "",
"html_url": "https://github.com/john.doe",
"id": 19332128,
"login": "john.doe",
"node_id": "MDQ6VXNlcjE5MzMyMTI4",
"organizations_url": "https://api.github.com/users/john.doe/orgs",
"received_events_url": "https://api.github.com/users/john.doe/received_events",
"repos_url": "https://api.github.com/users/john.doe/repos",
"site_admin": false,
"starred_url": "https://api.github.com/users/john.doe/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/john.doe/subscriptions",
"type": "User",
"url": "https://api.github.com/users/john.doe"
}
}
A resource was downloaded.
A resource was downloaded.
GitHub webhook events are delivered whenever certain events occur on GitHub.
Storage Duration: N/A
GitHub does not officially retain webhook events. Recent webhook events can be accessed at `https://github.com/<ORGANIZATION>/<REPOSITORY>/settings/hooks`.
Duration: Near Real-Time
GitHub does not officially retain webhook events. Recent webhook events can be accessed at `https://github.com/<ORGANIZATION>/<REPOSITORY>/settings/hooks`.
GitHub is a cloud-based service that provides a range of services related to version control, software development, and collaboration. The GitHub audit log API provides a feed for events that have been generated across the enterprise. If an organization does not use Enterprise Managed Users, the audit log only includes events related to the enterprise account and the organizations within the enterprise account. If an organization uses Enterprise Managed Users, the audit log also includes user events for managed user accounts. GitHub webhooks provide a way for notifications to be delivered to an external web server whenever certain events occur on GitHub.
To collect enterprise events, use the audit log API.
To collect webhook events, create and configure a webhook(s).
Events (3)
An account attempted to login to a system.
An account attempted to login to a system.
{
"kind": "admin#reports#activity",
"id": {
"applicationName": "login",
"customerId": "C03nyz48b",
"time": "2023-10-04T17:05:18.707Z",
"uniqueQualifier": "-8053599687898373773"
},
"etag": "\"rQ3qpTrpjMqlOD9Fi6ZCgnpogfhr6664Y4wU0J6c8Yw/T8TMuJvnXTPKpwK263SLxaXX-EA\"",
"actor": {
"email": "egrt@test.com",
"profileId": "10206845645323004074611"
},
"ipAddress": "211.150.189.540",
"event": {
"type": "login",
"name": "login_success",
"parameters": [
{
"name": "login_type",
"value": "reauth"
},
{
"name": "login_challenge_method",
"multiValue": [
"none"
]
},
{
"name": "is_suspicious",
"boolValue": false
}
]
}
}
An account attempted to logout of a system.
An account attempted to logout of a system.
{
"actor": {
"email": "tlsdfr@test.com",
"profileId": "10906988138484515654"
},
"etag": "\"rQ3qpTrpjMqlOD9Fi6ZCsdfsdfsdf0J6c8Yw/g9-7HZArWTv3ua4W8l_UrML6aj4\"",
"event": {
"type": "login",
"name": "logout",
"parameters": [
{
"name": "login_type",
"value": "google_password"
}
]
},
"id": {
"time": "2023-10-04T16:44:09.155Z",
"uniqueQualifier": "-2936062481883257414",
"applicationName": "login",
"customerId": "C03nyz48b"
},
"ipAddress": "117.92.113.444",
"kind": "admin#reports#activity"
}
Enter or acknowledge an MFA factor which indicates success or failure.
Enter or acknowledge an MFA factor which indicates success or failure.
{
"ipAddress": "38.62.201.104",
"event": {
"type": "login",
"name": "login_success",
"parameters": [
{
"name": "login_type",
"value": "google_password"
},
{
"name": "login_challenge_method",
"multiValue": [
"password",
"google_authenticator"
]
},
{
"name": "is_suspicious",
"boolValue": false
}
]
},
"kind": "admin#reports#activity",
"id": {
"applicationName": "login",
"customerId": "C1567gg8b",
"time": "2023-10-04T17:00:38.873Z",
"uniqueQualifier": "-288098944121678920"
},
"etag": "\"rQ3qpTrpjMqlOD9Fi6ZCgnpo6zAdUtM4hgihb7gw/-PaydDWGhijb567DzxG3-Q\"",
"actor": {
"email": "dfggg@test.com",
"profileId": "1081510555451515508623"
}
}
Events (18)
Creates a user.
Creates a user.
{
"kind": "admin#reports#activity",
"id": {
"time": "2023-10-04T17:27:02.768Z",
"uniqueQualifier": "-3314472940692087673",
"applicationName": "admin",
"customerId": "C02rtjjj7y"
},
"etag": "\"rQ3qpTrpjMqlOD9Fi6ZCgnwwpo6zAd3g53g55U0J6c8Yw/5pzih88L6fo0NupRAuuLv2Ar5M\"",
"actor": {
"email": "test@test.com",
"profileId": "111620519819984096",
"callerType": "USER"
},
"ipAddress": "42.130.180.122",
"event": {
"type": "USER_SETTINGS",
"name": "CREATE_USER",
"parameters": [
{
"value": "test2@test.com",
"name": "USER_EMAIL"
}
]
}
}
Reads information about a user.
Reads information about a user.
Updates information about a user.
Updates information about a user.
{
"event": {
"type": "LICENSES_SETTINGS",
"name": "USER_LICENSE_REVOKE",
"parameters": [
{
"name": "USER_EMAIL",
"value": "test@test.com"
},
{
"value": "Cloud Identity Premium",
"name": "PRODUCT_NAME"
},
{
"name": "OLD_VALUE",
"value": "Cloud Identity Premium"
}
]
},
"kind": "admin#reports#activity",
"id": {
"time": "2023-10-04T17:12:20.110Z",
"uniqueQualifier": "-7032755160008235805",
"applicationName": "admin",
"customerId": "C52egrg2wc"
},
"etag": "\"rQ3qpTrpjMqlOD9Fi6ZCgnpo6ze8herg98hJ6c8Yw/jgqx0-DnGyAy2VkAPVBcOFCT3-Q\"",
"actor": {
"callerType": "USER",
"email": "test2@test2.com",
"profileId": "1169451581811976442"
},
"ipAddress": "34.64.200.101"
}
Removes or deletes a user.
Removes or deletes a user.
{
"kind": "admin#reports#activity",
"id": {
"time": "2023-10-04T17:26:56.224Z",
"uniqueQualifier": "54041277512397100",
"applicationName": "admin",
"customerId": "C2f8cunnf"
},
"etag": "\"rQ3qpTrpjMqlOD9Fi6ZCgerfe5t5g0J6c8Yw/jWiJ6tV0iybyuoS8eKnls3m4HkY\"",
"actor": {
"callerType": "USER",
"email": "test@test.com",
"profileId": "11111118126984096"
},
"ipAddress": "42.100.140.172",
"event": {
"name": "DELETE_USER",
"parameters": [
{
"name": "USER_EMAIL",
"value": "test@test.com"
}
],
"type": "USER_SETTINGS"
}
}
Creates a logical group.
Creates a logical group.
{
"actor": {
"profileId": "1122063181981927490212",
"callerType": "USER",
"email": "test@test.com"
},
"ipAddress": "59.87.51.187",
"event": {
"name": "CREATE_GROUP",
"parameters": [
{
"name": "GROUP_EMAIL",
"value": "test2@test.com"
}
],
"type": "GROUP_SETTINGS"
},
"kind": "admin#reports#activity",
"id": {
"customerId": "C03cdidn3",
"time": "2023-10-04T16:19:08.748Z",
"uniqueQualifier": "-7965913039404370824",
"applicationName": "admin"
},
"etag": "\"rQ3qpTrpjMqlOD9Fi6ZCgnpo6ref454w4t3f6c8Yw/D6SAzt5ZDFR6eWcnRdAnF1gCQGo\""
}
Reads a group.
Reads a group.
Updates a group.
Updates a group.
{
"kind": "admin#reports#activity",
"id": {
"time": "2023-10-04T14:33:20.949Z",
"uniqueQualifier": "-7981887426606302427",
"applicationName": "admin",
"customerId": "C03huyf5"
},
"etag": "\"rQ3qpTrpjMqlOD9Fi887ghvuhbu77byv55c8Yw/b20Viygiyu7bUjyhpl56kx-M0\"",
"actor": {
"profileId": "154848611551817490212",
"callerType": "USER",
"email": "test@test.com"
},
"event": {
"name": "CHANGE_GROUP_SETTING",
"parameters": [
{
"name": "SETTING_NAME",
"value": "WHO_CAN_DISCOVER_GROUP"
},
{
"name": "GROUP_EMAIL",
"value": "test2@test.com"
},
{
"name": "OLD_VALUE",
"value": "ALL_IN_DOMAIN_CAN_DISCOVER"
},
{
"value": "ALL_MEMBERS_CAN_DISCOVER",
"name": "NEW_VALUE"
}
],
"type": "GROUP_SETTINGS"
}
}
Removes or deletes a group.
Removes or deletes a group.
{
"actor": {
"profileId": "117158165166014059",
"callerType": "USER",
"email": "test@test.com"
},
"ipAddress": "154.109.108.92",
"event": {
"type": "GROUP_SETTINGS",
"name": "DELETE_GROUP",
"parameters": [
{
"name": "GROUP_EMAIL",
"value": "test-group@test.com"
}
]
},
"kind": "admin#reports#activity",
"id": {
"time": "2023-10-09T22:12:29.027Z",
"uniqueQualifier": "-8638445205597242715",
"applicationName": "admin",
"customerId": "C03hrryy3"
},
"etag": "\"rQ3qpTrpjMdfg4544rG#GEGrY4w55c8Yw/rpsdsSCER8_5--B_QCoUl8YBEHycL8\""
}
Adds a service, user or account to a group.
Adds a service, user or account to a group.
{
"event": {
"type": "GROUP_SETTINGS",
"name": "ADD_GROUP_MEMBER",
"parameters": [
{
"value": "test@test.com",
"name": "USER_EMAIL"
},
{
"name": "GROUP_EMAIL",
"value": "test-group@test.com"
}
]
},
"kind": "admin#reports#activity",
"id": {
"time": "2023-10-04T18:24:54.690Z",
"uniqueQualifier": "-6798022200064344802",
"applicationName": "admin",
"customerId": "C00zibi7"
},
"etag": "\"rQ3qpTrpjMqlOD9Fifgh8f1fghf81gh4wU0J6c8Yw/MjJkdF51dfg5np52vLSY2l-gM\"",
"actor": {
"callerType": "USER",
"email": "testa@test.com",
"profileId": "10248166192532690543"
},
"ipAddress": "34.100.985.103"
}
Removes a service, user or account from a group.
Removes a service, user or account from a group.
{
"actor": {
"profileId": "10295165132690543",
"callerType": "USER",
"email": "testa@test.com"
},
"ipAddress": "34.90.206.115",
"event": {
"type": "GROUP_SETTINGS",
"name": "REMOVE_GROUP_MEMBER",
"parameters": [
{
"name": "USER_EMAIL",
"value": "test@test.com"
},
{
"name": "GROUP_EMAIL",
"value": "test@test.com"
}
]
},
"kind": "admin#reports#activity",
"id": {
"uniqueQualifier": "-7875301117743978886",
"applicationName": "admin",
"customerId": "C00znhgfh",
"time": "2023-10-04T18:24:58.074Z"
},
"etag": "\"rQ345lOD9Fi6Z65145556c8Yw/MFIFIW4tg4g51dg5157HWa1Lwss5Cr6g\""
}
Creates a new role.
Creates a new role.
{
"kind": "admin#reports#activity",
"id": {
"time": "2023-10-17T23:13:13.915Z",
"uniqueQualifier": "-7017303223676593170",
"applicationName": "admin",
"customerId": "Ckkd8hc"
},
"etag": "\"jc94nIMyBsgegergergergOA9OLU9Ps/8q7ergergergergergeAca075m_AUp4pA\"",
"actor": {
"callerType": "USER",
"email": "test@test.com",
"profileId": "1169519165745888518"
},
"ipAddress": "164.220.241.143",
"event": {
"name": "CREATE_ROLE",
"parameters": [
{
"name": "ROLE_NAME",
"value": "New Admin"
},
{
"name": "ROLE_ID",
"value": "84898198181155903"
}
],
"type": "DELEGATED_ADMIN_SETTINGS"
}
}
Reads a role.
Reads a role.
Updates a role.
Updates a role.
{
"kind": "admin#reports#activity",
"id": {
"time": "2023-10-17T23:13:13.915Z",
"uniqueQualifier": "-7017303223676593170",
"applicationName": "admin",
"customerId": "Ckkd8hc"
},
"etag": "\"jc94nIMyBsgegergergergOA9OLU9Ps/8q7ergergergergergeAca075m_AUp4pA\"",
"actor": {
"callerType": "USER",
"email": "test@test.com",
"profileId": "1169519165745888518"
},
"ipAddress": "164.220.241.143",
"event": {
"name": "UPDATE_ROLE",
"parameters": [
{
"name": "ROLE_NAME",
"value": "New Admin"
},
{
"name": "ROLE_ID",
"value": "84898198181155903"
}
],
"type": "DELEGATED_ADMIN_SETTINGS"
}
}
Removes or deletes a role.
Removes or deletes a role.
{
"kind": "admin#reports#activity",
"id": {
"time": "2023-10-17T23:13:13.915Z",
"uniqueQualifier": "-7017303223676593170",
"applicationName": "admin",
"customerId": "Ckkd8hc"
},
"etag": "\"jc94nIMyBsgegergergergOA9OLU9Ps/8q7ergergergergergeAca075m_AUp4pA\"",
"actor": {
"callerType": "USER",
"email": "test@test.com",
"profileId": "1169519165745888518"
},
"ipAddress": "164.220.241.143",
"event": {
"name": "DELETE_ROLE",
"parameters": [
{
"name": "ROLE_NAME",
"value": "New Admin"
},
{
"name": "ROLE_ID",
"value": "84898198181155903"
}
],
"type": "DELEGATED_ADMIN_SETTINGS"
}
}
Adds a permission to a resource.
Adds a permission to a resource.
{
"id": {
"time": "2023-10-10T20:59:40.904Z",
"uniqueQualifier": "-7549838176766410754",
"applicationName": "admin",
"customerId": "C13bsdvd4"
},
"etag": "\"rQ3qpTrpjMqlOD9Fi6ZCgdfgdf4wU0J6c8Yw/9MRxYfzAnE9dVdfgdfgdfgORupSE\"",
"actor": {
"callerType": "USER",
"email": "test@test.com",
"profileId": "10782284568708731702"
},
"ipAddress": "125.215.53.31",
"event": {
"type": "DELEGATED_ADMIN_SETTINGS",
"name": "ADD_PRIVILEGE",
"parameters": [
{
"name": "ROLE_NAME",
"value": "Test Role"
},
{
"name": "ROLE_ID",
"value": "43792651651651557"
},
{
"name": "PRIVILEGE_NAME",
"value": "Alert Center;APPS_INCIDENTS_FULL_ACCESS"
}
]
},
"kind": "admin#reports#activity"
}
Removes a permission from a resource.
Removes a permission from a resource.
A MFA enrollment was added to an account.
A MFA enrollment was added to an account.
{
"ipAddress": "19.20.200.21",
"event": {
"type": "USER_SETTINGS",
"name": "SECURITY_KEY_REGISTERED_FOR_USER",
"parameters": [
{
"name": "USER_EMAIL",
"value": "test@test.com"
}
]
},
"kind": "admin#reports#activity",
"id": {
"applicationName": "admin",
"customerId": "C03nyzrf3",
"time": "2023-10-03T23:11:59.995Z",
"uniqueQualifier": "-6330457545647588246"
},
"etag": "\"rQ3qpTrpjMqlOD9Fi6ZCef34f34f36c8Yw/3t4sr-Fc34f34fgC0do\"",
"actor": {
"profileId": "11290751345894345842",
"callerType": "USER",
"email": "test@test.com"
}
}
A MFA enrollment was removed from an account.
A MFA enrollment was removed from an account.
{
"actor": {
"email": "test@test.com",
"profileId": "221195616515142",
"callerType": "USER"
},
"ipAddress": "9.10.100.22",
"event": {
"parameters": [
{
"value": "test@test.com",
"name": "USER_EMAIL"
}
],
"type": "USER_SETTINGS",
"name": "REVOKE_SECURITY_KEY"
},
"kind": "admin#reports#activity",
"id": {
"applicationName": "admin",
"customerId": "C03ihi7vv",
"time": "2023-10-03T22:33:48.843Z",
"uniqueQualifier": "-7457679779333247500"
},
"etag": "\"rQ3qpTrp45g35log5yh5btM4Y4wU0J6c8Yw/Njl5tg5tg5ergai-Mk\""
}
Events (8)
Creates a security configuration policy or enables settings.
Creates a security configuration policy or enables settings.
{
"actor": {
"email": "test@test.com",
"profileId": "185459392577373"
},
"event": {
"type": "SECURITY_SETTINGS",
"name": "CHANGE_CAA_APP_ASSIGNMENTS",
"parameters": [
{
"name": "APPLICATION_NAME",
"value": "PLUS"
},
{
"name": "CAA_ASSIGNMENTS_OLD",
"multiValue": [
"device_policy_high"
]
},
{
"name": "CAA_ASSIGNMENTS_NEW",
"multiValue": [
"device_policy_medium"
]
},
{
"name": "CAA_ENFORCEMENT_ENDPOINTS_OLD",
"value": "CAA_WEB_VERSION_AND_1P_OAUTH_CLIENTS"
},
{
"name": "CAA_ENFORCEMENT_ENDPOINTS_NEW",
"value": "CAA_WEB_VERSION_AND_1P_OAUTH_CLIENTS"
},
{
"name": "TARGET_ENTITY_TYPE",
"value": "GROUP"
},
{
"name": "TARGET_ENTITY_NAME",
"value": "test-group@test.com"
},
{
"name": "MODE",
"value": "MONITOR"
}
]
},
"kind": "admin#reports#activity",
"id": {
"uniqueQualifier": "-8357743806993103819",
"applicationName": "admin",
"customerId": "C07811bh",
"time": "2023-10-03T21:26:36.365Z"
},
"etag": "\"rQ3qpTrpjMqlryth5yh5yh5yh5J6c8Yw/0g3r6h6hHHU8fvg5zE\""
}
Reads a security configuration policy or settings.
Reads a security configuration policy or settings.
Updates a security configuration policy or settings.
Updates a security configuration policy or settings.
Removes or deletes a security configuration policy or setting.
Removes or deletes a security configuration policy or setting.
Creates a new integration.
Creates a new integration.
{
"kind": "admin#reports#activity",
"id": {
"uniqueQualifier": "-5992544593425859742",
"applicationName": "admin",
"customerId": "C00ntyhtyhty",
"time": "2023-10-12T15:59:23.551Z"
},
"etag": "\"jc94nIMfgrtgrthrthrtXqUGGHrthrt9OLU9Ps/EN0CkgUCOrthrthrth5CvTHwbLE\"",
"actor": {
"profileId": "105905796516511368150",
"callerType": "USER",
"email": "test@test.com"
},
"event": {
"type": "DOMAIN_SETTINGS",
"name": "ADD_APPLICATION",
"parameters": [
{
"name": "APP_ID",
"value": "4265846946440"
},
{
"name": "APPLICATION_NAME",
"value": "TestApplication"
},
{
"name": "APPLICATION_ENABLED",
"value": "false"
}
]
}
}
Reads an existing integration.
Reads an existing integration.
Updates an existing integration.
Updates an existing integration.
{
"id": {
"time": "2023-10-04T16:37:47.039Z",
"uniqueQualifier": "-7371635294043122777",
"applicationName": "admin",
"customerId": "C02wayb7g"
},
"etag": "\"rQ3qpTrpjMqlOD9Firtrth56Y4wU0J6c8Yw/TmNY5656h6hhH4-rjrEGWN7Ko\"",
"actor": {
"callerType": "USER",
"email": "test@test.com",
"profileId": "11726318198115861321"
},
"ipAddress": "2500:1700:69d1:13f:5555:a5a3:fc15:c189",
"event": {
"type": "APPLICATION_SETTINGS",
"name": "CHANGE_APPLICATION_SETTING",
"parameters": [
{
"name": "APPLICATION_NAME",
"value": "Google Workspace Marketplace"
},
{
"name": "ORG_UNIT_NAME",
"value": "testdomain.com"
},
{
"value": "Allowlist app_access",
"name": "SETTING_NAME"
},
{
"name": "OLD_VALUE",
"value": "[app_access_id {\n app_access_type {\n type_enum: WEB\n }\n client_id: \"9999\"\n}\nallowed: true\n, app_access_id {\n app_access_type {\n type_enum: WEB\n }\n client_id: \"99999999\"\n}\nallowed: true\n, app_access_id {\n app_access_type {\n type_enum: WEB\n }\n client_id: \"99999999\"\n}\nallowed: true\n, app_access_id {\n app_access_type {\n type_enum: WEB\n }\n client_id: \"99999999\"\n}\nallowed: true\n]"
},
{
"name": "NEW_VALUE",
"value": "[app_access_id {\n app_access_type {\n type_enum: WEB\n }\n client_id: \"9999\"\n}\nallowed: true\n, app_access_id {\n app_access_type {\n type_enum: WEB\n }\n client_id: \"99999999\"\n}\nallowed: true\n, app_access_id {\n app_access_type {\n type_enum: WEB\n }\n client_id: \"99999999\"\n}\nallowed: true\n, app_access_id {\n app_access_type {\n type_enum: WEB\n }\n client_id: \"99999999\"\n}\nallowed: true\n, app_access_id {\n app_access_type {\n type_enum: WEB\n }\n client_id: \"999999999\"\n}\nallowed: true\n]"
}
]
},
"kind": "admin#reports#activity"
}
Removes or deletes an existing integration.
Removes or deletes an existing integration.
{
"event": {
"type": "DOMAIN_SETTINGS",
"name": "REMOVE_APPLICATION",
"parameters": [
{
"name": "APP_ID",
"value": "10284841265"
},
{
"name": "APPLICATION_NAME",
"value": "TESTApplication"
}
]
},
"kind": "admin#reports#activity",
"id": {
"time": "2023-10-12T16:40:07.644Z",
"uniqueQualifier": "-9185053452471991843",
"applicationName": "admin",
"customerId": "C0ijnijn9"
},
"etag": "\"jc94nIMyBF33ertgrhrthHOA9OLU9Ps/9CWrthretherthrTdaKCiZzGNsYU\"",
"actor": {
"callerType": "USER",
"email": "test@test.com",
"profileId": "105905798198198168150"
}
}
Events (5)
A resource was created.
A resource was created.
{
"actor": {
"callerType": "USER",
"email": "test@test.com",
"profileId": "105951899444368150"
},
"ipAddress": "211.62.43.159",
"event": {
"name": "CREATE_SAML2_SERVICE_PROVIDER_CONFIG",
"parameters": [
{
"name": "SAML2_SERVICE_PROVIDER_ENTITY_ID",
"value": "https://test.com/sso/"
},
{
"name": "SAML2_SERVICE_PROVIDER_NAME",
"value": "BigCorp"
}
],
"type": "SAML2_SERVICE_PROVIDER_CONFIG_SETTINGS"
},
"kind": "admin#reports#activity",
"id": {
"time": "2023-10-12T15:59:23.557Z",
"uniqueQualifier": "-7078025062376461990",
"applicationName": "admin",
"customerId": "C004knnh7y"
},
"etag": "\"jc94nIMyBF33rgergergergH0EHOA9OLU9Ps/JergergergereWa6e8Ij7s\""
}
A resource was read.
A resource was read.
A resource was updated.
A resource was updated.
{
"ipAddress": "113.213.81.31",
"event": {
"type": "EMAIL_SETTINGS",
"name": "CHANGE_EMAIL_SETTING",
"parameters": [
{
"name": "SETTING_NAME",
"value": "NUMBER_OF_EMAIL_IMAGE_URL_WHITELIST_PATTERNS"
},
{
"name": "ORG_UNIT_NAME",
"value": "TestOrg"
},
{
"name": "OLD_VALUE",
"value": "15"
},
{
"name": "NEW_VALUE",
"value": "16"
}
]
},
"kind": "admin#reports#activity",
"id": {
"time": "2023-10-13T13:20:21.544Z",
"uniqueQualifier": "-7278920505284409591",
"applicationName": "admin",
"customerId": "C00jhhdbdn3"
},
"etag": "\"jc94nIMyBF33sdsdgefefbe0EHOA9OLU9Ps/iRevefvefvefvCgiwiS_XwN7wc\"",
"actor": {
"callerType": "USER",
"email": "test@test.com",
"profileId": "10785165158808731702"
}
}
A resource was removed or deleted.
A resource was removed or deleted.
{
"id": {
"uniqueQualifier": "-7002522530705235178",
"applicationName": "admin",
"customerId": "C08njnjknv",
"time": "2023-10-16T09:48:53.629Z"
},
"etag": "\"jc94nIMyBFdfggbrtbEHOA9OLU9Ps/6AY_7_Kbx--X_ArtbrtbrtbGBo0\"",
"actor": {
"callerType": "USER",
"email": "test@test.com",
"profileId": "10355165165102363077"
},
"ipAddress": "fdc3:e723:ac4:10:14:9d12:af8:4c35",
"event": {
"type": "USER_SETTINGS",
"name": "DELETE_2SV_SCRATCH_CODES",
"parameters": [
{
"name": "USER_EMAIL",
"value": "test2@test.com"
}
]
},
"kind": "admin#reports#activity"
}
A resource was downloaded.
A resource was downloaded.
{
"kind": "admin#reports#activity",
"id": {
"time": "2023-10-15T23:35:01.493Z",
"uniqueQualifier": "-5681301083801866672",
"applicationName": "drive",
"customerId": "C07hbjkkbjkj"
},
"etag": "\"jc94nIMyBF33504pdfefgegegGH0EHOA9erg6Y7Yn5ugkRL-3ergergcdimwc\"",
"actor": {
"profileId": "1095156489815781956899",
"email": "test@test.com"
},
"ipAddress": "2601:1700:39d1:8yt2:74df:5a1f:15ec:fc79",
"event": {
"type": "access",
"name": "download",
"parameters": [
{
"name": "primary_event",
"boolValue": true
},
{
"name": "billable",
"boolValue": true
},
{
"name": "owner_is_shared_drive",
"boolValue": false
},
{
"name": "owner",
"value": "test@test.com"
},
{
"name": "doc_id",
"value": "1tml8KIcsdwgewrg8jejg_jdid88"
},
{
"name": "doc_type",
"value": "txt"
},
{
"boolValue": false,
"name": "is_encrypted"
},
{
"value": "cooldoc.txt",
"name": "doc_title"
},
{
"name": "visibility",
"value": "shared_externally"
},
{
"name": "originating_app_id",
"value": "9471519811803"
},
{
"name": "actor_is_collaborator_account",
"boolValue": false
},
{
"name": "owner_is_team_drive",
"boolValue": false
}
]
}
}
The activity audit log provides log events for actions occurring with your Google Workspace deployment.
Storage Duration: Typically 6 months
Service dependant - see https://support.google.com/a/answer/7061566?hl=en
Duration: Near real time up to a couple hours
Service dependant - see https://support.google.com/a/answer/7061566?hl=en
Google Workspace (formerly GSuite) provides audit logging for all business plans to help admins and security teams monitor activities in their instance. Google Workspace offers a single stream of data for collection with the ability to filter the services in Google Workspace you intend to collect. Google Workspace also offers an Alert Center API to help admins and security teams monitor alerts generated by Google.
Activity reports list information for activities in a specific Google Workspace application or service.
Events (3)
An account attempted to login to a system.
An account attempted to login to a system.
{
"CreationTime":"2024-05-01T17:24:06",
"Id":"0e523898-a3ab-4ba8-9c33-a6cc38050b03",
"Operation":"UserLoggedIn",
"OrganizationId":"8326222c-5c86-45a1-b768-561ad270c694",
"RecordType":15,
"ResultStatus":"Success",
"UserKey":"1a3b0ad5-eda1-4f48-b877-3b002e5d85b5",
"UserType":0,
"Version":1,
"Workload":"AzureActiveDirectory",
"ClientIP":"198.51.100.1",
"ObjectId":"00000002-0000-0ff1-ce00-000000000000",
"UserId":"example@test.onmicrosoft.comm",
"AzureActiveDirectoryEventType":1,
"ExtendedProperties":[{
"Name":"ResultStatusDetail",
"Value":"Success"
},{
"Name":"UserAgent",
"Value":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/120.0"
},{
"Name":"RequestType",
"Value":"OAuth2:Authorize"
}],
"ModifiedProperties":[],
"Actor":[{
"ID":"f1c08887-d776-42f8-9911-06faa5ab392f",
"Type":0
},{
"ID":"example@test.onmicrosoft.com",
"Type":5
}],
"ActorContextId":"8326222c-5c86-45a1-b768-561ad270c694",
"ActorIpAddress":"198.51.100.1",
"InterSystemsId":"fb9e8227-8661-b935-9245-caaa4dafbab5",
"IntraSystemId":"0e523898-a3ab-4ba8-9c33-a6cc38050b03",
"SupportTicketId":"",
"Target":[{
"ID":"00000002-0000-0ff1-ce00-000000000000",
"Type":0
}],
"TargetContextId":"8326222c-5c86-45a1-b768-561ad270c694",
"ApplicationId":"00000002-0000-0ff1-ce00-000000000000",
"DeviceProperties":[{
"Name":"OS",
"Value":"Windows10"
},{
"Name":"BrowserType",
"Value":"Firefox"
},{
"Name":"SessionId",
"Value":"c73392a1-6d2e-42f5-ace1-f3965111e109"
}],
"ErrorNumber":"0"
}
{
"CreationTime":"2024-05-02T02:15:53",
"Id":"514d0006-6b28-446c-8f7c-e85271a31200",
"Operation":"UserLoginFailed",
"OrganizationId":"8326222c-5c86-45a1-b768-561ad270c694",
"RecordType":15,
"ResultStatus":"Success",
"UserKey":"1a3b0ad5-eda1-4f48-b877-3b002e5d85b5",
"UserType":4,
"Version":1,
"Workload":"AzureActiveDirectory",
"ClientIP":"198.51.100.1",
"ObjectId":"00000003-0000-0000-c000-000000000000",
"UserId":"Not Available",
"AzureActiveDirectoryEventType":1,
"ExtendedProperties":[{
"Name":"ResultStatusDetail",
"Value":"Success"
},{
"Name":"UserAgent",
"Value":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/120.0"
},{
"Name":"RequestType",
"Value":"SAS:BeginAuth"
}],
"ModifiedProperties":[],
"Actor":[{
"ID":"74a66a67-9799-4620-a338-3b4a0b06045e",
"Type":0
}],
"ActorContextId":"8326222c-5c86-45a1-b768-561ad270c694",
"ActorIpAddress":"198.51.100.1",
"InterSystemsId":"cb18cf68-7234-4c40-8092-532f41063417",
"IntraSystemId":"514d0006-6b28-446c-8f7c-e85271a31200",
"SupportTicketId":"",
"Target":[{
"ID":"00000003-0000-0000-c000-000000000000",
"Type":0
}],
"TargetContextId":"8326222c-5c86-45a1-b768-561ad270c694",
"ApplicationId":"19db86c3-b2b9-44cc-b339-36da233a3be2",
"DeviceProperties":[{
"Name":"OS",
"Value":"Windows"
},{
"Name":"BrowserType",
"Value":"Firefox"
}],
"ErrorNumber":"50074",
"LogonError":"UserStrongAuthClientAuthNRequiredInterrupt"
}
An account attempted to logout of a system.
An account attempted to logout of a system.
Enter or acknowledge an MFA factor which indicates success or failure.
Enter or acknowledge an MFA factor which indicates success or failure.
{
"CreationTime":"2024-05-01T03:59:39",
"Id":"ffdb8af6-ce7e-4218-93f8-79024f7e3300",
"Operation":"UserLoggedIn",
"OrganizationId":"8326222c-5c86-45a1-b768-561ad270c694",
"RecordType":15,
"ResultStatus":"Success",
"UserKey":"1a3b0ad5-eda1-4f48-b877-3b002e5d85b5",
"UserType":4,
"Version":1,
"Workload":"AzureActiveDirectory",
"ClientIP":"198.51.100.1",
"ObjectId":"00000002-0000-0000-c000-000000000000",
"UserId":"Not Available",
"AzureActiveDirectoryEventType":1,
"ExtendedProperties":[{
"Name":"ResultStatusDetail",
"Value":"Success"
},{
"Name":"UserAgent",
"Value":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/120.0"
},{
"Name":"RequestType",
"Value":"SAS:BeginAuth"
}],
"ModifiedProperties":[],
"Actor":[{
"ID":"f1c08887-d776-42f8-9911-06faa5ab392f",
"Type":0
}],
"ActorContextId":"8326222c-5c86-45a1-b768-561ad270c694",
"ActorIpAddress":"198.51.100.1",
"InterSystemsId":"82fd1a94-4b4e-4b6e-ab01-ae97923206d6",
"IntraSystemId":"ffdb8af6-ce7e-4218-93f8-79024f7e3300",
"SupportTicketId":"",
"Target":[{
"ID":"00000002-0000-0000-c000-000000000000",
"Type":0
}],
"TargetContextId":"8326222c-5c86-45a1-b768-561ad270c694",
"ApplicationId":"497effe9-df71-4043-a8bb-14cf78c4b63b",
"DeviceProperties":[{
"Name":"OS",
"Value":"Windows"
},{
"Name":"BrowserType",
"Value":"Firefox"
}],
"ErrorNumber":"0"
}
Events (18)
Creates a user.
Creates a user.
{
"CreationTime":"2024-05-01T21:29:10",
"Id":"d17a8564-4f63-4792-a063-4ecf01e1b7a1",
"Operation":"Add user.",
"OrganizationId":"8326222c-5c86-45a1-b768-561ad270c694",
"RecordType":8,
"ResultStatus":"Success",
"UserKey":"100320015ED2DA21@test.onmicrosoft.com",
"UserType":0,
"Version":1,
"Workload":"AzureActiveDirectory",
"ObjectId":"TestUser10@test.onmicrosoft.com",
"UserId":"example@test.onmicrosoft.com",
"AzureActiveDirectoryEventType":1,
"ExtendedProperties":[{
"Name":"additionalDetails",
"Value":"{}"
},{
"Name":"extendedAuditEventCategory",
"Value":"User"
}],
"ModifiedProperties":[{
"Name":"AccountEnabled",
"NewValue":"[\r\n true\r\n]",
"OldValue":"[]"
},{
"Name":"DisplayName",
"NewValue":"[\r\n \"Test User 10\"\r\n]",
"OldValue":"[]"
},{
"Name":"MailNickname",
"NewValue":"[\r\n \"TestUser10\"\r\n]",
"OldValue":"[]"
},{
"Name":"StsRefreshTokensValidFrom",
"NewValue":"[\r\n \"2024-05-01T21:29:10Z\"\r\n]",
"OldValue":"[]"
},{
"Name":"UserPrincipalName",
"NewValue":"[\r\n \"TestUser10@test.onmicrosoft.com\"\r\n]",
"OldValue":"[]"
},{
"Name":"UserType",
"NewValue":"[\r\n \"Member\"\r\n]",
"OldValue":"[]"
},{
"Name":"Included Updated Properties",
"NewValue":"AccountEnabled, DisplayName, MailNickname, StsRefreshTokensValidFrom, UserPrincipalName, UserType",
"OldValue":""
}],
"Actor":[{
"ID":"example@test.onmicrosoft.com",
"Type":5
},{
"ID":"100320015ED2DA21",
"Type":3
},{
"ID":"User_f1c08887-d776-42f8-9911-06faa5ab392f",
"Type":2
},{
"ID":"f1c08887-d776-42f8-9911-06faa5ab392f",
"Type":2
},{
"ID":"User",
"Type":2
}],
"ActorContextId":"8326222c-5c86-45a1-b768-561ad270c694",
"InterSystemsId":"8134ebac-1bab-411b-a547-b1610cf84a8f",
"IntraSystemId":"8004de8c-eb2b-4c14-b55a-2525ccedaa82",
"SupportTicketId":"",
"Target":[{
"ID":"User_74a66a67-9799-4620-a338-3b4a0b06045e",
"Type":2
},{
"ID":"74a66a67-9799-4620-a338-3b4a0b06045e",
"Type":2
},{
"ID":"User",
"Type":2
},{
"ID":"TestUser10@test.onmicrosoft.com",
"Type":5
},{
"ID":"100320037B121E64",
"Type":3
}],
"TargetContextId":"8326222c-5c86-45a1-b768-561ad270c694"
}
Reads information about a user.
Reads information about a user.
Updates information about a user.
Updates information about a user.
{
"CreationTime":"2024-05-01T19:03:01",
"Id":"7df508c4-a9a3-4c58-b39f-a6ef3c171d41",
"Operation":"Update user.",
"OrganizationId":"8326222c-5c86-45a1-b768-561ad270c694",
"RecordType":8,
"ResultStatus":"Success",
"UserKey":"Not Available",
"UserType":4,
"Version":1,
"Workload":"AzureActiveDirectory",
"ObjectId":"example@test.onmicrosoft.com",
"UserId":"ServicePrincipal_ac1c885a-da2e-446e-9f3f-544e5f988861",
"AzureActiveDirectoryEventType":1,
"ExtendedProperties":[{
"Name":"additionalDetails",
"Value":"{\"UserType\":\"Member\"}"
},{
"Name":"extendedAuditEventCategory",
"Value":"User"
}],
"ModifiedProperties":[{
"Name":"Included Updated Properties",
"NewValue":"",
"OldValue":""
},{
"Name":"TargetId.UserType",
"NewValue":"Member",
"OldValue":""
},{
"Name":"ActorId.ServicePrincipalNames",
"NewValue":"98db8bd6-0cc0-4e67-9de5-f187f1cd1b41",
"OldValue":""
},{
"Name":"SPN",
"NewValue":"98db8bd6-0cc0-4e67-9de5-f187f1cd1b41",
"OldValue":""
}],
"Actor":[{
"ID":"Microsoft Substrate Management",
"Type":1
},{
"ID":"98db8bd6-0cc0-4e67-9de5-f187f1cd1b41",
"Type":2
},{
"ID":"ServicePrincipal_ac1c885a-da2e-446e-9f3f-544e5f988861",
"Type":2
},{
"ID":"ac1c885a-da2e-446e-9f3f-544e5f988861",
"Type":2
},{
"ID":"ServicePrincipal",
"Type":2
}],
"ActorContextId":"8326222c-5c86-45a1-b768-561ad270c694",
"InterSystemsId":"627e042e-637b-4a2a-9c65-ac00b2d08906",
"IntraSystemId":"c434b12d-544d-4db1-90cd-21a79a9a8c0a",
"SupportTicketId":"",
"Target":[{
"ID":"User_f1c08887-d776-42f8-9911-06faa5ab392f",
"Type":2
},{
"ID":"f1c08887-d776-42f8-9911-06faa5ab392f",
"Type":2
},{
"ID":"User",
"Type":2
},{
"ID":"example@test.onmicrosoft.com",
"Type":5
},{
"ID":"100320015ED2DA21",
"Type":3
}],
"TargetContextId":"8326222c-5c86-45a1-b768-561ad270c694"
}
Removes or deletes a user.
Removes or deletes a user.
{
"CreationTime":"2024-05-01T21:34:00",
"Id":"d168a319-f0e6-4fff-900f-447a4f624d9d",
"Operation":"Delete user.",
"OrganizationId":"8326222c-5c86-45a1-b768-561ad270c694",
"RecordType":8,
"ResultStatus":"Success",
"UserKey":"100320015ED2DA21@test.onmicrosoft.com",
"UserType":0,
"Version":1,
"Workload":"AzureActiveDirectory",
"ObjectId":"0c1966ef97c24558a7fd962fba9dcbc4test15@test.onmicrosoft.com",
"UserId":"example@test.onmicrosoft.com",
"AzureActiveDirectoryEventType":1,
"ExtendedProperties":[{
"Name":"additionalDetails",
"Value":"{}"
},{
"Name":"extendedAuditEventCategory",
"Value":"User"
}],
"ModifiedProperties":[{
"Name":"Is Hard Deleted",
"NewValue":"False",
"OldValue":""
}],
"Actor":[{
"ID":"example@test.onmicrosoft.com",
"Type":5
},{
"ID":"100320015ED2DA21",
"Type":3
},{
"ID":"User_f1c08887-d776-42f8-9911-06faa5ab392f",
"Type":2
},{
"ID":"f1c08887-d776-42f8-9911-06faa5ab392f",
"Type":2
},{
"ID":"User",
"Type":2
}],
"ActorContextId":"8326222c-5c86-45a1-b768-561ad270c694",
"InterSystemsId":"171ad712-02d9-4f5e-b7dd-40aa612bf7a9",
"IntraSystemId":"5e05f73f-ea8c-4e94-8149-9a7e9abf4031",
"SupportTicketId":"",
"Target":[{
"ID":"User_0c1966ef-97c2-4558-a7fd-962fba9dcbc4",
"Type":2
},{
"ID":"0c1966ef-97c2-4558-a7fd-962fba9dcbc4",
"Type":2
},{
"ID":"User",
"Type":2
},{
"ID":"0c1966ef97c24558a7fd962fba9dcbc4test15@test.onmicrosoft.com",
"Type":5
},{
"ID":"10032003546DB13C",
"Type":3
}],
"TargetContextId":"8326222c-5c86-45a1-b768-561ad270c694"
}
Creates a logical group.
Creates a logical group.
{
"CreationTime":"2024-05-01T16:25:27",
"Id":"dadb97b5-59e0-40e8-9d39-0be9bbcf584b",
"Operation":"Add group.",
"OrganizationId":"8326222c-5c86-45a1-b768-561ad270c694",
"RecordType":8,
"ResultStatus":"Success",
"UserKey":"Not Available",
"UserType":4,
"Version":1,
"Workload":"AzureActiveDirectory",
"ObjectId":"Group_d81ef556-a18c-4c2f-9f41-ccf90321c181",
"UserId":"ServicePrincipal_ac1c885a-da2e-446e-9f3f-544e5f988861",
"AzureActiveDirectoryEventType":1,
"ExtendedProperties":[{
"Name":"additionalDetails",
"Value":"{}"
},{
"Name":"extendedAuditEventCategory",
"Value":"Group"
}],
"ModifiedProperties":[{
"Name":"Description",
"NewValue":"[\r\n \"This is a test distribution group\"\r\n]",
"OldValue":"[]"
},{
"Name":"DisplayName",
"NewValue":"[\r\n \"Test Group\"\r\n]",
"OldValue":"[]"
},{
"Name":"Mail",
"NewValue":"[\r\n \"testdistro@test.onmicrosoft.com\"\r\n]",
"OldValue":"[]"
},{
"Name":"MailEnabled",
"NewValue":"[\r\n true\r\n]",
"OldValue":"[]"
},{
"Name":"MailNickname",
"NewValue":"[\r\n \"testdistro\"\r\n]",
"OldValue":"[]"
},{
"Name":"ProxyAddresses",
"NewValue":"[\r\n \"SMTP:testdistro@test.onmicrosoft.com\"\r\n]",
"OldValue":"[]"
},{
"Name":"RenewedDateTime",
"NewValue":"[\r\n \"2024-05-01T16:25:27Z\"\r\n]",
"OldValue":"[]"
},{
"Name":"SecurityEnabled",
"NewValue":"[\r\n false\r\n]",
"OldValue":"[]"
},{
"Name":"Included Updated Properties",
"NewValue":"Description, DisplayName, Mail, MailEnabled, MailNickname, ProxyAddresses, RenewedDateTime, SecurityEnabled",
"OldValue":""
},{
"Name":"ActorId.ServicePrincipalNames",
"NewValue":"98db8bd6-0cc0-4e67-9de5-f187f1cd1b41",
"OldValue":""
},{
"Name":"SPN",
"NewValue":"98db8bd6-0cc0-4e67-9de5-f187f1cd1b41",
"OldValue":""
}],
"Actor":[{
"ID":"Microsoft Substrate Management",
"Type":1
},{
"ID":"98db8bd6-0cc0-4e67-9de5-f187f1cd1b41",
"Type":2
},{
"ID":"ServicePrincipal_ac1c885a-da2e-446e-9f3f-544e5f988861",
"Type":2
},{
"ID":"ac1c885a-da2e-446e-9f3f-544e5f988861",
"Type":2
},{
"ID":"ServicePrincipal",
"Type":2
}],
"ActorContextId":"8326222c-5c86-45a1-b768-561ad270c694",
"InterSystemsId":"cd44d8b8-42a5-4b68-b11f-bd6e7f028c72",
"IntraSystemId":"89114104-c53a-4f24-8211-c4019169bc6c",
"SupportTicketId":"",
"Target":[{
"ID":"Group_d81ef556-a18c-4c2f-9f41-ccf90321c181",
"Type":2
},{
"ID":"d81ef556-a18c-4c2f-9f41-ccf90321c181",
"Type":2
},{
"ID":"Group",
"Type":2
},{
"ID":"Test Group",
"Type":1
}],
"TargetContextId":"8326222c-5c86-45a1-b768-561ad270c694"
}
Reads a group.
Reads a group.
Updates a group.
Updates a group.
{
"CreationTime":"2024-05-01T16:26:29",
"Id":"469d7f6a-494e-42ef-aebd-195301726b0c",
"Operation":"Update group.",
"OrganizationId":"8326222c-5c86-45a1-b768-561ad270c694",
"RecordType":8,
"ResultStatus":"Success",
"UserKey":"Not Available",
"UserType":4,
"Version":1,
"Workload":"AzureActiveDirectory",
"ObjectId":"Group_d81ef556-a18c-4c2f-9f41-ccf90321c181",
"UserId":"ServicePrincipal_ac1c885a-da2e-446e-9f3f-544e5f988861",
"AzureActiveDirectoryEventType":1,
"ExtendedProperties":[{
"Name":"additionalDetails",
"Value":"{\"GroupType\":\"\"}"
},{
"Name":"extendedAuditEventCategory",
"Value":"Group"
}],
"ModifiedProperties":[{
"Name":"DisplayName",
"NewValue":"[\r\n \"Test Group 24\"\r\n]",
"OldValue":"[\r\n \"Test Group\"\r\n]"
},{
"Name":"Included Updated Properties",
"NewValue":"DisplayName",
"OldValue":""
},{
"Name":"TargetId.GroupType",
"NewValue":"",
"OldValue":""
}],
"Actor":[{
"ID":"Microsoft Substrate Management",
"Type":1
},{
"ID":"98db8bd6-0cc0-4e67-9de5-f187f1cd1b41",
"Type":2
},{
"ID":"ServicePrincipal_ac1c885a-da2e-446e-9f3f-544e5f988861",
"Type":2
},{
"ID":"ac1c885a-da2e-446e-9f3f-544e5f988861",
"Type":2
},{
"ID":"ServicePrincipal",
"Type":2
}],
"ActorContextId":"8326222c-5c86-45a1-b768-561ad270c694",
"InterSystemsId":"f8cfcb03-97fa-44a2-a4eb-71b05660c65f",
"IntraSystemId":"badb759f-7b05-4eec-b6b7-efa5cf84cf0d",
"SupportTicketId":"",
"Target":[{
"ID":"Group_d81ef556-a18c-4c2f-9f41-ccf90321c181",
"Type":2
},{
"ID":"d81ef556-a18c-4c2f-9f41-ccf90321c181",
"Type":2
},{
"ID":"Group",
"Type":2
},{
"ID":"Test Group 24",
"Type":1
}],
"TargetContextId":"8326222c-5c86-45a1-b768-561ad270c694"
}
Removes or deletes a group.
Removes or deletes a group.
{
"CreationTime":"2024-05-01T16:26:51",
"Id":"1bcdf6d9-d41e-408a-ad70-0a2ec1e040d2",
"Operation":"Delete group.",
"OrganizationId":"8326222c-5c86-45a1-b768-561ad270c694",
"RecordType":8,
"ResultStatus":"Success",
"UserKey":"Not Available",
"UserType":4,
"Version":1,
"Workload":"AzureActiveDirectory",
"ObjectId":"Group_d81ef556-a18c-4c2f-9f41-ccf90321c181",
"UserId":"ServicePrincipal_ac1c885a-da2e-446e-9f3f-544e5f988861",
"AzureActiveDirectoryEventType":1,
"ExtendedProperties":[{
"Name":"additionalDetails",
"Value":"{}"
},{
"Name":"extendedAuditEventCategory",
"Value":"Group"
}],
"ModifiedProperties":[],
"Actor":[{
"ID":"Microsoft Substrate Management",
"Type":1
},{
"ID":"98db8bd6-0cc0-4e67-9de5-f187f1cd1b41",
"Type":2
},{
"ID":"ServicePrincipal_ac1c885a-da2e-446e-9f3f-544e5f988861",
"Type":2
},{
"ID":"ac1c885a-da2e-446e-9f3f-544e5f988861",
"Type":2
},{
"ID":"ServicePrincipal",
"Type":2
}],
"ActorContextId":"8326222c-5c86-45a1-b768-561ad270c694",
"InterSystemsId":"ce7facf0-60d9-4594-9536-02839e0633bb",
"IntraSystemId":"495208b4-932d-4768-9d16-6d9f059b5494",
"SupportTicketId":"",
"Target":[{
"ID":"Group_d81ef556-a18c-4c2f-9f41-ccf90321c181",
"Type":2
},{
"ID":"d81ef556-a18c-4c2f-9f41-ccf90321c181",
"Type":2
},{
"ID":"Group",
"Type":2
},{
"ID":"Test Group 24",
"Type":1
}],
"TargetContextId":"8326222c-5c86-45a1-b768-561ad270c694"
}
Adds a service, user or account to a group.
Adds a service, user or account to a group.
{
"CreationTime":"2024-05-01T05:10:05",
"Id":"d74b2827-73e9-4ca4-8d9e-882f11a1f354",
"Operation":"Add member to group.",
"OrganizationId":"8326222c-5c86-45a1-b768-561ad270c694",
"RecordType":8,
"ResultStatus":"Success",
"UserKey":"100320015ED2DA21@test.onmicrosoft.com",
"UserType":0,
"Version":1,
"Workload":"AzureActiveDirectory",
"ObjectId":"AlexW@test.onmicrosoft.com",
"UserId":"example@test.onmicrosoft.com",
"AzureActiveDirectoryEventType":1,
"ExtendedProperties":[{
"Name":"additionalDetails",
"Value":"{\"User-Agent\":\"O365AdminPortal\"}"
},{
"Name":"extendedAuditEventCategory",
"Value":"Group"
}],
"ModifiedProperties":[{
"Name":"Group.ObjectID",
"NewValue":"a86f3642-1b11-468d-aaa3-8398902bd512",
"OldValue":""
},{
"Name":"Group.DisplayName",
"NewValue":"Test Group 100",
"OldValue":""
},{
"Name":"Group.WellKnownObjectName",
"NewValue":"",
"OldValue":""
}],
"Actor":[{
"ID":"example@test.onmicrosoft.com",
"Type":5
},{
"ID":"100320015ED2DA21",
"Type":3
},{
"ID":"Microsoft Office 365 Portal",
"Type":1
},{
"ID":"00000006-0000-0ff1-ce00-000000000000",
"Type":2
},{
"ID":"User_f1c08887-d776-42f8-9911-06faa5ab392f",
"Type":2
},{
"ID":"f1c08887-d776-42f8-9911-06faa5ab392f",
"Type":2
},{
"ID":"User",
"Type":2
}],
"ActorContextId":"8326222c-5c86-45a1-b768-561ad270c694",
"InterSystemsId":"771df599-2929-4f34-aeec-0d0d22d2df64",
"IntraSystemId":"ce463e56-df50-4961-bff1-6f1da69da656",
"SupportTicketId":"",
"Target":[{
"ID":"User_1eae91ef-20b6-4c9e-94ad-85f8dfa8eb18",
"Type":2
},{
"ID":"1eae91ef-20b6-4c9e-94ad-85f8dfa8eb18",
"Type":2
},{
"ID":"User",
"Type":2
},{
"ID":"AlexW@test.onmicrosoft.com",
"Type":5
},{
"ID":"100320024DBC18D8",
"Type":3
}],
"TargetContextId":"8326222c-5c86-45a1-b768-561ad270c694"
}
Removes a service, user or account from a group.
Removes a service, user or account from a group.
{
"CreationTime":"2024-05-01T05:27:56",
"Id":"1ab6721e-1557-4138-8417-15378b431bda",
"Operation":"Remove member from group.",
"OrganizationId":"8326222c-5c86-45a1-b768-561ad270c694",
"RecordType":8,
"ResultStatus":"Success",
"UserKey":"100320015ED2DA21@test.onmicrosoft.com",
"UserType":0,
"Version":1,
"Workload":"AzureActiveDirectory",
"ObjectId":"AlexW@test.onmicrosoft.com",
"UserId":"example@test.onmicrosoft.com",
"AzureActiveDirectoryEventType":1,
"ExtendedProperties":[{
"Name":"additionalDetails",
"Value":"{\"User-Agent\":\"O365AdminPortal\"}"
},{
"Name":"extendedAuditEventCategory",
"Value":"Group"
}],
"ModifiedProperties":[{
"Name":"Group.ObjectID",
"NewValue":"",
"OldValue":"a86f3642-1b11-468d-aaa3-8398902bd512"
},{
"Name":"Group.DisplayName",
"NewValue":"",
"OldValue":"Test Group 100"
},{
"Name":"Group.WellKnownObjectName",
"NewValue":"",
"OldValue":""
}],
"Actor":[{
"ID":"example@test.onmicrosoft.com",
"Type":5
},{
"ID":"100320015ED2DA21",
"Type":3
},{
"ID":"Microsoft Office 365 Portal",
"Type":1
},{
"ID":"00000006-0000-0ff1-ce00-000000000000",
"Type":2
},{
"ID":"User_f1c08887-d776-42f8-9911-06faa5ab392f",
"Type":2
},{
"ID":"f1c08887-d776-42f8-9911-06faa5ab392f",
"Type":2
},{
"ID":"User",
"Type":2
}],
"ActorContextId":"8326222c-5c86-45a1-b768-561ad270c694",
"InterSystemsId":"d1887bb8-a1ed-4647-b3da-44ac87659630",
"IntraSystemId":"c5f0fcf1-7a94-4d63-96fe-f5bf859d068e",
"SupportTicketId":"",
"Target":[{
"ID":"User_1eae91ef-20b6-4c9e-94ad-85f8dfa8eb18",
"Type":2
},{
"ID":"1eae91ef-20b6-4c9e-94ad-85f8dfa8eb18",
"Type":2
},{
"ID":"User",
"Type":2
},{
"ID":"AlexW@test.onmicrosoft.com",
"Type":5
},{
"ID":"100320024DBC18D8",
"Type":3
}],
"TargetContextId":"8326222c-5c86-45a1-b768-561ad270c694"
}
Creates a new role.
Creates a new role.
{
"CreationTime":"2024-05-01T21:35:05",
"Id":"414a577a-6bcc-489d-a3c3-6919423134b1",
"Operation":"Add role definition.",
"OrganizationId":"8326222c-5c86-45a1-b768-561ad270c694",
"RecordType":8,
"ResultStatus":"Success",
"UserKey":"100320015ED2DA21@test.onmicrosoft.com",
"UserType":0,
"Version":1,
"Workload":"AzureActiveDirectory",
"ObjectId":"RoleDefinition_176137b7-85e6-4dd9-9f65-3c1ce26fa1c3",
"UserId":"example@test.onmicrosoft.com",
"AzureActiveDirectoryEventType":1,
"ExtendedProperties":[{
"Name":"additionalDetails",
"Value":"{\"User-Agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/120.0\"}"
},{
"Name":"extendedAuditEventCategory",
"Value":"RoleDefinition"
}],
"ModifiedProperties":[{
"Name":"AssignableScopes",
"NewValue":"[\r\n {\r\n \"Type\": \"Tenant\",\r\n \"Id\": null,\r\n \"IsSelfScope\": false\r\n }\r\n]",
"OldValue":"[]"
},{
"Name":"DisplayName",
"NewValue":"[\r\n \"New Test Role\"\r\n]",
"OldValue":"[]"
},{
"Name":"GrantedPermissions",
"NewValue":"[\r\n {\r\n \"Actions\": [\r\n {\r\n \"ResourceCategory\": \"AadDirectory\",\r\n \"ResourceType\": \"PolicyApplicationConfiguration\",\r\n \"TaskType\": \"Delete\",\r\n \"ReadPropertySet\": \"None\",\r\n \"WritePropertySet\": \"None\",\r\n \"TaskTypeSubsetName\": null\r\n },\r\n {\r\n \"ResourceCategory\": \"AadDirectory\",\r\n \"ResourceType\": \"PolicyApplicationConfiguration\",\r\n \"TaskType\": \"Read\",\r\n \"ReadPropertySet\": \"Owners\",\r\n \"WritePropertySet\": \"None\",\r\n \"TaskTypeSubsetName\": null\r\n }\r\n ],\r\n \"Condition\": null,\r\n \"ScopeConstraints\": [],\r\n \"IsPrivileged\": false\r\n }\r\n]",
"OldValue":"[]"
},{
"Name":"Included Updated Properties",
"NewValue":"AssignableScopes, DisplayName, GrantedPermissions",
"OldValue":""
}],
"Actor":[{
"ID":"example@test.onmicrosoft.com",
"Type":5
},{
"ID":"100320015ED2DA21",
"Type":3
},{
"ID":"74658136-14ec-4630-ad9b-26e160ff0fc6",
"Type":2
},{
"ID":"User_f1c08887-d776-42f8-9911-06faa5ab392f",
"Type":2
},{
"ID":"f1c08887-d776-42f8-9911-06faa5ab392f",
"Type":2
},{
"ID":"User",
"Type":2
}],
"ActorContextId":"8326222c-5c86-45a1-b768-561ad270c694",
"InterSystemsId":"17247e48-1e4d-416b-8aa0-55d44ab09716",
"IntraSystemId":"5d368745-fbc5-403d-84ca-6eda100ad00d",
"SupportTicketId":"",
"Target":[{
"ID":"RoleDefinition_176137b7-85e6-4dd9-9f65-3c1ce26fa1c3",
"Type":2
},{
"ID":"176137b7-85e6-4dd9-9f65-3c1ce26fa1c3",
"Type":2
},{
"ID":"Other",
"Type":2
},{
"ID":"New Test Role",
"Type":1
}],
"TargetContextId":"8326222c-5c86-45a1-b768-561ad270c694"
}
Reads a role.
Reads a role.
Updates a role.
Updates a role.
{
"CreationTime":"2024-05-01T21:35:59",
"Id":"c7a002e8-8dbd-43a7-8c64-8de5910f49ff",
"Operation":"Update role definition.",
"OrganizationId":"8326222c-5c86-45a1-b768-561ad270c694",
"RecordType":8,
"ResultStatus":"Success",
"UserKey":"100320015ED2DA21@test.onmicrosoft.com",
"UserType":0,
"Version":1,
"Workload":"AzureActiveDirectory",
"ObjectId":"RoleDefinition_176137b7-85e6-4dd9-9f65-3c1ce26fa1c3",
"UserId":"example@test.onmicrosoft.com",
"AzureActiveDirectoryEventType":1,
"ExtendedProperties":[{
"Name":"additionalDetails",
"Value":"{\"User-Agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/120.0\"}"
},{
"Name":"extendedAuditEventCategory",
"Value":"RoleDefinition"
}],
"ModifiedProperties":[{
"Name":"GrantedPermissions",
"NewValue":"[\r\n {\r\n \"Actions\": [\r\n {\r\n \"ResourceCategory\": \"AadDirectory\",\r\n \"ResourceType\": \"PolicyApplicationConfiguration\",\r\n \"TaskType\": \"Delete\",\r\n \"ReadPropertySet\": \"None\",\r\n \"WritePropertySet\": \"None\",\r\n \"TaskTypeSubsetName\": null\r\n },\r\n {\r\n \"ResourceCategory\": \"AadDirectory\",\r\n \"ResourceType\": \"PolicyApplicationConfiguration\",\r\n \"TaskType\": \"Read\",\r\n \"ReadPropertySet\": \"Owners\",\r\n \"WritePropertySet\": \"None\",\r\n \"TaskTypeSubsetName\": null\r\n },\r\n {\r\n \"ResourceCategory\": \"AadDirectory\",\r\n \"ResourceType\": \"ApplicationMyOrganization\",\r\n \"TaskType\": \"Update\",\r\n \"ReadPropertySet\": \"None\",\r\n \"WritePropertySet\": \"Basic\",\r\n \"TaskTypeSubsetName\": null\r\n },\r\n {\r\n \"ResourceCategory\": \"AadDirectory\",\r\n \"ResourceType\": \"ApplicationMyOrganization\",\r\n \"TaskType\": \"Update\",\r\n \"ReadPropertySet\": \"None\",\r\n \"WritePropertySet\": \"Credentials\",\r\n \"TaskTypeSubsetName\": null\r\n }\r\n ],\r\n \"Condition\": null,\r\n \"ScopeConstraints\": [],\r\n \"IsPrivileged\": true\r\n }\r\n]",
"OldValue":"[\r\n {\r\n \"Actions\": [\r\n {\r\n \"ResourceCategory\": \"AadDirectory\",\r\n \"ResourceType\": \"PolicyApplicationConfiguration\",\r\n \"TaskType\": \"Delete\",\r\n \"ReadPropertySet\": \"None\",\r\n \"WritePropertySet\": \"None\",\r\n \"TaskTypeSubsetName\": null\r\n },\r\n {\r\n \"ResourceCategory\": \"AadDirectory\",\r\n \"ResourceType\": \"PolicyApplicationConfiguration\",\r\n \"TaskType\": \"Read\",\r\n \"ReadPropertySet\": \"Owners\",\r\n \"WritePropertySet\": \"None\",\r\n \"TaskTypeSubsetName\": null\r\n }\r\n ],\r\n \"Condition\": null,\r\n \"ScopeConstraints\": [],\r\n \"IsPrivileged\": false\r\n }\r\n]"
},{
"Name":"Included Updated Properties",
"NewValue":"GrantedPermissions",
"OldValue":""
}],
"Actor":[{
"ID":"example@test.onmicrosoft.com",
"Type":5
},{
"ID":"100320015ED2DA21",
"Type":3
},{
"ID":"74658136-14ec-4630-ad9b-26e160ff0fc6",
"Type":2
},{
"ID":"User_f1c08887-d776-42f8-9911-06faa5ab392f",
"Type":2
},{
"ID":"f1c08887-d776-42f8-9911-06faa5ab392f",
"Type":2
},{
"ID":"User",
"Type":2
}],
"ActorContextId":"8326222c-5c86-45a1-b768-561ad270c694",
"InterSystemsId":"38e57fdb-584e-4c9e-a68d-2b1eca4fae68",
"IntraSystemId":"9b6be5d3-e88b-430f-8eb6-29b3b742800e",
"SupportTicketId":"",
"Target":[{
"ID":"RoleDefinition_176137b7-85e6-4dd9-9f65-3c1ce26fa1c3",
"Type":2
},{
"ID":"176137b7-85e6-4dd9-9f65-3c1ce26fa1c3",
"Type":2
},{
"ID":"Other",
"Type":2
},{
"ID":"New Test Role",
"Type":1
}],
"TargetContextId":"8326222c-5c86-45a1-b768-561ad270c694"
}
Removes or deletes a role.
Removes or deletes a role.
{
"CreationTime":"2024-05-01T21:36:10",
"Id":"f377408a-4cde-46ae-a658-f0042cc3f652",
"Operation":"Delete role definition.",
"OrganizationId":"8326222c-5c86-45a1-b768-561ad270c694",
"RecordType":8,
"ResultStatus":"Success",
"UserKey":"100320015ED2DA21@test.onmicrosoft.com",
"UserType":0,
"Version":1,
"Workload":"AzureActiveDirectory",
"ObjectId":"RoleDefinition_176137b7-85e6-4dd9-9f65-3c1ce26fa1c3",
"UserId":"example@test.onmicrosoft.com",
"AzureActiveDirectoryEventType":1,
"ExtendedProperties":[{
"Name":"additionalDetails",
"Value":"{\"User-Agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/120.0\"}"
},{
"Name":"extendedAuditEventCategory",
"Value":"RoleDefinition"
}],
"ModifiedProperties":[{
"Name":"Included Updated Properties",
"NewValue":"",
"OldValue":""
}],
"Actor":[{
"ID":"example@test.onmicrosoft.com",
"Type":5
},{
"ID":"100320015ED2DA21",
"Type":3
},{
"ID":"74658136-14ec-4630-ad9b-26e160ff0fc6",
"Type":2
},{
"ID":"User_f1c08887-d776-42f8-9911-06faa5ab392f",
"Type":2
},{
"ID":"f1c08887-d776-42f8-9911-06faa5ab392f",
"Type":2
},{
"ID":"User",
"Type":2
}],
"ActorContextId":"8326222c-5c86-45a1-b768-561ad270c694",
"InterSystemsId":"d68f7c29-5a2c-43e4-a113-51b6bd72d0ea",
"IntraSystemId":"9b6be5d3-e88b-430f-8eb6-29b3b7428016",
"SupportTicketId":"",
"Target":[{
"ID":"RoleDefinition_176137b7-85e6-4dd9-9f65-3c1ce26fa1c3",
"Type":2
},{
"ID":"176137b7-85e6-4dd9-9f65-3c1ce26fa1c3",
"Type":2
},{
"ID":"Other",
"Type":2
},{
"ID":"New Test Role",
"Type":1
}],
"TargetContextId":"8326222c-5c86-45a1-b768-561ad270c694"
}
Adds a permission to a resource.
Adds a permission to a resource.
{
"CreationTime":"2024-05-01T21:31:15",
"Id":"87025648-8434-4b73-a311-9eb82a0845fd",
"Operation":"Add member to role.",
"OrganizationId":"8326222c-5c86-45a1-b768-561ad270c694",
"RecordType":8,
"ResultStatus":"Success",
"UserKey":"Not Available",
"UserType":4,
"Version":1,
"Workload":"AzureActiveDirectory",
"ObjectId":"TestUser10@test.onmicrosoft.com",
"UserId":"ServicePrincipal_09eaff3d-53e5-4fbe-9752-92c8505c97cd",
"AzureActiveDirectoryEventType":1,
"ExtendedProperties":[{
"Name":"additionalDetails",
"Value":"{}"
},{
"Name":"extendedAuditEventCategory",
"Value":"Role"
}],
"ModifiedProperties":[{
"Name":"Role.ObjectID",
"NewValue":"025dfbe5-67e0-44ce-9718-7cce87afdc00",
"OldValue":""
},{
"Name":"Role.DisplayName",
"NewValue":"Application Developer",
"OldValue":""
},{
"Name":"Role.TemplateId",
"NewValue":"cf1c38e5-3621-4004-a7cb-879624dced7c",
"OldValue":""
},{
"Name":"Role.WellKnownObjectName",
"NewValue":"ApplicationDevelopers",
"OldValue":""
}],
"Actor":[{
"ID":"MS-PIM",
"Type":1
},{
"ID":"01fc33a7-78ba-4d2f-a4b7-768e336e890e",
"Type":2
},{
"ID":"ServicePrincipal_09eaff3d-53e5-4fbe-9752-92c8505c97cd",
"Type":2
},{
"ID":"09eaff3d-53e5-4fbe-9752-92c8505c97cd",
"Type":2
},{
"ID":"ServicePrincipal",
"Type":2
}],
"ActorContextId":"8326222c-5c86-45a1-b768-561ad270c694",
"InterSystemsId":"da951f55-bdae-488a-8c47-ef670c358b09",
"IntraSystemId":"302d6a09-2d3d-49d1-9549-3966d6b649a2",
"SupportTicketId":"",
"Target":[{
"ID":"User_74a66a67-9799-4620-a338-3b4a0b06045e",
"Type":2
},{
"ID":"74a66a67-9799-4620-a338-3b4a0b06045e",
"Type":2
},{
"ID":"User",
"Type":2
},{
"ID":"TestUser10@test.onmicrosoft.com",
"Type":5
},{
"ID":"100320037B121E64",
"Type":3
}],
"TargetContextId":"8326222c-5c86-45a1-b768-561ad270c694"
}
Removes a permission from a resource.
Removes a permission from a resource.
{
"CreationTime":"2024-05-01T21:31:15",
"Id":"b6973e19-e37e-4b03-b077-0a1d2de71106",
"Operation":"Remove member from role.",
"OrganizationId":"8326222c-5c86-45a1-b768-561ad270c694",
"RecordType":8,
"ResultStatus":"Success",
"UserKey":"Not Available",
"UserType":4,
"Version":1,
"Workload":"AzureActiveDirectory",
"ObjectId":"TestUser10@test.onmicrosoft.com",
"UserId":"ServicePrincipal_09eaff3d-53e5-4fbe-9752-92c8505c97cd",
"AzureActiveDirectoryEventType":1,
"ExtendedProperties":[{
"Name":"additionalDetails",
"Value":"{}"
},{
"Name":"extendedAuditEventCategory",
"Value":"Role"
}],
"ModifiedProperties":[{
"Name":"Role.ObjectID",
"NewValue":"",
"OldValue":"025dfbe5-67e0-44ce-9718-7cce87afdc00"
},{
"Name":"Role.DisplayName",
"NewValue":"",
"OldValue":"Application Developer"
},{
"Name":"Role.TemplateId",
"NewValue":"",
"OldValue":"cf1c38e5-3621-4004-a7cb-879624dced7c"
},{
"Name":"Role.WellKnownObjectName",
"NewValue":"",
"OldValue":"ApplicationDevelopers"
}],
"Actor":[{
"ID":"MS-PIM",
"Type":1
},{
"ID":"01fc33a7-78ba-4d2f-a4b7-768e336e890e",
"Type":2
},{
"ID":"ServicePrincipal_09eaff3d-53e5-4fbe-9752-92c8505c97cd",
"Type":2
},{
"ID":"09eaff3d-53e5-4fbe-9752-92c8505c97cd",
"Type":2
},{
"ID":"ServicePrincipal",
"Type":2
}],
"ActorContextId":"8326222c-5c86-45a1-b768-561ad270c694",
"InterSystemsId":"31800963-cabe-47e6-8500-68ed16ffdfa7",
"IntraSystemId":"302d6a09-2d3d-49d1-9549-3966d6b649a2",
"SupportTicketId":"",
"Target":[{
"ID":"User_74a66a67-9799-4620-a338-3b4a0b06045e",
"Type":2
},{
"ID":"74a66a67-9799-4620-a338-3b4a0b06045e",
"Type":2
},{
"ID":"User",
"Type":2
},{
"ID":"TestUser10@test.onmicrosoft.com",
"Type":5
},{
"ID":"100320037B121E64",
"Type":3
}],
"TargetContextId":"8326222c-5c86-45a1-b768-561ad270c694"
}
A MFA enrollment was added to an account.
A MFA enrollment was added to an account.
{
"CreationTime":"2024-05-02T01:47:58",
"Id":"d13709bc-1139-4afe-996c-40d28014186b",
"Operation":"Update user.",
"OrganizationId":"8326222c-5c86-45a1-b768-561ad270c694",
"RecordType":8,
"ResultStatus":"Success",
"UserKey":"100320015ED2DA21@test.onmicrosoft.com",
"UserType":0,
"Version":1,
"Workload":"AzureActiveDirectory",
"ObjectId":"TestUser10@test.onmicrosoft.com",
"UserId":"TestUser10@test.onmicrosoft.com",
"AzureActiveDirectoryEventType":1,
"ExtendedProperties":[{
"Name":"additionalDetails",
"Value":"{\"UserType\":\"Member\"}"
},{
"Name":"extendedAuditEventCategory",
"Value":"User"
}],
"ModifiedProperties":[{
"Name":"StrongAuthenticationUserDetails",
"NewValue":"[\r\n {\r\n \"PhoneNumber\": \"+1 1234567891\",\r\n \"AlternativePhoneNumber\": null,\r\n \"Email\": null,\r\n \"VoiceOnlyPhoneNumber\": null\r\n }\r\n]",
"OldValue":"[]"
},{
"Name":"Included Updated Properties",
"NewValue":"StrongAuthenticationUserDetails",
"OldValue":""
},{
"Name":"TargetId.UserType",
"NewValue":"Member",
"OldValue":""
}],
"Actor":[{
"ID":"TestUser10@test.onmicrosoft.com",
"Type":5
},{
"ID":"100320037B121E64",
"Type":3
},{
"ID":"User_74a66a67-9799-4620-a338-3b4a0b06045e",
"Type":2
},{
"ID":"74a66a67-9799-4620-a338-3b4a0b06045e",
"Type":2
},{
"ID":"User",
"Type":2
}],
"ActorContextId":"8326222c-5c86-45a1-b768-561ad270c694",
"InterSystemsId":"5ee3f9c0-16e7-464b-af39-8cac70d274e0",
"IntraSystemId":"cb5af41a-7779-45c4-b9fb-258f78a3dadf",
"SupportTicketId":"",
"Target":[{
"ID":"User_74a66a67-9799-4620-a338-3b4a0b06045e",
"Type":2
},{
"ID":"74a66a67-9799-4620-a338-3b4a0b06045e",
"Type":2
},{
"ID":"User",
"Type":2
},{
"ID":"TestUser10@test.onmicrosoft.com",
"Type":5
},{
"ID":"100320037B121E64",
"Type":3
}],
"TargetContextId":"8326222c-5c86-45a1-b768-561ad270c694"
}
A MFA enrollment was removed from an account.
A MFA enrollment was removed from an account.
{
"CreationTime":"2024-05-02T02:16:16",
"Id":"0ec7c8b7-77cb-4aa4-bee9-834e4dc9491a",
"Operation":"Update user.",
"OrganizationId":"8326222c-5c86-45a1-b768-561ad270c694",
"RecordType":8,
"ResultStatus":"Success",
"UserKey":"Not Available",
"UserType":4,
"Version":1,
"Workload":"AzureActiveDirectory",
"ObjectId":"TestUser10@test.onmicrosoft.com",
"UserId":"ServicePrincipal_14de7e5c-d71d-4803-afd0-4cbc978b0d84",
"AzureActiveDirectoryEventType":1,
"ExtendedProperties":[{
"Name":"additionalDetails",
"Value":"{\"UserType\":\"Member\"}"
},{
"Name":"extendedAuditEventCategory",
"Value":"User"
}],
"ModifiedProperties":[{
"Name":"StrongAuthenticationPhoneAppDetail",
"NewValue":"[]",
"OldValue":"[\r\n {\r\n \"DeviceName\": \"iPhone 12 Pro\",\r\n \"DeviceToken\": \"apns2-f5f9da4aa265ab5f8f45948763d0fc07d560e25fa2f7452706d82bfe1eee0d0b\",\r\n \"DeviceTag\": \"SoftwareTokenActivated\",\r\n \"PhoneAppVersion\": \"6.8.7\",\r\n \"OathTokenTimeDrift\": 0,\r\n \"DeviceId\": \"00000000-0000-0000-0000-000000000000\",\r\n \"Id\": \"780c65ef-b4d2-4c09-a84f-fc8ee722c6fe\",\r\n \"TimeInterval\": 0,\r\n \"AuthenticationType\": 3,\r\n \"NotificationType\": 2,\r\n \"LastAuthenticatedTimestamp\": \"2024-05-02T01:46:51.1234035Z\",\r\n \"AuthenticatorFlavor\": null,\r\n \"HashFunction\": null,\r\n \"TenantDeviceId\": null,\r\n \"SecuredPartitionId\": 0,\r\n \"SecuredKeyId\": 0\r\n }\r\n]"
},{
"Name":"Included Updated Properties",
"NewValue":"StrongAuthenticationPhoneAppDetail",
"OldValue":""
},{
"Name":"TargetId.UserType",
"NewValue":"Member",
"OldValue":""
}],
"Actor":[{
"ID":"Azure MFA StrongAuthenticationService",
"Type":1
},{
"ID":"b5a60e17-278b-4c92-a4e2-b9262e66bb28",
"Type":2
},{
"ID":"ServicePrincipal_14de7e5c-d71d-4803-afd0-4cbc978b0d84",
"Type":2
},{
"ID":"14de7e5c-d71d-4803-afd0-4cbc978b0d84",
"Type":2
},{
"ID":"ServicePrincipal",
"Type":2
}],
"ActorContextId":"8326222c-5c86-45a1-b768-561ad270c694",
"InterSystemsId":"6bc227a7-2e1d-4108-be7d-afab72e4887d",
"IntraSystemId":"8d98157b-5aec-459d-a4fd-39773a9b0b7d",
"SupportTicketId":"",
"Target":[{
"ID":"User_74a66a67-9799-4620-a338-3b4a0b06045e",
"Type":2
},{
"ID":"74a66a67-9799-4620-a338-3b4a0b06045e",
"Type":2
},{
"ID":"User",
"Type":2
},{
"ID":"TestUser10@test.onmicrosoft.com",
"Type":5
},{
"ID":"100320037B121E64",
"Type":3
}],
"TargetContextId":"8326222c-5c86-45a1-b768-561ad270c694"
}
Events (8)
Creates a security configuration policy or enables settings.
Creates a security configuration policy or enables settings.
{
"CreationTime":"2024-05-01T21:41:34",
"Id":"b1fe6046-32f3-4464-9769-1fedc9122000",
"Operation":"Add policy.",
"OrganizationId":"8326222c-5c86-45a1-b768-561ad270c694",
"RecordType":8,
"ResultStatus":"Success",
"UserKey":"100320015ED2DA21@test.onmicrosoft.com",
"UserType":0,
"Version":1,
"Workload":"AzureActiveDirectory",
"ObjectId":"Policy_b2711e15-d574-4d4f-ad0a-2628e64dad97",
"UserId":"example@test.onmicrosoft.com",
"AzureActiveDirectoryEventType":1,
"ExtendedProperties":[{
"Name":"additionalDetails",
"Value":"{\"User-Agent\":\"Microsoft Azure Graph Client Library 1.0\"}"
},{
"Name":"extendedAuditEventCategory",
"Value":"Policy"
}],
"ModifiedProperties":[{
"Name":"DisplayName",
"NewValue":"[\r\n \"Default Policy\"\r\n]",
"OldValue":"[]"
},{
"Name":"PolicyType",
"NewValue":"[\r\n \"ConditionalAccessPolicy\"\r\n]",
"OldValue":"[]"
},{
"Name":"Included Updated Properties",
"NewValue":"DisplayName, PolicyType",
"OldValue":""
}],
"Actor":[{
"ID":"example@test.onmicrosoft.com",
"Type":5
},{
"ID":"100320015ED2DA21",
"Type":3
},{
"ID":"User_f1c08887-d776-42f8-9911-06faa5ab392f",
"Type":2
},{
"ID":"f1c08887-d776-42f8-9911-06faa5ab392f",
"Type":2
},{
"ID":"User",
"Type":2
}],
"ActorContextId":"8326222c-5c86-45a1-b768-561ad270c694",
"InterSystemsId":"1392787e-f8a4-44f1-bc52-40f5c542b317",
"IntraSystemId":"0d381482-0e74-49eb-9a16-edf059158785",
"SupportTicketId":"",
"Target":[{
"ID":"Policy_b2711e15-d574-4d4f-ad0a-2628e64dad97",
"Type":2
},{
"ID":"b2711e15-d574-4d4f-ad0a-2628e64dad97",
"Type":2
},{
"ID":"Policy",
"Type":2
},{
"ID":"Default Policy",
"Type":1
}],
"TargetContextId":"8326222c-5c86-45a1-b768-561ad270c694"
}
Reads a security configuration policy or settings.
Reads a security configuration policy or settings.
Updates a security configuration policy or settings.
Updates a security configuration policy or settings.
{
"CreationTime":"2024-05-01T21:41:53",
"Id":"5bf46a0b-5c14-468e-9b1f-bbb861d60411",
"Operation":"Update policy.",
"OrganizationId":"8326222c-5c86-45a1-b768-561ad270c694",
"RecordType":8,
"ResultStatus":"Success",
"UserKey":"100320015ED2DA21@test.onmicrosoft.com",
"UserType":0,
"Version":1,
"Workload":"AzureActiveDirectory",
"ObjectId":"Policy_b2711e15-d574-4d4f-ad0a-2628e64dad97",
"UserId":"example@test.onmicrosoft.com",
"AzureActiveDirectoryEventType":1,
"ExtendedProperties":[{
"Name":"additionalDetails",
"Value":"{\"User-Agent\":\"Microsoft Azure Graph Client Library 1.0\"}"
},{
"Name":"extendedAuditEventCategory",
"Value":"Policy"
}],
"ModifiedProperties":[{
"Name":"Included Updated Properties",
"NewValue":"",
"OldValue":""
}],
"Actor":[{
"ID":"example@test.onmicrosoft.com",
"Type":5
},{
"ID":"100320015ED2DA21",
"Type":3
},{
"ID":"User_f1c08887-d776-42f8-9911-06faa5ab392f",
"Type":2
},{
"ID":"f1c08887-d776-42f8-9911-06faa5ab392f",
"Type":2
},{
"ID":"User",
"Type":2
}],
"ActorContextId":"8326222c-5c86-45a1-b768-561ad270c694",
"InterSystemsId":"59e475aa-49be-4608-b3c2-4163f5a4285f",
"IntraSystemId":"198cceb4-2226-451c-bccf-7500fd31da79",
"SupportTicketId":"",
"Target":[{
"ID":"Policy_b2711e15-d574-4d4f-ad0a-2628e64dad97",
"Type":2
},{
"ID":"b2711e15-d574-4d4f-ad0a-2628e64dad97",
"Type":2
},{
"ID":"Policy",
"Type":2
},{
"ID":"Default Policy",
"Type":1
}],
"TargetContextId":"8326222c-5c86-45a1-b768-561ad270c694"
}
Removes or deletes a security configuration policy or setting.
Removes or deletes a security configuration policy or setting.
{
"CreationTime":"2024-05-01T21:42:17",
"Id":"f26d627b-40b0-42d6-9ab1-97de7ec000d6",
"Operation":"Delete policy.",
"OrganizationId":"8326222c-5c86-45a1-b768-561ad270c694",
"RecordType":8,
"ResultStatus":"Success",
"UserKey":"100320015ED2DA21@test.onmicrosoft.com",
"UserType":0,
"Version":1,
"Workload":"AzureActiveDirectory",
"ObjectId":"Policy_673e6616-0786-46cb-bd95-118b7cf949a6",
"UserId":"example@test.onmicrosoft.com",
"AzureActiveDirectoryEventType":1,
"ExtendedProperties":[{
"Name":"additionalDetails",
"Value":"{\"User-Agent\":\"Microsoft Azure Graph Client Library 1.0\"}"
},{
"Name":"extendedAuditEventCategory",
"Value":"Policy"
}],
"ModifiedProperties":[],
"Actor":[{
"ID":"example@test.onmicrosoft.com",
"Type":5
},{
"ID":"100320015ED2DA21",
"Type":3
},{
"ID":"User_f1c08887-d776-42f8-9911-06faa5ab392f",
"Type":2
},{
"ID":"f1c08887-d776-42f8-9911-06faa5ab392f",
"Type":2
},{
"ID":"User",
"Type":2
}],
"ActorContextId":"8326222c-5c86-45a1-b768-561ad270c694",
"InterSystemsId":"fcb00c2e-c2ec-49c8-80fe-34131490dd8b",
"IntraSystemId":"5c9e3a73-f101-4ccb-8358-fdc8c4e206b2",
"SupportTicketId":"",
"Target":[{
"ID":"Policy_673e6616-0786-46cb-bd95-118b7cf949a6",
"Type":2
},{
"ID":"673e6616-0786-46cb-bd95-118b7cf949a6",
"Type":2
},{
"ID":"Policy",
"Type":2
},{
"ID":"Test CAP",
"Type":1
}],
"TargetContextId":"8326222c-5c86-45a1-b768-561ad270c694"
}
Creates a new integration.
Creates a new integration.
{
"CreationTime":"2024-05-01T21:43:37",
"Id":"2f2af1ba-6d5f-40d2-863e-5263bb46a62c",
"Operation":"Add application.",
"OrganizationId":"8326222c-5c86-45a1-b768-561ad270c694",
"RecordType":8,
"ResultStatus":"Success",
"UserKey":"Not Available",
"UserType":4,
"Version":1,
"Workload":"AzureActiveDirectory",
"ObjectId":"Application_9b59f56e-9679-4503-b31f-594503399e1e",
"UserId":"ServicePrincipal_4f990b57-c537-4671-b080-8b6ffd9aded7",
"AzureActiveDirectoryEventType":1,
"ExtendedProperties":[{
"Name":"additionalDetails",
"Value":"{\"AppId\":\"fd81b5e5-74e3-4447-bfe5-3ad3ab319e12\"}"
},{
"Name":"extendedAuditEventCategory",
"Value":"Application"
}],
"ModifiedProperties":[{
"Name":"AppAddress",
"NewValue":"[\r\n {\r\n \"AddressType\": 0,\r\n \"Address\": \"https://sso.services.box.net/sp/ACS.saml2\",\r\n \"ReplyAddressClientType\": 0,\r\n \"ReplyAddressIndex\": null,\r\n \"IsReplyAddressDefault\": false\r\n }\r\n]",
"OldValue":"[]"
},{
"Name":"AppId",
"NewValue":"[\r\n \"fd81b5e5-74e3-4447-bfe5-3ad3ab319e12\"\r\n]",
"OldValue":"[]"
},{
"Name":"AvailableToOtherTenants",
"NewValue":"[\r\n false\r\n]",
"OldValue":"[]"
},{
"Name":"DisplayName",
"NewValue":"[\r\n \"Box\"\r\n]",
"OldValue":"[]"
},{
"Name":"Entitlement",
"NewValue":"[\r\n {\r\n \"EntitlementEncodingVersion\": 2,\r\n \"EntitlementId\": \"e5bf6e42-3702-45c6-b19e-e0113417b6ad\",\r\n \"IsDisabled\": false,\r\n \"Origin\": 0,\r\n \"Name\": \"Access Box\",\r\n \"Description\": \"Allow the application to access Box on behalf of the signed-in user.\",\r\n \"Definition\": null,\r\n \"ClaimValue\": \"user_impersonation\",\r\n \"ResourceScopeType\": 1,\r\n \"IsPrivate\": false,\r\n \"UserConsentDisplayName\": \"Access Box\",\r\n \"UserConsentDescription\": \"Allow the application to access Box on your behalf.\",\r\n \"DirectAccessGrantTypes\": [],\r\n \"ImpersonationAccessGrantTypes\": [\r\n {\r\n \"Impersonator\": 29,\r\n \"Impersonated\": 20\r\n }\r\n ],\r\n \"EntitlementCategory\": 0,\r\n \"DependentMicrosoftGraphPermissions\": [],\r\n \"IsPreauthzOnlyDirectAccessGrant\": false,\r\n \"IsPreauthzOnlyImpersonationGrant\": false\r\n }\r\n]",
"OldValue":"[]"
},{
"Name":"PublicClient",
"NewValue":"[\r\n false\r\n]",
"OldValue":"[]"
},{
"Name":"WwwHomepage",
"NewValue":"[\r\n \"https://sso.services.box.net/sp/ACS.saml2?metadata=box|ISV9.1|primary|z\"\r\n]",
"OldValue":"[]"
},{
"Name":"PublisherDomain",
"NewValue":"[\r\n \"test.onmicrosoft.com\"\r\n]",
"OldValue":"[]"
},{
"Name":"Included Updated Properties",
"NewValue":"AppAddress, AppId, AvailableToOtherTenants, DisplayName, Entitlement, PublicClient, WwwHomepage, PublisherDomain",
"OldValue":""
}],
"Actor":[{
"ID":"AAD App Management",
"Type":1
},{
"ID":"f0ae4899-d877-4d3c-ae25-679e38eea492",
"Type":2
},{
"ID":"ServicePrincipal_4f990b57-c537-4671-b080-8b6ffd9aded7",
"Type":2
},{
"ID":"4f990b57-c537-4671-b080-8b6ffd9aded7",
"Type":2
},{
"ID":"ServicePrincipal",
"Type":2
}],
"ActorContextId":"8326222c-5c86-45a1-b768-561ad270c694",
"InterSystemsId":"ceb1bc66-ebc1-4cee-ac1c-c79573942636",
"IntraSystemId":"00000000-0000-0000-0000-000000000000",
"SupportTicketId":"",
"Target":[{
"ID":"Application_9b59f56e-9679-4503-b31f-594503399e1e",
"Type":2
},{
"ID":"9b59f56e-9679-4503-b31f-594503399e1e",
"Type":2
},{
"ID":"Application",
"Type":2
},{
"ID":"Box",
"Type":1
},{
"ID":"fd81b5e5-74e3-4447-bfe5-3ad3ab319e12",
"Type":2
}],
"TargetContextId":"8326222c-5c86-45a1-b768-561ad270c694"
}
Reads an existing integration.
Reads an existing integration.
Updates an existing integration.
Updates an existing integration.
{
"CreationTime":"2024-05-01T21:43:39",
"Id":"86732c26-5672-4756-acad-6d336ecaea71",
"Operation":"Update application.",
"OrganizationId":"8326222c-5c86-45a1-b768-561ad270c694",
"RecordType":8,
"ResultStatus":"Success",
"UserKey":"Not Available",
"UserType":4,
"Version":1,
"Workload":"AzureActiveDirectory",
"ObjectId":"Application_9b59f56e-9679-4503-b31f-594503399e1e",
"UserId":"ServicePrincipal_4f990b57-c537-4671-b080-8b6ffd9aded7",
"AzureActiveDirectoryEventType":1,
"ExtendedProperties":[{
"Name":"additionalDetails",
"Value":"{\"AppId\":\"fd81b5e5-74e3-4447-bfe5-3ad3ab319e12\"}"
},{
"Name":"extendedAuditEventCategory",
"Value":"Application"
}],
"ModifiedProperties":[{
"Name":"Entitlement",
"NewValue":"[\r\n {\r\n \"EntitlementEncodingVersion\": 2,\r\n \"EntitlementId\": \"e5bf6e42-3702-45c6-b19e-e0113417b6ad\",\r\n \"IsDisabled\": false,\r\n \"Origin\": 0,\r\n \"Name\": \"Access Box\",\r\n \"Description\": \"Allow the application to access Box on behalf of the signed-in user.\",\r\n \"Definition\": null,\r\n \"ClaimValue\": \"user_impersonation\",\r\n \"ResourceScopeType\": 1,\r\n \"IsPrivate\": false,\r\n \"UserConsentDisplayName\": \"Access Box\",\r\n \"UserConsentDescription\": \"Allow the application to access Box on your behalf.\",\r\n \"DirectAccessGrantTypes\": [],\r\n \"ImpersonationAccessGrantTypes\": [\r\n {\r\n \"Impersonator\": 29,\r\n \"Impersonated\": 20\r\n }\r\n ],\r\n \"EntitlementCategory\": 0,\r\n \"DependentMicrosoftGraphPermissions\": [],\r\n \"IsPreauthzOnlyDirectAccessGrant\": false,\r\n \"IsPreauthzOnlyImpersonationGrant\": false\r\n },\r\n {\r\n \"EntitlementEncodingVersion\": 2,\r\n \"EntitlementId\": \"e18f0405-fdec-4ae8-a8a0-d8edb98b061f\",\r\n \"IsDisabled\": false,\r\n \"Origin\": 0,\r\n \"Name\": \"User\",\r\n \"Description\": \"User\",\r\n \"Definition\": null,\r\n \"ClaimValue\": null,\r\n \"ResourceScopeType\": 0,\r\n \"IsPrivate\": false,\r\n \"UserConsentDisplayName\": null,\r\n \"UserConsentDescription\": null,\r\n \"DirectAccessGrantTypes\": [\r\n 20\r\n ],\r\n \"ImpersonationAccessGrantTypes\": [],\r\n \"EntitlementCategory\": 0,\r\n \"DependentMicrosoftGraphPermissions\": [],\r\n \"IsPreauthzOnlyDirectAccessGrant\": false,\r\n \"IsPreauthzOnlyImpersonationGrant\": false\r\n },\r\n {\r\n \"EntitlementEncodingVersion\": 2,\r\n \"EntitlementId\": \"ef7437e6-4f94-4a0a-a110-a439eb2aa8f7\",\r\n \"IsDisabled\": false,\r\n \"Origin\": 0,\r\n \"Name\": \"msiam_access\",\r\n \"Description\": \"msiam_access\",\r\n \"Definition\": null,\r\n \"ClaimValue\": null,\r\n \"ResourceScopeType\": 0,\r\n \"IsPrivate\": false,\r\n \"UserConsentDisplayName\": null,\r\n \"UserConsentDescription\": null,\r\n \"DirectAccessGrantTypes\": [\r\n 20\r\n ],\r\n \"ImpersonationAccessGrantTypes\": [],\r\n \"EntitlementCategory\": 0,\r\n \"DependentMicrosoftGraphPermissions\": [],\r\n \"IsPreauthzOnlyDirectAccessGrant\": false,\r\n \"IsPreauthzOnlyImpersonationGrant\": false\r\n }\r\n]",
"OldValue":"[\r\n {\r\n \"EntitlementEncodingVersion\": 2,\r\n \"EntitlementId\": \"e5bf6e42-3702-45c6-b19e-e0113417b6ad\",\r\n \"IsDisabled\": false,\r\n \"Origin\": 0,\r\n \"Name\": \"Access Box\",\r\n \"Description\": \"Allow the application to access Box on behalf of the signed-in user.\",\r\n \"Definition\": null,\r\n \"ClaimValue\": \"user_impersonation\",\r\n \"ResourceScopeType\": 1,\r\n \"IsPrivate\": false,\r\n \"UserConsentDisplayName\": \"Access Box\",\r\n \"UserConsentDescription\": \"Allow the application to access Box on your behalf.\",\r\n \"DirectAccessGrantTypes\": [],\r\n \"ImpersonationAccessGrantTypes\": [\r\n {\r\n \"Impersonator\": 29,\r\n \"Impersonated\": 20\r\n }\r\n ],\r\n \"EntitlementCategory\": 0,\r\n \"DependentMicrosoftGraphPermissions\": [],\r\n \"IsPreauthzOnlyDirectAccessGrant\": false,\r\n \"IsPreauthzOnlyImpersonationGrant\": false\r\n }\r\n]"
},{
"Name":"Included Updated Properties",
"NewValue":"Entitlement",
"OldValue":""
}],
"Actor":[{
"ID":"AAD App Management",
"Type":1
},{
"ID":"f0ae4899-d877-4d3c-ae25-679e38eea492",
"Type":2
},{
"ID":"ServicePrincipal_4f990b57-c537-4671-b080-8b6ffd9aded7",
"Type":2
},{
"ID":"4f990b57-c537-4671-b080-8b6ffd9aded7",
"Type":2
},{
"ID":"ServicePrincipal",
"Type":2
}],
"ActorContextId":"8326222c-5c86-45a1-b768-561ad270c694",
"InterSystemsId":"6a768b60-62e7-4e3b-b49b-8713093979c7",
"IntraSystemId":"00000000-0000-0000-0000-000000000000",
"SupportTicketId":"",
"Target":[{
"ID":"Application_9b59f56e-9679-4503-b31f-594503399e1e",
"Type":2
},{
"ID":"9b59f56e-9679-4503-b31f-594503399e1e",
"Type":2
},{
"ID":"Application",
"Type":2
},{
"ID":"Box",
"Type":1
},{
"ID":"fd81b5e5-74e3-4447-bfe5-3ad3ab319e12",
"Type":2
}],
"TargetContextId":"8326222c-5c86-45a1-b768-561ad270c694"
}
Removes or deletes an existing integration.
Removes or deletes an existing integration.
{
"CreationTime":"2024-05-01T21:45:46",
"Id":"dc3a6b43-7cbf-4e35-8cc0-0ac7622aedcb",
"Operation":"Delete application.",
"OrganizationId":"8326222c-5c86-45a1-b768-561ad270c694",
"RecordType":8,
"ResultStatus":"Success",
"UserKey":"100320015ED2DA21@test.onmicrosoft.com",
"UserType":0,
"Version":1,
"Workload":"AzureActiveDirectory",
"ObjectId":"Application_9b59f56e-9679-4503-b31f-594503399e1e",
"UserId":"example@test.onmicrosoft.com",
"AzureActiveDirectoryEventType":1,
"ExtendedProperties":[{
"Name":"additionalDetails",
"Value":"{\"AppId\":\"fd81b5e5-74e3-4447-bfe5-3ad3ab319e12\"}"
},{
"Name":"extendedAuditEventCategory",
"Value":"Application"
}],
"ModifiedProperties":[],
"Actor":[{
"ID":"example@test.onmicrosoft.com",
"Type":5
},{
"ID":"100320015ED2DA21",
"Type":3
},{
"ID":"74658136-14ec-4630-ad9b-26e160ff0fc6",
"Type":2
},{
"ID":"User_f1c08887-d776-42f8-9911-06faa5ab392f",
"Type":2
},{
"ID":"f1c08887-d776-42f8-9911-06faa5ab392f",
"Type":2
},{
"ID":"User",
"Type":2
}],
"ActorContextId":"8326222c-5c86-45a1-b768-561ad270c694",
"InterSystemsId":"5e481f17-a030-48a4-818d-94e014f54189",
"IntraSystemId":"00000000-0000-0000-0000-000000000000",
"SupportTicketId":"",
"Target":[{
"ID":"Application_9b59f56e-9679-4503-b31f-594503399e1e",
"Type":2
},{
"ID":"9b59f56e-9679-4503-b31f-594503399e1e",
"Type":2
},{
"ID":"Application",
"Type":2
},{
"ID":"Box Test",
"Type":1
},{
"ID":"fd81b5e5-74e3-4447-bfe5-3ad3ab319e12",
"Type":2
}],
"TargetContextId":"8326222c-5c86-45a1-b768-561ad270c694"
}
Events (5)
A resource was created.
A resource was created.
A resource was read.
A resource was read.
A resource was updated.
A resource was updated.
A resource was removed or deleted.
A resource was removed or deleted.
A resource was downloaded.
A resource was downloaded.
Includes logs from Azure Active Directory including authentication and user management.
Storage Duration: 180 days
Minimum retention is 180 days, but organizations can set a retention policy up to 10 years dependent on licensing, reference https://learn.microsoft.com/en-us/purview/audit-log-retention-policies
Duration: Typically 60 to 90 minutes after an event occurs.
Minimum retention is 180 days, but organizations can set a retention policy up to 10 years dependent on licensing, reference https://learn.microsoft.com/en-us/purview/audit-log-retention-policies
Events (3)
An account attempted to login to a system.
An account attempted to login to a system.
{
"CreationTime":"2024-04-30T01:50:30",
"Id":"15146ca7-c8b4-4661-1189-08dc68b7ea96",
"Operation":"MailboxLogin",
"OrganizationId":"8326222c-5c86-45a1-b768-561ad270c694",
"RecordType":2,
"ResultStatus":"Succeeded",
"UserKey":"100320015ED2DA21",
"UserType":0,
"Version":1,
"Workload":"Exchange",
"ClientIP":"198.51.100.1",
"UserId":"test4@test.onmicrosoft.com",
"ClientIPAddress":"198.51.100.1",
"ClientInfoString":"Client=/owa/startupdata.ashx; Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/120.0",
"ExternalAccess":false,
"InternalLogonType":0,
"LogonType":0,
"LogonUserSid":"S-1-5-21-1587198437-855871042-1312952668-23578732",
"MailboxGuid":"90d31cb1-d428-43a7-82cb-9ecaf526bda8",
"MailboxOwnerSid":"S-1-5-21-1587198437-855871042-1312952668-23578732",
"MailboxOwnerUPN":"test4@test.onmicrosoft.com",
"OrganizationName":"test.onmicrosoft.com",
"OriginatingServer":"SJ0PR06MB7068",
"SessionId":"c73392a1-6d2e-42f5-ace1-f3965111e109"
}
An account attempted to logout of a system.
An account attempted to logout of a system.
Enter or acknowledge an MFA factor which indicates success or failure.
Enter or acknowledge an MFA factor which indicates success or failure.
Events (18)
Creates a user.
Creates a user.
Reads information about a user.
Reads information about a user.
Updates information about a user.
Updates information about a user.
Removes or deletes a user.
Removes or deletes a user.
Creates a logical group.
Creates a logical group.
{
"AppAccessContext":{
"IssuedAtTime":"2024-05-01T16:20:08",
"UniqueTokenId":"XeDaLWgRe1rsdtbkm15SAw"
},
"CreationTime":"2024-05-01T16:25:27",
"Id":"60ee7c61-f9d1-49eb-1743-08dc69fb4fdc",
"Operation":"New-DistributionGroup",
"OrganizationId":"8326222c-5c86-45a1-b768-561ad270c694",
"RecordType":1,
"ResultStatus":"True",
"UserKey":"100320015ED2DA21",
"UserType":2,
"Version":1,
"Workload":"Exchange",
"ClientIP":"198.51.100.1:13736",
"ObjectId":"NAMPR06A004.prod.outlook.com/Microsoft Exchange Hosted Organizations/test.onmicrosoft.com/Test Group20240501162508",
"UserId":"example@test.onmicrosoft.com",
"AppId":"00000006-0000-0ff1-ce00-000000000000",
"AppPoolName":"MSExchangeAdminApiNetCore",
"ClientAppId":"",
"CorrelationID":"",
"ExternalAccess":false,
"OrganizationName":"test.onmicrosoft.com",
"OriginatingServer":"DM6PR06MB4844 (15.20.7544.013)",
"Parameters":[{
"Name":"Alias",
"Value":"testdistro"
},{
"Name":"Description",
"Value":"This is a test distribution group"
},{
"Name":"RequireSenderAuthenticationEnabled",
"Value":"True"
},{
"Name":"DisplayName",
"Value":"Test Group"
},{
"Name":"MemberDepartRestriction",
"Value":"Open"
},{
"Name":"ManagedBy",
"Value":"example@test.onmicrosoft.com"
},{
"Name":"Name",
"Value":"Test Group20240501162508"
},{
"Name":"MemberJoinRestriction",
"Value":"Open"
},{
"Name":"PrimarySmtpAddress",
"Value":"testdistro@test.onmicrosoft.com"
}],
"RequestId":"a36f3f21-295b-52e0-28bf-4ed14ed99ae1",
"SessionId":"c73392a1-6d2e-42f5-ace1-f3965111e109"
}
Reads a group.
Reads a group.
Updates a group.
Updates a group.
{
"AppAccessContext":{
"IssuedAtTime":"2024-05-01T16:21:28",
"UniqueTokenId":"XeDaLWgRe1rsdtbkm15SAw"
},
"CreationTime":"2024-05-01T16:26:29",
"Id":"baba650a-2d56-4b03-586a-08dc69fb74e4",
"Operation":"Set-DistributionGroup",
"OrganizationId":"8326222c-5c86-45a1-b768-561ad270c694",
"RecordType":1,
"ResultStatus":"True",
"UserKey":"100320015ED2DA21",
"UserType":2,
"Version":1,
"Workload":"Exchange",
"ClientIP":"198.51.100.1:14492",
"ObjectId":"Test Group20240501162508",
"UserId":"example@test.onmicrosoft.com",
"AppId":"00000006-0000-0ff1-ce00-000000000000",
"AppPoolName":"MSExchangeAdminApiNetCore",
"ClientAppId":"",
"CorrelationID":"",
"ExternalAccess":false,
"OrganizationName":"test.onmicrosoft.com",
"OriginatingServer":"DM6PR06MB4844 (15.20.7544.013)",
"Parameters":[{
"Name":"Identity",
"Value":"NAMPR06A004.prod.outlook.com/Microsoft Exchange Hosted Organizations/test.onmicrosoft.com/Test Group20240501162508"
},{
"Name":"GrantSendOnBehalfTo",
"Value":""
},{
"Name":"ModeratedBy",
"Value":""
},{
"Name":"BypassModerationFromSendersOrMembers",
"Value":""
},{
"Name":"AcceptMessagesOnlyFromSendersOrMembers",
"Value":""
},{
"Name":"BypassSecurityGroupManagerCheck",
"Value":"True"
},{
"Name":"DisplayName",
"Value":"Test Group 24"
}],
"RequestId":"de7de5af-cf19-7e5d-375b-1d32f22226a4",
"SessionId":"d15707db-ca84-4096-be63-c6126b7391d5"
}
Removes or deletes a group.
Removes or deletes a group.
{
"AppAccessContext":{
"IssuedAtTime":"2024-05-01T16:21:50",
"UniqueTokenId":"XeDaLWgRe1rsdtbkm15SAw"
},
"CreationTime":"2024-05-01T16:26:51",
"Id":"165ebb45-ec0e-40a2-0a76-08dc69fb81d7",
"Operation":"Remove-DistributionGroup",
"OrganizationId":"8326222c-5c86-45a1-b768-561ad270c694",
"RecordType":1,
"ResultStatus":"True",
"UserKey":"100320015ED2DA21",
"UserType":2,
"Version":1,
"Workload":"Exchange",
"ClientIP":"198.51.100.1:12185",
"ObjectId":"Test Group20240501162508",
"UserId":"example@test.onmicrosoft.com",
"AppId":"00000006-0000-0ff1-ce00-000000000000",
"AppPoolName":"MSExchangeAdminApiNetCore",
"ClientAppId":"",
"CorrelationID":"",
"ExternalAccess":false,
"OrganizationName":"test.onmicrosoft.com",
"OriginatingServer":"DM6PR06MB4844 (15.20.7544.013)",
"Parameters":[{
"Name":"Identity",
"Value":"NAMPR06A004.prod.outlook.com/Microsoft Exchange Hosted Organizations/test.onmicrosoft.com/Test Group20240501162508"
},{
"Name":"BypassSecurityGroupManagerCheck",
"Value":"True"
}],
"RequestId":"e7b9495a-3dae-61c4-d07b-061ca7db5010",
"SessionId":"273fa545-05fe-4d22-af37-fa899f0b91ca"
}
Adds a service, user or account to a group.
Adds a service, user or account to a group.
{
"AppAccessContext":{
"IssuedAtTime":"2024-05-01T16:21:07",
"UniqueTokenId":"XeDaLWgRe1rsdtbkm15SAw"
},
"CreationTime":"2024-05-01T16:26:08",
"Id":"33c59316-c708-4a04-7a24-08dc69fb680a",
"Operation":"Add-DistributionGroupMember",
"OrganizationId":"8326222c-5c86-45a1-b768-561ad270c694",
"RecordType":1,
"ResultStatus":"True",
"UserKey":"100320015ED2DA21",
"UserType":2,
"Version":1,
"Workload":"Exchange",
"ClientIP":"198.51.100.1:17461",
"ObjectId":"Test Group20240501162508",
"UserId":"example@test.onmicrosoft.com",
"AppId":"00000006-0000-0ff1-ce00-000000000000",
"AppPoolName":"MSExchangeAdminApiNetCore",
"ClientAppId":"",
"CorrelationID":"",
"ExternalAccess":false,
"OrganizationName":"test.onmicrosoft.com",
"OriginatingServer":"DM6PR06MB4844 (15.20.7544.013)",
"Parameters":[{
"Name":"Identity",
"Value":"NAMPR06A004.prod.outlook.com/Microsoft Exchange Hosted Organizations/test.onmicrosoft.com/Test Group20240501162508"
},{
"Name":"Member",
"Value":"93714996-ddb9-4e6a-b1aa-6db081388f73"
},{
"Name":"BypassSecurityGroupManagerCheck",
"Value":"True"
}],
"RequestId":"377d3ffb-35c0-1272-3ca4-c373e68de9f1",
"SessionId":"c73392a1-6d2e-42f5-ace1-f3965111e109"
}
Removes a service, user or account from a group.
Removes a service, user or account from a group.
{
"AppAccessContext":{
"IssuedAtTime":"2024-05-01T16:36:14",
"UniqueTokenId":"XeDaLWgRe1rsdtbkm15SAw"
},
"CreationTime":"2024-05-01T16:41:15",
"Id":"5c59f5eb-e4fb-49aa-8a57-08dc69fd84ef",
"Operation":"Remove-DistributionGroupMember",
"OrganizationId":"8326222c-5c86-45a1-b768-561ad270c694",
"RecordType":1,
"ResultStatus":"True",
"UserKey":"100320015ED2DA21",
"UserType":2,
"Version":1,
"Workload":"Exchange",
"ClientIP":"198.51.100.1:21866",
"ObjectId":"Test Group 220240501164027",
"UserId":"example@test.onmicrosoft.com",
"AppId":"00000006-0000-0ff1-ce00-000000000000",
"AppPoolName":"MSExchangeAdminApiNetCore",
"ClientAppId":"",
"CorrelationID":"",
"ExternalAccess":false,
"OrganizationName":"test.onmicrosoft.com",
"OriginatingServer":"DM6PR06MB4844 (15.20.7544.013)",
"Parameters":[{
"Name":"Identity",
"Value":"NAMPR06A004.prod.outlook.com/Microsoft Exchange Hosted Organizations/test.onmicrosoft.com/Test Group 220240501164027"
},{
"Name":"Member",
"Value":"0c1966ef-97c2-4558-a7fd-962fba9dcbc4"
},{
"Name":"BypassSecurityGroupManagerCheck",
"Value":"True"
}],
"RequestId":"7c5778ce-acd5-a41f-8078-5de5af9dc897",
"SessionId":"273fa545-05fe-4d22-af37-fa899f0b91ca"
}
Creates a new role.
Creates a new role.
{
"AppAccessContext":{
"IssuedAtTime":"2024-05-01T03:54:48",
"UniqueTokenId":"XeDaLWgRe1rsdtbkm15SAw"
},
"CreationTime":"2024-05-01T04:00:43",
"Id":"f09281ab-848e-4de0-6356-08dc69934603",
"Operation":"New-RoleGroup",
"OrganizationId":"8326222c-5c86-45a1-b768-561ad270c694",
"RecordType":1,
"ResultStatus":"True",
"UserKey":"100320015ED2DA21",
"UserType":2,
"Version":1,
"Workload":"Exchange",
"ClientIP":"198.51.100.1:10267",
"ObjectId":"NAMPR06A004.prod.outlook.com/Microsoft Exchange Hosted Organizations/test.onmicrosoft.com/Test Role Group",
"UserId":"example@test.onmicrosoft.com",
"AppId":"497effe9-df71-4043-a8bb-14cf78c4b63b",
"AppPoolName":"MSExchangeAdminApiNetCore",
"ClientAppId":"",
"CorrelationID":"",
"ExternalAccess":false,
"OrganizationName":"test.onmicrosoft.com",
"OriginatingServer":"BL0PR06MB4945 (15.20.7519.031)",
"Parameters":[{
"Name":"Name",
"Value":"Test Role Group"
},{
"Name":"Roles",
"Value":"Address Lists"
},{
"Name":"Members",
"Value":"fff85c15-3ce8-48c0-af17-4088dbdc5d62"
}],
"RequestId":"1e83e21b-eb7d-1e92-c02c-09292b02ebac",
"SessionId":"273fa545-05fe-4d22-af37-fa899f0b91ca"
}
Reads a role.
Reads a role.
Updates a role.
Updates a role.
{
"AppAccessContext":{
"IssuedAtTime":"2024-05-01T03:56:21",
"UniqueTokenId":"XeDaLWgRe1rsdtbkm15SAw"
},
"CreationTime":"2024-05-01T04:22:00",
"Id":"557d12c8-6bd9-4ad4-3b52-08dc69963f27",
"Operation":"Set-RoleGroup",
"OrganizationId":"8326222c-5c86-45a1-b768-561ad270c694",
"RecordType":1,
"ResultStatus":"True",
"UserKey":"100320015ED2DA21",
"UserType":2,
"Version":1,
"Workload":"Exchange",
"ClientIP":"198.51.100.1:3533",
"ObjectId":"Security Operator",
"UserId":"example@test.onmicrosoft.com",
"AppId":"497effe9-df71-4043-a8bb-14cf78c4b63b",
"AppPoolName":"MSExchangeAdminApiNetCore",
"ClientAppId":"",
"CorrelationID":"",
"ExternalAccess":false,
"OrganizationName":"test.onmicrosoft.com",
"OriginatingServer":"BL0PR06MB4945 (15.20.7519.031)",
"Parameters":[{
"Name":"Identity",
"Value":"56882e99-c987-4492-aded-48e8bb029d3a"
},{
"Name":"Description",
"Value":"Membership in this role group is synchronized across services and managed centrally. This role group is not manageable through Microsoft Exchange or Security and Compliance Center (SCC). Members of this role group may include cross-service administrators that have access beyond Exchange and SCC. By default, this group is not assigned any roles. However, it will be a member of the 'Records Management' and 'Compliance Management' role groups in Exchange and 'Compliance Data Administrator' role group in SCC. It will inherit the permissions of these role groups."
},{
"Name":"Name",
"Value":"Security Operator Test"
}],
"RequestId":"aadf0312-2bee-a4ec-e212-23b4c6ebf90d",
"SessionId":"d15707db-ca84-4096-be63-c6126b7391d5"
}
Removes or deletes a role.
Removes or deletes a role.
{
"AppAccessContext":{
"IssuedAtTime":"2024-05-01T03:56:21",
"UniqueTokenId":"XeDaLWgRe1rsdtbkm15SAw"
},
"CreationTime":"2024-05-01T04:07:35",
"Id":"e7305c7e-6db5-410e-e973-08dc69943bab",
"Operation":"Remove-RoleGroup",
"OrganizationId":"8326222c-5c86-45a1-b768-561ad270c694",
"RecordType":1,
"ResultStatus":"True",
"UserKey":"100320015ED2DA21",
"UserType":2,
"Version":1,
"Workload":"Exchange",
"ClientIP":"198.51.100.1:8259",
"ObjectId":"Test Role Group",
"UserId":"example@test.onmicrosoft.com",
"AppId":"497effe9-df71-4043-a8bb-14cf78c4b63b",
"AppPoolName":"MSExchangeAdminApiNetCore",
"ClientAppId":"",
"CorrelationID":"",
"ExternalAccess":false,
"OrganizationName":"test.onmicrosoft.com",
"OriginatingServer":"BL0PR06MB4945 (15.20.7519.031)",
"Parameters":[{
"Name":"Identity",
"Value":"def12b29-0bac-42d0-8d75-fbfcfa3536cc"
}],
"RequestId":"3d63ba16-ade5-b4a1-eb17-b9ad63c5554f",
"SessionId":"273fa545-05fe-4d22-af37-fa899f0b91ca"
}
Adds a permission to a resource.
Adds a permission to a resource.
{
"AppAccessContext":{
"IssuedAtTime":"2024-05-01T03:56:21",
"UniqueTokenId":"XeDaLWgRe1rsdtbkm15SAw"
},
"CreationTime":"2024-05-01T04:06:31",
"Id":"3f044723-212c-4b70-966f-08dc6994156a",
"Operation":"New-ManagementRoleAssignment",
"OrganizationId":"8326222c-5c86-45a1-b768-561ad270c694",
"RecordType":1,
"ResultStatus":"True",
"UserKey":"100320015ED2DA21",
"UserType":2,
"Version":1,
"Workload":"Exchange",
"ClientIP":"198.51.100.1:8259",
"ObjectId":"test.onmicrosoft.com\\Audit Logs-Test Role Group",
"UserId":"example@test.onmicrosoft.com",
"AppId":"497effe9-df71-4043-a8bb-14cf78c4b63b",
"AppPoolName":"MSExchangeAdminApiNetCore",
"ClientAppId":"",
"CorrelationID":"",
"ExternalAccess":false,
"OrganizationName":"test.onmicrosoft.com",
"OriginatingServer":"BL0PR06MB4945 (15.20.7519.031)",
"Parameters":[{
"Name":"Role",
"Value":"Audit Logs"
},{
"Name":"SecurityGroup",
"Value":"def12b29-0bac-42d0-8d75-fbfcfa3536cc"
}],
"RequestId":"f975c651-1df4-8b35-d560-2cb34a0f4c0f",
"SessionId":"c73392a1-6d2e-42f5-ace1-f3965111e109"
}
Removes a permission from a resource.
Removes a permission from a resource.
{
"AppAccessContext":{
"IssuedAtTime":"2024-05-01T03:56:21",
"UniqueTokenId":"XeDaLWgRe1rsdtbkm15SAw"
},
"CreationTime":"2024-05-01T04:06:22",
"Id":"159c17b5-7735-4d7f-d5a5-08dc69941015",
"Operation":"Remove-ManagementRoleAssignment",
"OrganizationId":"8326222c-5c86-45a1-b768-561ad270c694",
"RecordType":1,
"ResultStatus":"True",
"UserKey":"100320015ED2DA21",
"UserType":2,
"Version":1,
"Workload":"Exchange",
"ClientIP":"198.51.100.1:8259",
"ObjectId":"Address Lists-Test Role Group",
"UserId":"example@test.onmicrosoft.com",
"AppId":"497effe9-df71-4043-a8bb-14cf78c4b63b",
"AppPoolName":"MSExchangeAdminApiNetCore",
"ClientAppId":"",
"CorrelationID":"",
"ExternalAccess":false,
"OrganizationName":"test.onmicrosoft.com",
"OriginatingServer":"BL0PR06MB4945 (15.20.7519.031)",
"Parameters":[{
"Name":"Identity",
"Value":"379109cd-46a3-4a83-bfa9-6e4fbaf88531"
}],
"RequestId":"4e7af3ce-88f6-b205-007b-3abd6ecfc56d",
"SessionId":"d15707db-ca84-4096-be63-c6126b7391d5"
}
A MFA enrollment was added to an account.
A MFA enrollment was added to an account.
A MFA enrollment was removed from an account.
A MFA enrollment was removed from an account.
Events (8)
Creates a security configuration policy or enables settings.
Creates a security configuration policy or enables settings.
{
"AppAccessContext":{
"IssuedAtTime":"2024-05-01T04:41:30",
"UniqueTokenId":"XeDaLWgRe1rsdtbkm15SAw"
},
"CreationTime":"2024-05-01T04:47:03",
"Id":"02a67a6e-bddc-4a8b-bd8a-08dc6999bf35",
"Operation":"New-HostedContentFilterPolicy",
"OrganizationId":"8326222c-5c86-45a1-b768-561ad270c694",
"RecordType":1,
"ResultStatus":"True",
"UserKey":"100320015ED2DA21",
"UserType":2,
"Version":1,
"Workload":"Exchange",
"ClientIP":"198.51.100.1:10521",
"ObjectId":"test.onmicrosoft.com\\Inbound Spam",
"UserId":"example@test.onmicrosoft.com",
"AppId":"80ccca67-54bd-44ab-8625-4b79c4dc7775",
"AppPoolName":"MSExchangeAdminApiNetCore",
"ClientAppId":"",
"CorrelationID":"",
"ExternalAccess":false,
"OrganizationName":"test.onmicrosoft.com",
"OriginatingServer":"DM6PR06MB4844 (15.20.7544.013)",
"Parameters":[{
"Name":"MarkAsSpamEmptyMessages",
"Value":"Off"
},{
"Name":"TestModeBccToRecipients",
"Value":""
},{
"Name":"EnableLanguageBlockList",
"Value":"False"
},{
"Name":"MarkAsSpamFromAddressAuthFail",
"Value":"Off"
},{
"Name":"MarkAsSpamEmbedTagsInHtml",
"Value":"Off"
},{
"Name":"ModifySubjectValue",
"Value":""
},{
"Name":"MarkAsSpamNdrBackscatter",
"Value":"Off"
},{
"Name":"QuarantineRetentionPeriod",
"Value":"15"
},{
"Name":"AdminDisplayName",
"Value":""
},{
"Name":"MarkAsSpamWebBugsInHtml",
"Value":"Off"
},{
"Name":"TestModeAction",
"Value":"None"
},{
"Name":"SpamZapEnabled",
"Value":"True"
},{
"Name":"BlockedSenderDomains",
"Value":""
},{
"Name":"EnableRegionBlockList",
"Value":"False"
},{
"Name":"PhishQuarantineTag",
"Value":"DefaultFullAccessPolicy"
},{
"Name":"HighConfidencePhishAction",
"Value":"Quarantine"
},{
"Name":"MarkAsSpamFramesInHtml",
"Value":"Off"
},{
"Name":"RecommendedPolicyType",
"Value":"Custom"
},{
"Name":"HighConfidenceSpamQuarantineTag",
"Value":""
},{
"Name":"LanguageBlockList",
"Value":""
},{
"Name":"PhishZapEnabled",
"Value":"True"
},{
"Name":"HighConfidenceSpamAction",
"Value":"MoveToJmf"
},{
"Name":"SpamQuarantineTag",
"Value":""
},{
"Name":"RedirectToRecipients",
"Value":""
},{
"Name":"MarkAsSpamFormTagsInHtml",
"Value":"Off"
},{
"Name":"AllowedSenderDomains",
"Value":""
},{
"Name":"Name",
"Value":"Inbound Spam"
},{
"Name":"IncreaseScoreWithRedirectToOtherPort",
"Value":"Off"
},{
"Name":"BulkSpamAction",
"Value":"MoveToJmf"
},{
"Name":"AddXHeaderValue",
"Value":""
},{
"Name":"MarkAsSpamBulkMail",
"Value":"On"
},{
"Name":"HighConfidencePhishQuarantineTag",
"Value":"AdminOnlyAccessPolicy"
},{
"Name":"RegionBlockList",
"Value":""
},{
"Name":"BlockedSenders",
"Value":""
},{
"Name":"BulkQuarantineTag",
"Value":""
},{
"Name":"MarkAsSpamObjectTagsInHtml",
"Value":"Off"
},{
"Name":"IncreaseScoreWithBizOrInfoUrls",
"Value":"Off"
},{
"Name":"MarkAsSpamJavaScriptInHtml",
"Value":"Off"
},{
"Name":"MarkAsSpamSensitiveWordList",
"Value":"Off"
},{
"Name":"PhishSpamAction",
"Value":"Quarantine"
},{
"Name":"InlineSafetyTipsEnabled",
"Value":"True"
},{
"Name":"IncreaseScoreWithImageLinks",
"Value":"Off"
},{
"Name":"BulkThreshold",
"Value":"7"
},{
"Name":"MarkAsSpamSpfRecordHardFail",
"Value":"Off"
},{
"Name":"AllowedSenders",
"Value":""
},{
"Name":"SpamAction",
"Value":"MoveToJmf"
},{
"Name":"IncreaseScoreWithNumericIps",
"Value":"Off"
}],
"RequestId":"ff34430c-1050-0ab8-672d-4ff36901a536",
"SessionId":"d15707db-ca84-4096-be63-c6126b7391d5"
}
Reads a security configuration policy or settings.
Reads a security configuration policy or settings.
Updates a security configuration policy or settings.
Updates a security configuration policy or settings.
{
"AppAccessContext":{
"IssuedAtTime":"2024-05-01T04:41:30",
"UniqueTokenId":"XeDaLWgRe1rsdtbkm15SAw"
},
"CreationTime":"2024-05-01T04:47:36",
"Id":"c3d67096-6e45-4642-6454-08dc6999d2cd",
"Operation":"Set-HostedContentFilterPolicy",
"OrganizationId":"8326222c-5c86-45a1-b768-561ad270c694",
"RecordType":1,
"ResultStatus":"True",
"UserKey":"100320015ED2DA21",
"UserType":2,
"Version":1,
"Workload":"Exchange",
"ClientIP":"198.51.100.1:27251",
"ObjectId":"Inbound Spam",
"UserId":"example@test.onmicrosoft.com",
"AppId":"80ccca67-54bd-44ab-8625-4b79c4dc7775",
"AppPoolName":"MSExchangeAdminApiNetCore",
"ClientAppId":"",
"CorrelationID":"",
"ExternalAccess":false,
"OrganizationName":"test.onmicrosoft.com",
"OriginatingServer":"DM6PR06MB4844 (15.20.7544.013)",
"Parameters":[{
"Name":"MarkAsSpamEmptyMessages",
"Value":"Off"
},{
"Name":"EnableLanguageBlockList",
"Value":"False"
},{
"Name":"MarkAsSpamFromAddressAuthFail",
"Value":"On"
},{
"Name":"MarkAsSpamEmbedTagsInHtml",
"Value":"Off"
},{
"Name":"ModifySubjectValue",
"Value":""
},{
"Name":"IntraOrgFilterState",
"Value":"Default"
},{
"Name":"MarkAsSpamNdrBackscatter",
"Value":"On"
},{
"Name":"AdminDisplayName",
"Value":""
},{
"Name":"MarkAsSpamFormTagsInHtml",
"Value":"Off"
},{
"Name":"MarkAsSpamWebBugsInHtml",
"Value":"Off"
},{
"Name":"TestModeAction",
"Value":"None"
},{
"Name":"SpamZapEnabled",
"Value":"True"
},{
"Name":"Identity",
"Value":"Inbound Spam"
},{
"Name":"BlockedSenderDomains",
"Value":""
},{
"Name":"EnableRegionBlockList",
"Value":"False"
},{
"Name":"PhishQuarantineTag",
"Value":"DefaultFullAccessPolicy"
},{
"Name":"HighConfidencePhishAction",
"Value":"Quarantine"
},{
"Name":"MarkAsSpamFramesInHtml",
"Value":"Off"
},{
"Name":"HighConfidenceSpamQuarantineTag",
"Value":"DefaultFullAccessPolicy"
},{
"Name":"LanguageBlockList",
"Value":""
},{
"Name":"PhishZapEnabled",
"Value":"True"
},{
"Name":"DownloadLink",
"Value":"False"
},{
"Name":"HighConfidenceSpamAction",
"Value":"MoveToJmf"
},{
"Name":"SpamQuarantineTag",
"Value":"DefaultFullAccessPolicy"
},{
"Name":"RedirectToRecipients",
"Value":""
},{
"Name":"TestModeBccToRecipients",
"Value":""
},{
"Name":"AllowedSenderDomains",
"Value":""
},{
"Name":"IncreaseScoreWithRedirectToOtherPort",
"Value":"Off"
},{
"Name":"BulkSpamAction",
"Value":"MoveToJmf"
},{
"Name":"AddXHeaderValue",
"Value":""
},{
"Name":"QuarantineRetentionPeriod",
"Value":"15"
},{
"Name":"HighConfidencePhishQuarantineTag",
"Value":"AdminOnlyAccessPolicy"
},{
"Name":"RegionBlockList",
"Value":""
},{
"Name":"BlockedSenders",
"Value":""
},{
"Name":"BulkQuarantineTag",
"Value":"DefaultFullAccessPolicy"
},{
"Name":"MarkAsSpamObjectTagsInHtml",
"Value":"Off"
},{
"Name":"IncreaseScoreWithBizOrInfoUrls",
"Value":"Off"
},{
"Name":"MarkAsSpamJavaScriptInHtml",
"Value":"Off"
},{
"Name":"MarkAsSpamSensitiveWordList",
"Value":"Off"
},{
"Name":"PhishSpamAction",
"Value":"Quarantine"
},{
"Name":"InlineSafetyTipsEnabled",
"Value":"True"
},{
"Name":"IncreaseScoreWithImageLinks",
"Value":"Off"
},{
"Name":"MarkAsSpamBulkMail",
"Value":"On"
},{
"Name":"BulkThreshold",
"Value":"7"
},{
"Name":"MarkAsSpamSpfRecordHardFail",
"Value":"Off"
},{
"Name":"AllowedSenders",
"Value":""
},{
"Name":"SpamAction",
"Value":"MoveToJmf"
},{
"Name":"IncreaseScoreWithNumericIps",
"Value":"Off"
}],
"RequestId":"60356c4d-fe0b-a381-1840-3cd0eb74e865",
"SessionId":"d15707db-ca84-4096-be63-c6126b7391d5"
}
Removes or deletes a security configuration policy or setting.
Removes or deletes a security configuration policy or setting.
{
"AppAccessContext":{
"IssuedAtTime":"2024-05-01T04:41:30",
"UniqueTokenId":"XeDaLWgRe1rsdtbkm15SAw"
},
"CreationTime":"2024-05-01T04:48:06",
"Id":"646780a6-8b79-4310-9f6e-08dc6999e476",
"Operation":"Remove-HostedContentFilterPolicy",
"OrganizationId":"8326222c-5c86-45a1-b768-561ad270c694",
"RecordType":1,
"ResultStatus":"True",
"UserKey":"100320015ED2DA21",
"UserType":2,
"Version":1,
"Workload":"Exchange",
"ClientIP":"198.51.100.1:11212",
"ObjectId":"Inbound Spam",
"UserId":"example@test.onmicrosoft.com",
"AppId":"80ccca67-54bd-44ab-8625-4b79c4dc7775",
"AppPoolName":"MSExchangeAdminApiNetCore",
"ClientAppId":"",
"CorrelationID":"",
"ExternalAccess":false,
"OrganizationName":"test.onmicrosoft.com",
"OriginatingServer":"DM6PR06MB4844 (15.20.7544.013)",
"Parameters":[{
"Name":"Identity",
"Value":"Inbound Spam"
}],
"RequestId":"27f63301-2d1e-13f2-24e3-17b499983d95",
"SessionId":"d15707db-ca84-4096-be63-c6126b7391d5"
}
Creates a new integration.
Creates a new integration.
{
"AppAccessContext":{
"UniqueTokenId":"6e1c5a56-fb53-46ae-8b6d-24988bdcced2"
},
"CreationTime":"2024-05-01T01:11:16",
"Id":"323fd199-99bb-4bd5-5ca7-08dc697b9a0c",
"Operation":"New-App",
"OrganizationId":"8326222c-5c86-45a1-b768-561ad270c694",
"RecordType":1,
"ResultStatus":"True",
"UserKey":"NT AUTHORITY\\SYSTEM (Microsoft.Exchange.AdminApi.NetCore)",
"UserType":3,
"Version":1,
"Workload":"Exchange",
"ClientIP":"198.51.100.1:14804",
"ObjectId":"\\fe93bfe1-7947-460a-a5e0-7a5906b51360",
"UserId":"NT AUTHORITY\\SYSTEM (Microsoft.Exchange.AdminApi.NetCore)",
"AppId":"3c896ded-22c5-450f-91f6-3d1ef0848f6e",
"AppPoolName":"MSExchangeAdminApiNetCore",
"ClientAppId":"6e1c5a56-fb53-46ae-8b6d-24988bdcced2",
"CorrelationID":"",
"ExternalAccess":true,
"OrganizationName":"test.onmicrosoft.com",
"OriginatingServer":"BL0PR06MB4945 (15.20.7519.031)",
"Parameters":[{
"Name":"DefaultStateForUser",
"Value":"Enabled"
},{
"Name":"Enabled",
"Value":"True"
},{
"Name":"FileData",
"Value":"PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4NCjwhLS1DcmVhdGVkOmNiODViODBjLWY1OA==..."
},{
"Name":"OrganizationApp",
"Value":"True"
},{
"Name":"Organization",
"Value":"test.onmicrosoft.com"
}],
"RequestId":"28c1fbd6-98d3-4ee9-8411-d4ced8ae313a",
"SessionId":""
}
Reads an existing integration.
Reads an existing integration.
Updates an existing integration.
Updates an existing integration.
{
"AppAccessContext":{
"IssuedAtTime":"2024-04-29T19:52:05",
"UniqueTokenId":"XeDaLWgRe1rsdtbkm15SAw"
},
"CreationTime":"2024-04-30T15:48:21",
"Id":"ba11eba1-fd2a-4091-9356-08dc692cf680",
"Operation":"Enable-App",
"OrganizationId":"8326222c-5c86-45a1-b768-561ad270c694",
"RecordType":1,
"ResultStatus":"True",
"UserKey":"100320015ED2DA21",
"UserType":2,
"Version":1,
"Workload":"Exchange",
"ClientIP":"198.51.100.1:56377",
"ObjectId":"e06a29d3-3e3c-4f6a-8ae5-17cac1719f14\\fe93bfe1-7947-460a-a5e0-7a5906b51360",
"UserId":"example@test.onmicrosoft.com",
"AppId":"fb78d390-0c51-40cd-8e17-fdbfab77341b",
"AppPoolName":"MSExchangeAdminApiNetCore",
"ClientAppId":"",
"CorrelationID":"",
"ExternalAccess":false,
"OrganizationName":"test.onmicrosoft.com",
"OriginatingServer":"BL0PR06MB4835 (15.20.7519.031)",
"Parameters":[{
"Name":"Identity",
"Value":"fe93bfe1-7947-460a-a5e0-7a5906b51360"
},{
"Name":"Mailbox",
"Value":"test4@test.onmicrosoft.com"
}],
"RequestId":"9e2c2638-a684-07dc-91d9-71366f88e271",
"SessionId":"d15707db-ca84-4096-be63-c6126b7391d5"
}
Removes or deletes an existing integration.
Removes or deletes an existing integration.
{
"AppAccessContext":{
"IssuedAtTime":"2024-04-29T19:52:05",
"UniqueTokenId":"XeDaLWgRe1rsdtbkm15SAw"
},
"CreationTime":"2024-04-30T15:49:40",
"Id":"86328dc9-8a8d-4612-2156-08dc692d25cb",
"Operation":"Remove-App",
"OrganizationId":"8326222c-5c86-45a1-b768-561ad270c694",
"RecordType":1,
"ResultStatus":"True",
"UserKey":"100320015ED2DA21",
"UserType":2,
"Version":1,
"Workload":"Exchange",
"ClientIP":"198.51.100.1:56403",
"ObjectId":"f1c08887-d776-42f8-9911-06faa5ab392f\\fe93bfe1-7947-460a-a5e0-7a5906b51360",
"UserId":"example@test.onmicrosoft.com",
"AppId":"fb78d390-0c51-40cd-8e17-fdbfab77341b",
"AppPoolName":"MSExchangeAdminApiNetCore",
"ClientAppId":"",
"CorrelationID":"",
"ExternalAccess":false,
"OrganizationName":"test.onmicrosoft.com",
"OriginatingServer":"BL0PR06MB4835 (15.20.7519.031)",
"Parameters":[{
"Name":"Identity",
"Value":"fe93bfe1-7947-460a-a5e0-7a5906b51360"
},{
"Name":"OrganizationApp",
"Value":"True"
},{
"Name":"Confirm",
"Value":"False"
}],
"RequestId":"53b9dec4-d210-788c-60cd-c365c8fd3666",
"SessionId":"d15707db-ca84-4096-be63-c6126b7391d5"
}
Events (5)
A resource was created.
A resource was created.
{
"CreationTime":"2024-04-30T01:50:44",
"Id":"b879cd77-f6df-4dd0-526a-08dc68b7f338",
"Operation":"Send",
"OrganizationId":"8326222c-5c86-45a1-b768-561ad270c694",
"RecordType":2,
"ResultStatus":"Succeeded",
"UserKey":"100320015ED2DA21",
"UserType":0,
"Version":1,
"Workload":"Exchange",
"ClientIP":"2603:1036:307:44::5",
"UserId":"test4@test.onmicrosoft.com",
"AppId":"63224634-e46c-47db-921f-42bf5bfeaf4e",
"ClientAppId":"6e1c5a56-fb53-46ae-8b6d-24988bdcced2",
"ClientIPAddress":"198.51.100.1",
"ClientInfoString":"Client=REST;Client=RESTSystem;;",
"ExternalAccess":false,
"InternalLogonType":0,
"LogonType":0,
"LogonUserSid":"S-1-5-21-1587198437-855871042-1312952668-23578732",
"MailboxGuid":"90d31cb1-d428-43a7-82cb-9ecaf526bda8",
"MailboxOwnerSid":"S-1-5-21-1587198437-855871042-1312952668-23578732",
"MailboxOwnerUPN":"test4@test.onmicrosoft.com",
"OrganizationName":"test.onmicrosoft.com",
"OriginatingServer":"SJ0PR06MB7068 (15.20.4200.000)\r\n",
"Item":{
"Attachments":"LogoM365.png (3442b); welcome_email_v3_conversations.png (12282b); welcome_email_v3_calendar.png (9778b); welcome_email_v3_files.png (10267b); welcome_email_v3_sharing_laptop.png (95913b); welcome_email_v3_onenote.png (8844b); welcome_email_v3_teamwork_laptop.png (75139b); group_photo (13165b); twitter_icon.png (2248b); salesforce.png (2742b); trello.png (1610b); jira.png (2516b); microsoft.png (2896b); arrow.png (415b)",
"Id":"RgAAAADVmE95ewSjS4ZrC2ktggLuBwBJYlPF4gPyS7/L9chR1JeWAAAAAAEPAABJYlPF4gPyS7/L9chR1JeWAAANOg+9AAAJ",
"InternetMessageId":"<SJ0PR06MB7068F00A3EE360BB9B9F05A0B81A2@SJ0PR06MB7068.namprd06.prod.outlook.com>",
"ParentFolder":{
"Id":"LgAAAADVmE95ewSjS4ZrC2ktggLuAQBJYlPF4gPyS7/L9chR1JeWAAAAAAEPAAAB",
"Path":"\\Drafts"
},
"SizeInBytes":268282,
"Subject":"Test4 added you to the Test Group 1 group"
},
"SaveToSentItems":false
}
{
"CreationTime":"2024-05-01T19:00:24",
"Id":"64922ffb-a517-43af-a0ea-737e0b67c577",
"Operation":"Create",
"OrganizationId":"8326222c-5c86-45a1-b768-561ad270c694",
"RecordType":2,
"ResultStatus":"Succeeded",
"UserKey":"100320015ED2DA21",
"UserType":0,
"Version":1,
"Workload":"Exchange",
"ClientIP":"198.51.100.1",
"UserId":"example@test.onmicrosoft.com",
"AppId":"00000002-0000-0ff1-ce00-000000000000",
"ClientIPAddress":"198.51.100.1",
"ClientInfoString":"Client=OWA;Action=ViaProxy",
"ExternalAccess":false,
"InternalLogonType":0,
"LogonType":0,
"LogonUserSid":"S-1-5-21-1587198437-855871042-1312952668-23578732",
"MailboxGuid":"90d31cb1-d428-43a7-82cb-9ecaf526bda8",
"MailboxOwnerSid":"S-1-5-21-1587198437-855871042-1312952668-23578732",
"MailboxOwnerUPN":"example@test.onmicrosoft.com",
"OrganizationName":"test.onmicrosoft.com",
"OriginatingServer":"DM6PR06MB4844 (15.20.4200.000)\r\n",
"SessionId":"c73392a1-6d2e-42f5-ace1-f3965111e109",
"Item":{
"Id":"RgAAAAAgL0dcqfr+QYkwnaCB+wwMBwBx36FMViA4QL6OjQQj0W4QAAAAAAENAABx36FMViA4QL6OjQQj0W4QAAFb0NzKAAAP",
"InternetMessageId":"<DM6PR06MB4844B915A8B9DF344FBF868ED7192@DM6PR06MB4844.namprd06.prod.outlook.com>",
"IsRecord":false,
"ParentFolder":{
"Id":"LgAAAAAgL0dcqfr+QYkwnaCB+wwMAQBx36FMViA4QL6OjQQj0W4QAAAAAAENAAAC",
"Path":"\\Calendar"
},
"SizeInBytes":6098,
"Subject":"Test Entry 2"
}
}
A resource was read.
A resource was read.
{
"CreationTime":"2024-05-01T17:24:12",
"Id":"121899a5-ff77-49a0-b344-e368a192ca4e",
"Operation":"MailItemsAccessed",
"OrganizationId":"8326222c-5c86-45a1-b768-561ad270c694",
"RecordType":50,
"ResultStatus":"Succeeded",
"UserKey":"100320015ED2DA21",
"UserType":0,
"Version":1,
"Workload":"Exchange",
"UserId":"example@test.onmicrosoft.com",
"AppId":"00000002-0000-0ff1-ce00-000000000000",
"ClientIPAddress":"198.51.100.1",
"ClientInfoString":"Client=OWA;Action=ViaProxy",
"ExternalAccess":false,
"InternalLogonType":0,
"LogonType":0,
"LogonUserSid":"S-1-5-21-1587198437-855871042-1312952668-23578732",
"MailboxGuid":"90d31cb1-d428-43a7-82cb-9ecaf526bda8",
"MailboxOwnerSid":"S-1-5-21-1587198437-855871042-1312952668-23578732",
"MailboxOwnerUPN":"example@test.onmicrosoft.com",
"OperationProperties":[{
"Name":"MailAccessType",
"Value":"Bind"
},{
"Name":"IsThrottled",
"Value":"False"
}],
"OrganizationName":"test.onmicrosoft.com",
"OriginatingServer":"DM6PR06MB4844 (15.20.4200.000)\r\n",
"SessionId":"c73392a1-6d2e-42f5-ace1-f3965111e109",
"Folders":[{
"FolderItems":[{
"Id":"RgAAAAAgL0dcqfr+QYkwnaCB+wwMBwBx36FMViA4QL6OjQQj0W4QAAAAAAEMAABx36FMViA4QL6OjQQj0W4QAAEORT/FAAAJ",
"InternetMessageId":"<3b64c23d-1d09-42db-a14e-847e7c20cb7e@CO1NAM11BG401.eop-nam11.prod.protection.outlook.com>",
"SizeInBytes":68843
}],
"Id":"LgAAAAAgL0dcqfr+QYkwnaCB+wwMAQBx36FMViA4QL6OjQQj0W4QAAAAAAEMAAAB",
"Path":"\\Inbox"
},{
"FolderItems":[{
"Id":"RgAAAAAgL0dcqfr+QYkwnaCB+wwMBwBx36FMViA4QL6OjQQj0W4QAAAAAAEJAABx36FMViA4QL6OjQQj0W4QAAErAHLaAAAJ",
"InternetMessageId":"<Share-fa260ca1-f088-5000-076e-5dff216ee852-8bf3a8c9-6c84-4d50-bfac-772d9a2c684a-be002b43-f444-4369-9a4c-1b927d261a0c-DispatchToRecipients-PreprocessPayload-r0-SendEmail@odspnotify>",
"SizeInBytes":51258
},{
"Id":"RgAAAAAgL0dcqfr+QYkwnaCB+wwMBwBx36FMViA4QL6OjQQj0W4QAAAAAAEJAABx36FMViA4QL6OjQQj0W4QAAErAHLjAAAJ",
"InternetMessageId":"<Share-40590ca1-0059-5000-002e-6582ba280cc1-cdb8a2df-27bf-4477-9e14-07ac42fe59f4-725c7be5-0afe-4c1a-ac8f-9499ed7c2659-DispatchToRecipients-PreprocessPayload-r0-SendEmail@odspnotify>",
"SizeInBytes":51854
},{
"Id":"RgAAAAAgL0dcqfr+QYkwnaCB+wwMBwBx36FMViA4QL6OjQQj0W4QAAAAAAEJAABx36FMViA4QL6OjQQj0W4QAAErAHLiAAAJ",
"InternetMessageId":"<Share-05590ca1-e07b-5000-002e-61d3e2d54929-2a0ed38c-71da-4fda-ab73-be8cace5b65f-b84488ee-32fd-414c-b689-c4a088f18cfd-DispatchToRecipients-PreprocessPayload-r0-SendEmail@odspnotify>",
"SizeInBytes":51844
},{
"Id":"RgAAAAAgL0dcqfr+QYkwnaCB+wwMBwBx36FMViA4QL6OjQQj0W4QAAAAAAEJAABx36FMViA4QL6OjQQj0W4QAAErAHLhAAAJ",
"InternetMessageId":"<Share-e3580ca1-10de-5000-002e-6500144c00a7-ad2892e9-321d-4107-a265-2578c4352ac6-d84bd92b-3723-4544-be37-75741e4f12cd-DispatchToRecipients-PreprocessPayload-r0-SendEmail@odspnotify>",
"SizeInBytes":51854
},{
"Id":"RgAAAAAgL0dcqfr+QYkwnaCB+wwMBwBx36FMViA4QL6OjQQj0W4QAAAAAAEJAABx36FMViA4QL6OjQQj0W4QAAErAHLfAAAJ",
"InternetMessageId":"<Share-2a4b0ca1-8090-5000-002e-608620e7e3bb-98b79516-151c-4a43-b394-f522f34cb537-0cfb15fa-b2c7-4226-b20d-4b9b15007844-DispatchToRecipients-PreprocessPayload-r0-SendEmail@odspnotify>",
"SizeInBytes":51821
},{
"Id":"RgAAAAAgL0dcqfr+QYkwnaCB+wwMBwBx36FMViA4QL6OjQQj0W4QAAAAAAEJAABx36FMViA4QL6OjQQj0W4QAAErAHLcAAAJ",
"InternetMessageId":"<Share-4e270ca1-2084-4000-d966-c5768aef30b1-c04a7cd6-2ec7-498e-b0f9-0fc821693b88-4595fc54-514c-4550-9684-245a97d76ceb-DispatchToRecipients-PreprocessPayload-r0-SendEmail@odspnotify>",
"SizeInBytes":50892
},{
"Id":"RgAAAAAgL0dcqfr+QYkwnaCB+wwMBwBx36FMViA4QL6OjQQj0W4QAAAAAAEJAABx36FMViA4QL6OjQQj0W4QAAB+0FwBAAAJ",
"InternetMessageId":"<odspmicro-Share-0e00b8a0-80a1-3000-a0d4-731f58e6eed1-2c744e41-f54d-47ec-a9db-4f77b3a242ae-346559c5-37cc-4251-850d-c5b77406336d-DispatchToRecipients-PreprocessPayload-r0-SendEmail@142E6560D08B>",
"SizeInBytes":53663
},{
"Id":"RgAAAAAgL0dcqfr+QYkwnaCB+wwMBwBx36FMViA4QL6OjQQj0W4QAAAAAAEJAABx36FMViA4QL6OjQQj0W4QAAE4b96cAAAJ",
"InternetMessageId":"<Share-d0bd12a1-102a-5000-076e-5593148f9444-2078f187-0c3b-402b-b06a-fed510c0d20c-4cb255bc-096a-438e-b43f-638f8f632824-DispatchToRecipients-PreprocessPayload-r0-SendEmail@odspnotify>",
"SizeInBytes":47826
},{
"Id":"RgAAAAAgL0dcqfr+QYkwnaCB+wwMBwBx36FMViA4QL6OjQQj0W4QAAAAAAEJAABx36FMViA4QL6OjQQj0W4QAAE4b96bAAAJ",
"InternetMessageId":"<Share-c6bd12a1-204a-5000-0ea1-59536b5f1b95-fe36bb80-8416-4235-8628-2497d71e9df3-3057687e-93de-47cb-b2c6-82e17a79c9a5-DispatchToRecipients-PreprocessPayload-r0-SendEmail@odspnotify>",
"SizeInBytes":47825
}],
"Id":"LgAAAAAgL0dcqfr+QYkwnaCB+wwMAQBx36FMViA4QL6OjQQj0W4QAAAAAAEJAAAB",
"Path":"\\Sent Items"
}],
"OperationCount":10
}
A resource was updated.
A resource was updated.
{
"CreationTime":"2024-05-01T19:00:32",
"Id":"0b41bd99-5ab2-4d17-359c-08dc6a10f9ac",
"Operation":"Update",
"OrganizationId":"8326222c-5c86-45a1-b768-561ad270c694",
"RecordType":2,
"ResultStatus":"Succeeded",
"UserKey":"100320015ED2DA21",
"UserType":0,
"Version":1,
"Workload":"Exchange",
"ClientIP":"198.51.100.1",
"UserId":"example@test.onmicrosoft.com",
"AppId":"00000002-0000-0ff1-ce00-000000000000",
"ClientIPAddress":"198.51.100.1",
"ClientInfoString":"Client=OWA;Action=ViaProxy",
"ExternalAccess":false,
"InternalLogonType":0,
"LogonType":0,
"LogonUserSid":"S-1-5-21-1587198437-855871042-1312952668-23578732",
"MailboxGuid":"90d31cb1-d428-43a7-82cb-9ecaf526bda8",
"MailboxOwnerSid":"S-1-5-21-1587198437-855871042-1312952668-23578732",
"MailboxOwnerUPN":"example@test.onmicrosoft.com",
"OrganizationName":"test.onmicrosoft.com",
"OriginatingServer":"DM6PR06MB4844 (15.20.4200.000)\r\n",
"SessionId":"c73392a1-6d2e-42f5-ace1-f3965111e109",
"Item":{
"Id":"RgAAAAAgL0dcqfr+QYkwnaCB+wwMBwBx36FMViA4QL6OjQQj0W4QAAAAAAENAABx36FMViA4QL6OjQQj0W4QAAFb0NzJAAAP",
"InternetMessageId":"<DM6PR06MB4844135DDF8FB5589A0935CAD7192@DM6PR06MB4844.namprd06.prod.outlook.com>",
"IsRecord":false,
"ParentFolder":{
"Id":"LgAAAAAgL0dcqfr+QYkwnaCB+wwMAQBx36FMViA4QL6OjQQj0W4QAAAAAAENAAAC",
"Path":"\\Calendar"
},
"SizeInBytes":6758,
"Subject":"Test Calender Entry 24"
},
"ModifiedProperties":["MapiEndTime","MapiPREndDate","MapiStartTime","MapiPRStartDate","MapiSubject","NormalizedSubjectInternal"]
}
A resource was removed or deleted.
A resource was removed or deleted.
{
"CreationTime":"2024-05-01T17:24:22",
"Id":"400c8963-12c3-417e-3e2c-08dc6a038ac8",
"Operation":"MoveToDeletedItems",
"OrganizationId":"8326222c-5c86-45a1-b768-561ad270c694",
"RecordType":3,
"ResultStatus":"Succeeded",
"UserKey":"100320015ED2DA21",
"UserType":0,
"Version":1,
"Workload":"Exchange",
"ClientIP":"198.51.100.1",
"UserId":"example@test.onmicrosoft.com",
"AppId":"00000002-0000-0ff1-ce00-000000000000",
"ClientIPAddress":"198.51.100.1",
"ClientInfoString":"Client=OWA;Action=ViaProxy",
"ExternalAccess":false,
"InternalLogonType":0,
"LogonType":0,
"LogonUserSid":"S-1-5-21-1587198437-855871042-1312952668-23578732",
"MailboxGuid":"90d31cb1-d428-43a7-82cb-9ecaf526bda8",
"MailboxOwnerSid":"S-1-5-21-1587198437-855871042-1312952668-23578732",
"MailboxOwnerUPN":"example@test.onmicrosoft.com",
"OrganizationName":"test.onmicrosoft.com",
"OriginatingServer":"DM6PR06MB4844 (15.20.4200.000)\r\n",
"SessionId":"c73392a1-6d2e-42f5-ace1-f3965111e109",
"AffectedItems":[{
"Id":"RgAAAAAgL0dcqfr+QYkwnaCB+wwMBwBx36FMViA4QL6OjQQj0W4QAAAAAAEMAABx36FMViA4QL6OjQQj0W4QAAFas18+AAAJ",
"InternetMessageId":"<SJ0PR06MB7068F4D6BE10AC2D8368FC41B81A2@SJ0PR06MB7068.namprd06.prod.outlook.com>",
"ParentFolder":{
"Id":"LgAAAAAgL0dcqfr+QYkwnaCB+wwMAQBx36FMViA4QL6OjQQj0W4QAAAAAAEMAAAB",
"Path":"\\Inbox"
},
"Subject":"Test Message"
}],
"CrossMailboxOperation":false,
"DestFolder":{
"Id":"LgAAAAAgL0dcqfr+QYkwnaCB+wwMAQBx36FMViA4QL6OjQQj0W4QAAAAAAEKAAAB",
"Path":"\\Deleted Items"
},
"Folder":{
"Id":"LgAAAAAgL0dcqfr+QYkwnaCB+wwMAQBx36FMViA4QL6OjQQj0W4QAAAAAAEMAAAB",
"Path":"\\Inbox"
}
}
{
"CreationTime":"2024-05-01T19:21:16",
"Id":"e1fb94cb-2adc-4b4c-98bd-08dc6a13df45",
"Operation":"MoveToDeletedItems",
"OrganizationId":"8326222c-5c86-45a1-b768-561ad270c694",
"RecordType":3,
"ResultStatus":"Succeeded",
"UserKey":"100320015ED2DA21",
"UserType":0,
"Version":1,
"Workload":"Exchange",
"ClientIP":"198.51.100.1",
"UserId":"example@test.onmicrosoft.com",
"AppId":"00000002-0000-0ff1-ce00-000000000000",
"ClientIPAddress":"198.51.100.1",
"ClientInfoString":"Client=OWA;Action=ViaProxy",
"ExternalAccess":false,
"InternalLogonType":0,
"LogonType":0,
"LogonUserSid":"S-1-5-21-1587198437-855871042-1312952668-23578732",
"MailboxGuid":"90d31cb1-d428-43a7-82cb-9ecaf526bda8",
"MailboxOwnerSid":"S-1-5-21-1587198437-855871042-1312952668-23578732",
"MailboxOwnerUPN":"example@test.onmicrosoft.com",
"OrganizationName":"test.onmicrosoft.com",
"OriginatingServer":"DM6PR06MB4844 (15.20.4200.000)\r\n",
"SessionId":"c73392a1-6d2e-42f5-ace1-f3965111e109",
"AffectedItems":[{
"Id":"RgAAAAAgL0dcqfr+QYkwnaCB+wwMBwBx36FMViA4QL6OjQQj0W4QAAAAAAENAABx36FMViA4QL6OjQQj0W4QAAFb0NzJAAAA",
"InternetMessageId":"<DM6PR06MB4844135DDF8FB5589A0935CAD7192@DM6PR06MB4844.namprd06.prod.outlook.com>",
"ParentFolder":{
"Id":"LgAAAAAgL0dcqfr+QYkwnaCB+wwMAQBx36FMViA4QL6OjQQj0W4QAAAAAAENAAAC",
"Path":"\\Calendar"
},
"Subject":"Test Calender Entry 24"
}],
"CrossMailboxOperation":false,
"DestFolder":{
"Id":"LgAAAAAgL0dcqfr+QYkwnaCB+wwMAQBx36FMViA4QL6OjQQj0W4QAAAAAAEKAAAB",
"Path":"\\Deleted Items"
},
"Folder":{
"Id":"LgAAAAAgL0dcqfr+QYkwnaCB+wwMAQBx36FMViA4QL6OjQQj0W4QAAAAAAENAAAC",
"Path":"\\Calendar"
}
}
A resource was downloaded.
A resource was downloaded.
Includes logs for Exchange administration and mailbox activities.
Storage Duration: 180 days
Minimum retention is 180 days, but organizations can set a retention policy up to 10 years dependent on licensing, reference https://learn.microsoft.com/en-us/purview/audit-log-retention-policies
Duration: Typically 60 to 90 minutes after an event occurs.
Minimum retention is 180 days, but organizations can set a retention policy up to 10 years dependent on licensing, reference https://learn.microsoft.com/en-us/purview/audit-log-retention-policies
Events (3)
An account attempted to login to a system.
An account attempted to login to a system.
An account attempted to logout of a system.
An account attempted to logout of a system.
Enter or acknowledge an MFA factor which indicates success or failure.
Enter or acknowledge an MFA factor which indicates success or failure.
Events (18)
Creates a user.
Creates a user.
Reads information about a user.
Reads information about a user.
Updates information about a user.
Updates information about a user.
Removes or deletes a user.
Removes or deletes a user.
Creates a logical group.
Creates a logical group.
{
"AppAccessContext":{
"IssuedAtTime":"2024-05-03T15:29:06",
"UniqueTokenId":"XeDaLWgRe1rsdtbkm15SAw"
},
"CreationTime":"2024-05-03T15:34:16",
"Id":"64ecdac9-543e-4046-99be-087dd56c2150",
"Operation":"TeamCreated",
"OrganizationId":"8326222c-5c86-45a1-b768-561ad270c694",
"RecordType":25,
"UserKey":"f1c08887-d776-42f8-9911-06faa5ab392f",
"UserType":2,
"Version":1,
"Workload":"MicrosoftTeams",
"UserId":"example@test.onmicrosoft.com",
"TeamGuid":"19:ni2H9QQogRGdOxflsO1Y_JGNwcM_g2bmD6ng483GF_41@thread.tacv2",
"TeamName":"New Team 1"
}
Reads a group.
Reads a group.
Updates a group.
Updates a group.
{
"AppAccessContext":{
"IssuedAtTime":"2024-05-02T21:11:45",
"UniqueTokenId":"XeDaLWgRe1rsdtbkm15SAw"
},
"CreationTime":"2024-05-03T15:50:19",
"Id":"2c658d54-4fc9-477f-b98c-48500df799b4",
"Operation":"TeamSettingChanged",
"OrganizationId":"8326222c-5c86-45a1-b768-561ad270c694",
"RecordType":25,
"UserKey":"f1c08887-d776-42f8-9911-06faa5ab392f",
"UserType":0,
"Version":1,
"Workload":"MicrosoftTeams",
"UserId":"example@test.onmicrosoft.com",
"Name":"Team name",
"TeamGuid":"19:908b4ca6d6d84b989347b8427e5048ce@thread.tacv2",
"NewValue":"Test Updated Team Name",
"OldValue":"Digital Initiative Public Relations",
"TeamName":"Test Updated Team Name"
}
Removes or deletes a group.
Removes or deletes a group.
{
"AppAccessContext":{
"IssuedAtTime":"2024-05-02T21:26:11",
"UniqueTokenId":"XeDaLWgRe1rsdtbkm15SAw"
},
"CreationTime":"2024-05-03T15:33:02",
"Id":"6718936a-de28-4f7d-9b40-29256adfca43",
"Operation":"TeamDeleted",
"OrganizationId":"8326222c-5c86-45a1-b768-561ad270c694",
"RecordType":25,
"UserKey":"62b732f7-fc71-40bc-b27d-35efcb0509de",
"UserType":5,
"Version":1,
"Workload":"MicrosoftTeams",
"UserId":"Microsoft Teams Sync",
"TeamGuid":"19:xd7VhKaazsuwrJCpopRmHA1KCyC00Iftn7mqR-fV_ik1@thread.tacv2",
"TeamName":"Test Group 200"
}
Adds a service, user or account to a group.
Adds a service, user or account to a group.
{
"CreationTime":"2024-05-01T05:10:10",
"Id":"d84f2254-5d4b-5274-91ad-6729e781821f",
"Operation":"MemberAdded",
"OrganizationId":"8326222c-5c86-45a1-b768-561ad270c694",
"RecordType":25,
"UserKey":"f1c08887-d776-42f8-9911-06faa5ab392f",
"UserType":0,
"Version":1,
"Workload":"MicrosoftTeams",
"UserId":"example@test.onmicrosoft.com",
"AADGroupId":"a86f3642-1b11-468d-aaa3-8398902bd512",
"CommunicationType":"Team",
"ExtraProperties":[],
"Members":[{
"OrganizationId":"8326222c-5c86-45a1-b768-561ad270c694",
"DisplayName":"Alex Wilber",
"Role":1,
"UPN":"AlexW@test.onmicrosoft.com"
}],
"ParticipantInfo":{
"HasForeignTenantUsers":false,
"HasGuestUsers":false,
"HasUnauthenticatedUsers":false,
"ParticipatingDomains":[],
"ParticipatingSIPDomains":[]
},
"ResourceTenantId":"8326222c-5c86-45a1-b768-561ad270c694",
"TeamGuid":"19:xd7VhKaazsuwrJCpopRmHA1KCyC00Iftn7mqR-fV_ik1@thread.tacv2",
"ItemName":"Test Group 100",
"TeamName":"Test Group 100"
}
Removes a service, user or account from a group.
Removes a service, user or account from a group.
{
"CreationTime":"2024-05-03T15:49:22",
"Id":"a7c73bdd-0302-533a-bff4-97d64dc681a9",
"Operation":"MemberRemoved",
"OrganizationId":"8326222c-5c86-45a1-b768-561ad270c694",
"RecordType":25,
"UserKey":"f1c08887-d776-42f8-9911-06faa5ab392f",
"UserType":0,
"Version":1,
"Workload":"MicrosoftTeams",
"UserId":"example@test.onmicrosoft.com",
"AADGroupId":"21492354-b302-4664-ae50-bf7e27cabc0e",
"CommunicationType":"Team",
"ExtraProperties":[],
"Members":[{
"OrganizationId":"8326222c-5c86-45a1-b768-561ad270c694",
"DisplayName":"Pradeep Gupta",
"Role":1,
"UPN":"PradeepG@test.onmicrosoft.com"
}],
"ParticipantInfo":{
"HasForeignTenantUsers":false,
"HasGuestUsers":false,
"HasUnauthenticatedUsers":false,
"ParticipatingDomains":[],
"ParticipatingSIPDomains":[]
},
"ResourceTenantId":"8326222c-5c86-45a1-b768-561ad270c694",
"TeamGuid":"19:fdeeeb50e13d4630ac6be879c2318b53@thread.tacv2",
"ItemName":"U.S. Sales Updated v2",
"TeamName":"U.S. Sales Updated v2"
}
Creates a new role.
Creates a new role.
Reads a role.
Reads a role.
Updates a role.
Updates a role.
Removes or deletes a role.
Removes or deletes a role.
Adds a permission to a resource.
Adds a permission to a resource.
Removes a permission from a resource.
Removes a permission from a resource.
A MFA enrollment was added to an account.
A MFA enrollment was added to an account.
A MFA enrollment was removed from an account.
A MFA enrollment was removed from an account.
Events (8)
Creates a security configuration policy or enables settings.
Creates a security configuration policy or enables settings.
Reads a security configuration policy or settings.
Reads a security configuration policy or settings.
Updates a security configuration policy or settings.
Updates a security configuration policy or settings.
Removes or deletes a security configuration policy or setting.
Removes or deletes a security configuration policy or setting.
Creates a new integration.
Creates a new integration.
{
"AppAccessContext":{
"IssuedAtTime":"2024-05-02T21:11:45",
"UniqueTokenId":"XeDaLWgRe1rsdtbkm15SAw"
},
"CreationTime":"2024-05-02T21:21:45",
"Id":"46429b68-d31f-4329-9601-e1d77131f2b2",
"Operation":"AppInstalled",
"OrganizationId":"8326222c-5c86-45a1-b768-561ad270c694",
"RecordType":25,
"UserKey":"f1c08887-d776-42f8-9911-06faa5ab392f",
"UserType":0,
"Version":1,
"Workload":"MicrosoftTeams",
"UserId":"example@test.onmicrosoft.com",
"AddOnGuid":"31c1aadf-4a2e-4465-b1a4-6d4d7d9a284c",
"AddOnType":4,
"AppDistributionMode":"Store",
"OperationScope":3,
"TargetUserId":"f1c08887-d776-42f8-9911-06faa5ab392f",
"AddOnName":"Stipop Stickers"
}
Reads an existing integration.
Reads an existing integration.
Updates an existing integration.
Updates an existing integration.
Removes or deletes an existing integration.
Removes or deletes an existing integration.
{
"AppAccessContext":{
"IssuedAtTime":"2024-05-02T20:09:24",
"UniqueTokenId":"XeDaLWgRe1rsdtbkm15SAw"
},
"CreationTime":"2024-05-02T20:14:26",
"Id":"1d8ce214-a40b-4d03-b5f1-bc3872fc01f0",
"Operation":"AppDeleted",
"OrganizationId":"8326222c-5c86-45a1-b768-561ad270c694",
"RecordType":25,
"UserKey":"62b732f7-fc71-40bc-b27d-35efcb0509de",
"UserType":5,
"Version":1,
"Workload":"MicrosoftTeams",
"UserId":"Microsoft Teams Sync",
"AddOnGuid":"19:212d1b70fc294d6e8a7b75964b40f23a@thread.tacv2",
"AddOnType":4,
"OperationScope":1,
"TeamGuid":"19:212d1b70fc294d6e8a7b75964b40f23a@thread.tacv2",
"TeamName":"19:212d1b70fc294d6e8a7b75964b40f23a@thread.tacv2"
}
Events (5)
A resource was created.
A resource was created.
{
"CreationTime":"2024-05-02T21:17:51",
"Id":"f36fd190-d3c2-47df-a62b-8d31eb7876c5",
"Operation":"ShiftAdded",
"OrganizationId":"8326222c-5c86-45a1-b768-561ad270c694",
"RecordType":73,
"UserKey":"f1c08887-d776-42f8-9911-06faa5ab392f",
"UserType":0,
"Version":1,
"Workload":"MicrosoftTeams",
"UserId":"example@test.onmicrosoft.com",
"AADGroupId":"a86f3642-1b11-468d-aaa3-8398902bd512",
"ExtraProperties":[{
"Key":"ShiftType",
"Value":"Shift"
},{
"Key":"ScheduleGroupId",
"Value":"TAG_3ef10228-af6c-4337-95de-1d4fb1dc84f9"
},{
"Key":"CorrelationId",
"Value":"2184a3795e56eb81ea8dcdb7f8e8bfc2"
}],
"TeamGuid":"19:xd7VhKaazsuwrJCpopRmHA1KCyC00Iftn7mqR-fV_ik1@thread.tacv2",
"TeamName":"Test Group 200",
"ScheduleId":"TEAM_64f16f25-30d0-42aa-af6d-18329a22cc02",
"Shift":{
"EndTime":"2024-04-29T00:00:00",
"Id":"SHFT_ed971e06-1a4b-4dc5-88a9-9f2f8839aa55",
"StartTime":"2024-04-29T00:00:00",
"AssignedTo":"f1c08887-d776-42f8-9911-06faa5ab392f"
}
}
A resource was read.
A resource was read.
A resource was updated.
A resource was updated.
A resource was removed or deleted.
A resource was removed or deleted.
{
"AppAccessContext":{
"IssuedAtTime":"2024-05-02T21:11:45",
"UniqueTokenId":"XeDaLWgRe1rsdtbkm15SAw-AA"
},
"CreationTime":"2024-05-02T21:17:24",
"Id":"2c506054-42a2-5e31-95b7-4c8c9219dff0",
"Operation":"MessageDeleted",
"OrganizationId":"8326222c-5c86-45a1-b768-561ad270c694",
"RecordType":25,
"UserKey":"f1c08887-d776-42f8-9911-06faa5ab392f",
"UserType":0,
"Version":1,
"Workload":"MicrosoftTeams",
"ClientIP":"198.51.100.1",
"UserId":"example@test.onmicrosoft.com",
"ChatThreadId":"19:98616b7d-2f2a-44c2-926f-92010d8bc27d_f1c08887-d776-42f8-9911-06faa5ab392f@unq.gbl.spaces",
"CommunicationType":"OneOnOne",
"ExtraProperties":[{
"Key":"TimeZone",
"Value":"America/New_York"
},{
"Key":"OsName",
"Value":"mac"
},{
"Key":"OsVersion",
"Value":"10.15.7"
},{
"Key":"Country",
"Value":"us"
},{
"Key":"ClientName",
"Value":"skypeteams"
},{
"Key":"ClientVersion",
"Value":"1415/24033101817"
},{
"Key":"ClientUtcOffsetSeconds",
"Value":"-14400"
}],
"MessageDeleteType":"User Delete",
"MessageId":"1710796909408",
"MessageVersion":"1714684644850",
"ParticipantInfo":{
"HasForeignTenantUsers":false,
"HasGuestUsers":false,
"HasOtherGuestUsers":false,
"HasUnauthenticatedUsers":false,
"ParticipatingDomains":[],
"ParticipatingSIPDomains":[],
"ParticipatingTenantIds":["8326222c-5c86-45a1-b768-561ad270c694"]
},
"ResourceTenantId":"8326222c-5c86-45a1-b768-561ad270c694",
"ItemName":"19:98616b7d-2f2a-44c2-926f-92010d8bc27d_f1c08887-d776-42f8-9911-06faa5ab392f@unq.gbl.spaces"
}
A resource was downloaded.
A resource was downloaded.
Includes workloads not included in other audit log types.
Storage Duration: 180 days
Minimum retention is 180 days, but organizations can set a retention policy up to 10 years dependent on licensing, reference https://learn.microsoft.com/en-us/purview/audit-log-retention-policies
Duration: Typically 60 to 90 minutes after an event occurs.
Minimum retention is 180 days, but organizations can set a retention policy up to 10 years dependent on licensing, reference https://learn.microsoft.com/en-us/purview/audit-log-retention-policies
Events (3)
An account attempted to login to a system.
An account attempted to login to a system.
{
"AppAccessContext":{
"AADSessionId":"c21adbd5-e8d4-44fe-a2a2-43e3251b04b5",
"ClientAppName":"Unknown",
"CorrelationId":"dcd124a1-d0b1-5000-62e6-155874ea96f9",
"UniqueTokenId":"XeDaLWgRe1rsdtbkm15SAw"
},
"CreationTime":"2024-05-02T20:13:40",
"Id":"a35c38f6-ed9d-4ddc-bbfd-08dc6ae45bd7",
"Operation":"SignInEvent",
"OrganizationId":"8326222c-5c86-45a1-b768-561ad270c694",
"RecordType":4,
"UserKey":"i:0h.f|membership|100320015ED2DA21@live.com",
"UserType":0,
"Version":1,
"Workload":"SharePoint",
"ClientIP":"198.51.100.1",
"UserId":"example@test.onmicrosoft.com",
"AuthenticationType":"None",
"BrowserName":"Firefox",
"BrowserVersion":"120.0",
"CorrelationId":"dcd124a1-d0b1-5000-62e6-155874ea96f9",
"EventSource":"SharePoint",
"IsManagedDevice":false,
"ItemType":"Invalid",
"Platform":"WinDesktop",
"UserAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/120.0",
"DeviceDisplayName":"2a01:111:2054:217:7752:bc0c:d4bb:ce49",
"ApplicationDisplayName":"Unknown"
}
An account attempted to logout of a system.
An account attempted to logout of a system.
Enter or acknowledge an MFA factor which indicates success or failure.
Enter or acknowledge an MFA factor which indicates success or failure.
Events (18)
Creates a user.
Creates a user.
Reads information about a user.
Reads information about a user.
Updates information about a user.
Updates information about a user.
Removes or deletes a user.
Removes or deletes a user.
Creates a logical group.
Creates a logical group.
Reads a group.
Reads a group.
Updates a group.
Updates a group.
Removes or deletes a group.
Removes or deletes a group.
Adds a service, user or account to a group.
Adds a service, user or account to a group.
{
"AppAccessContext":{
"AADSessionId":"c21adbd5-e8d4-44fe-a2a2-43e3251b04b5",
"ClientAppName":"Unknown",
"CorrelationId":"1fd324a1-d00d-5000-62e6-11eac27b54b8",
"UniqueTokenId":"XeDaLWgRe1rsdtbkm15SAw"
},
"CreationTime":"2024-05-02T20:35:41",
"Id":"a18dd05a-4a13-4800-d1f6-08dc6ae76eef",
"Operation":"AddedToGroup",
"OrganizationId":"8326222c-5c86-45a1-b768-561ad270c694",
"RecordType":14,
"UserKey":"i:0h.f|membership|100320015ED2DA21@live.com",
"UserType":0,
"Version":1,
"Workload":"SharePoint",
"ClientIP":"198.51.100.1",
"UserId":"example@test.onmicrosoft.com",
"AuthenticationType":"FormsCookieAuth",
"BrowserName":"Firefox",
"BrowserVersion":"120.0",
"CorrelationId":"1fd324a1-d00d-5000-62e6-11eac27b54b8",
"EventSource":"SharePoint",
"IsManagedDevice":false,
"ItemType":"Web",
"Platform":"WinDesktop",
"Site":"01a07a23-147e-4bba-9d38-f125def9657c",
"UserAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/120.0",
"WebId":"e8abba12-89ec-44f9-bba6-20b240025424",
"DeviceDisplayName":"2a01:111:2054:215:7d96:7954:6e9e:f862",
"EventData":"<Group>Communication site Members</Group><GroupId>5</GroupId>",
"TargetUserOrGroupType":"Member",
"TargetUserOrGroupName":"example@test.onmicrosoft.com",
"SiteUrl":"https://test.sharepoint.com",
"ApplicationDisplayName":"Unknown",
"ObjectId":"https://test.sharepoint.com"
}
Removes a service, user or account from a group.
Removes a service, user or account from a group.
{
"AppAccessContext":{
"AADSessionId":"c21adbd5-e8d4-44fe-a2a2-43e3251b04b5",
"ClientAppName":"Unknown",
"CorrelationId":"20d324a1-4078-5000-827b-7266b80c290d",
"UniqueTokenId":"XeDaLWgRe1rsdtbkm15SAw"
},
"CreationTime":"2024-05-02T20:35:46",
"Id":"5eda0f9d-927f-4343-5669-08dc6ae77256",
"Operation":"RemovedFromGroup",
"OrganizationId":"8326222c-5c86-45a1-b768-561ad270c694",
"RecordType":14,
"UserKey":"i:0h.f|membership|100320015ED2DA21@live.com",
"UserType":0,
"Version":1,
"Workload":"SharePoint",
"ClientIP":"198.51.100.1",
"UserId":"example@test.onmicrosoft.com",
"AuthenticationType":"FormsCookieAuth",
"BrowserName":"Firefox",
"BrowserVersion":"120.0",
"CorrelationId":"20d324a1-4078-5000-827b-7266b80c290d",
"EventSource":"SharePoint",
"IsManagedDevice":false,
"ItemType":"Web",
"Platform":"WinDesktop",
"Site":"01a07a23-147e-4bba-9d38-f125def9657c",
"UserAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/120.0",
"WebId":"e8abba12-89ec-44f9-bba6-20b240025424",
"DeviceDisplayName":"2a01:111:2054:215:7d96:7954:6e9e:f862",
"EventData":"<Group>Communication site Members</Group>",
"TargetUserOrGroupType":"Member",
"TargetUserOrGroupName":"example@test.onmicrosoft.com",
"SiteUrl":"https://test.sharepoint.com",
"ApplicationDisplayName":"Unknown",
"ObjectId":"https://test.sharepoint.com"
}
Creates a new role.
Creates a new role.
Reads a role.
Reads a role.
Updates a role.
Updates a role.
Removes or deletes a role.
Removes or deletes a role.
Adds a permission to a resource.
Adds a permission to a resource.
{
"AppAccessContext":{
"AADSessionId":"c21adbd5-e8d4-44fe-a2a2-43e3251b04b5",
"ClientAppName":"Unknown",
"CorrelationId":"47d324a1-106f-5000-62e6-151e1aa4a24f",
"UniqueTokenId":"XeDaLWgRe1rsdtbkm15SAw"
},
"CreationTime":"2024-05-02T20:38:27",
"Id":"8b9a2076-6a67-4c8f-771f-08dc6ae7d259",
"Operation":"SiteCollectionAdminAdded",
"OrganizationId":"8326222c-5c86-45a1-b768-561ad270c694",
"RecordType":14,
"UserKey":"i:0h.f|membership|100320015ED2DA21@live.com",
"UserType":0,
"Version":1,
"Workload":"SharePoint",
"ClientIP":"198.51.100.1",
"UserId":"example@test.onmicrosoft.com",
"AuthenticationType":"FormsCookieAuth",
"BrowserName":"Firefox",
"BrowserVersion":"120.0",
"CorrelationId":"47d324a1-106f-5000-62e6-151e1aa4a24f",
"EventSource":"SharePoint",
"IsManagedDevice":false,
"ItemType":"Web",
"Platform":"WinDesktop",
"Site":"a849538d-406b-4e55-9c0e-20aad5fdce7d",
"UserAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/120.0",
"WebId":"42eec027-1f90-4ad9-9c53-ca64dbce0ccb",
"DeviceDisplayName":"198.51.100.1",
"TargetUserOrGroupType":"SecurityGroup",
"TargetUserOrGroupName":"Global Administrator",
"SiteUrl":"https://test.sharepoint.com/sites/appcatalog",
"ApplicationDisplayName":"Unknown",
"ObjectId":"https://test.sharepoint.com/sites/appcatalog"
}
Removes a permission from a resource.
Removes a permission from a resource.
{
"AppAccessContext":{
"AADSessionId":"c21adbd5-e8d4-44fe-a2a2-43e3251b04b5",
"ClientAppName":"Unknown",
"CorrelationId":"47d324a1-106f-5000-62e6-151e1aa4a24f",
"UniqueTokenId":"XeDaLWgRe1rsdtbkm15SAw"
},
"CreationTime":"2024-05-02T20:38:27",
"Id":"f8c5fd57-94c1-423b-64b2-08dc6ae7d265",
"Operation":"SiteCollectionAdminRemoved",
"OrganizationId":"8326222c-5c86-45a1-b768-561ad270c694",
"RecordType":14,
"UserKey":"i:0h.f|membership|100320015ED2DA21@live.com",
"UserType":0,
"Version":1,
"Workload":"SharePoint",
"ClientIP":"198.51.100.1",
"UserId":"example@test.onmicrosoft.com",
"AuthenticationType":"FormsCookieAuth",
"BrowserName":"Firefox",
"BrowserVersion":"120.0",
"CorrelationId":"47d324a1-106f-5000-62e6-151e1aa4a24f",
"EventSource":"SharePoint",
"IsManagedDevice":false,
"ItemType":"Web",
"Platform":"WinDesktop",
"Site":"a849538d-406b-4e55-9c0e-20aad5fdce7d",
"UserAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/120.0",
"WebId":"42eec027-1f90-4ad9-9c53-ca64dbce0ccb",
"DeviceDisplayName":"198.51.100.1",
"ModifiedProperties":[{
"Name":"SiteAdmin",
"NewValue":"",
"OldValue":""
}],
"TargetUserOrGroupType":"Member",
"TargetUserOrGroupName":"SHAREPOINT\\system",
"SiteUrl":"https://test.sharepoint.com/sites/appcatalog",
"ApplicationDisplayName":"Unknown",
"ObjectId":"https://test.sharepoint.com/sites/appcatalog"
}
A MFA enrollment was added to an account.
A MFA enrollment was added to an account.
A MFA enrollment was removed from an account.
A MFA enrollment was removed from an account.
Events (8)
Creates a security configuration policy or enables settings.
Creates a security configuration policy or enables settings.
Reads a security configuration policy or settings.
Reads a security configuration policy or settings.
Updates a security configuration policy or settings.
Updates a security configuration policy or settings.
{
"AppAccessContext":{
"ClientAppName":"TenantWorkflowEngine",
"CorrelationId":"045124a1-3080-5000-62e6-18339d196c67"
},
"CreationTime":"2024-05-01T06:41:58",
"Id":"bebaecd3-a9c7-4cd9-211d-08dc69a9ccab",
"Operation":"SiteIBModeChanged",
"OrganizationId":"8326222c-5c86-45a1-b768-561ad270c694",
"RecordType":4,
"UserKey":"S-1-0-0",
"UserType":0,
"Version":1,
"Workload":"SharePoint",
"ClientIP":"",
"UserId":"SHAREPOINT\\system",
"CorrelationId":"045124a1-3080-5000-62e6-18339d196c67",
"EventSource":"SharePoint",
"ItemType":"Site",
"Site":"9c91ddba-ad04-4f5d-b659-6bfe37275e66",
"UserAgent":"",
"ModifiedProperties":[{
"Name":"SiteIBMode",
"NewValue":"Open",
"OldValue":"Implicit"
}],
"ApplicationDisplayName":"TenantWorkflowEngine",
"ObjectId":"https://test.sharepoint.com/sites/group1"
}
Removes or deletes a security configuration policy or setting.
Removes or deletes a security configuration policy or setting.
Creates a new integration.
Creates a new integration.
Reads an existing integration.
Reads an existing integration.
Updates an existing integration.
Updates an existing integration.
Removes or deletes an existing integration.
Removes or deletes an existing integration.
Events (5)
A resource was created.
A resource was created.
{
"AppAccessContext":{
"AADSessionId":"c21adbd5-e8d4-44fe-a2a2-43e3251b04b5",
"ClientAppName":"Unknown",
"CorrelationId":"47d324a1-106f-5000-62e6-151e1aa4a24f",
"UniqueTokenId":"XeDaLWgRe1rsdtbkm15SAw"
},
"CreationTime":"2024-05-02T20:38:33",
"Id":"786cf23e-013b-4fab-105e-08dc6ae7d5e1",
"Operation":"SiteCollectionCreated",
"OrganizationId":"8326222c-5c86-45a1-b768-561ad270c694",
"RecordType":4,
"UserKey":"i:0h.f|membership|100320015ED2DA21@live.com",
"UserType":0,
"Version":1,
"Workload":"SharePoint",
"ClientIP":"198.51.100.1",
"UserId":"example@test.onmicrosoft.com",
"AuthenticationType":"FormsCookieAuth",
"BrowserName":"Firefox",
"BrowserVersion":"120.0",
"CorrelationId":"47d324a1-106f-5000-62e6-151e1aa4a24f",
"EventSource":"SharePoint",
"IsManagedDevice":false,
"ItemType":"Site",
"Platform":"WinDesktop",
"Site":"a849538d-406b-4e55-9c0e-20aad5fdce7d",
"UserAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/120.0",
"DeviceDisplayName":"198.51.100.1",
"EventData":"<SiteCreationSource>API</SiteCreationSource>",
"ApplicationDisplayName":"Unknown",
"ObjectId":"https://test.sharepoint.com/sites/appcatalog"
}
A resource was read.
A resource was read.
{
"AppAccessContext":{
"AADSessionId":"c21adbd5-e8d4-44fe-a2a2-43e3251b04b5",
"ClientAppId":"6e1c5a56-fb53-46ae-8b6d-24988bdcced2",
"ClientAppName":"Microsoft Teams Web Client",
"CorrelationId":"09d824a1-e0eb-5000-62e6-14d5e6194687",
"UniqueTokenId":"XeDaLWgRe1rsdtbkm15SAw"
},
"CreationTime":"2024-05-02T22:01:37",
"Id":"4af4f3a2-6584-48b4-e96d-08dc6af37076",
"Operation":"PageViewed",
"OrganizationId":"8326222c-5c86-45a1-b768-561ad270c694",
"RecordType":4,
"UserKey":"i:0h.f|membership|100320015ED2DA21@live.com",
"UserType":0,
"Version":1,
"Workload":"OneDrive",
"ClientIP":"198.51.100.1",
"UserId":"example@test.onmicrosoft.com",
"ApplicationId":"5e3ce6c0-2b1f-4285-8d4b-75ee78787346",
"AuthenticationType":"OAuth",
"BrowserName":"Chrome",
"BrowserVersion":"124.0.0.0",
"CorrelationId":"09d824a1-e0eb-5000-62e6-14d5e6194687",
"CustomUniqueId":true,
"EventSource":"SharePoint",
"IsManagedDevice":false,
"ItemType":"Page",
"ListItemUniqueId":"59a8433d-9bb8-cfef-643c-93f736346360",
"Platform":"MacOSX",
"Site":"2bac95bd-b43c-4cd9-ba36-53f030ac6a3e",
"UserAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36",
"WebId":"e56ef9c7-8c2b-4d54-9534-a1322ae10ac3",
"DeviceDisplayName":"198.51.100.1",
"ApplicationDisplayName":"Microsoft Teams Web Client",
"ObjectId":"https://test-my.sharepoint.com/personal/example_test_onmicrosoft_com/_layouts/15/filebrowser.aspx"
}
A resource was updated.
A resource was updated.
A resource was removed or deleted.
A resource was removed or deleted.
{
"AppAccessContext":{
"ClientAppName":"Unknown",
"CorrelationId":"dfd124a1-a0fc-5000-62e6-18fd82d49a74"
},
"CreationTime":"2024-05-02T20:13:54",
"Id":"c3176f6b-847e-4615-3da2-08dc6ae46456",
"Operation":"SiteDeleted",
"OrganizationId":"8326222c-5c86-45a1-b768-561ad270c694",
"RecordType":6,
"UserKey":"i:0h.f|membership|100320015ED2DA21@live.com",
"UserType":2,
"Version":1,
"Workload":"SharePoint",
"ClientIP":"198.51.100.1",
"UserId":"John Doe",
"CorrelationId":"dfd124a1-a0fc-5000-62e6-18fd82d49a74",
"EventSource":"SharePoint",
"ItemType":"Web",
"ListItemUniqueId":"00000000-0000-0000-0000-000000000000",
"Site":"e4290a7d-331c-432a-bcd3-d2be5a10dbc0",
"UserAgent":"",
"WebId":"3098f69f-5903-4472-a2cb-88fb1ee8ea1f",
"HighPriorityMediaProcessing":false,
"ListBaseType":0,
"ListServerTemplate":0,
"SourceFileExtension":"",
"DestinationFileExtension":"",
"SiteUrl":"https://test.sharepoint.com/sites/Mark8ProjectTeam856/",
"SourceRelativeUrl":"..",
"SourceFileName":"Mark8ProjectTeam856",
"DestinationRelativeUrl":"../../https://test.sharepoint.com/sites",
"DestinationFileName":"Mark8ProjectTeam856",
"ApplicationDisplayName":"Unknown",
"ObjectId":"https://test.sharepoint.com/sites/Mark8ProjectTeam856"
}
A resource was downloaded.
A resource was downloaded.
{
"AppAccessContext":{
"AADSessionId":"c21adbd5-e8d4-44fe-a2a2-43e3251b04b5",
"ClientAppName":"Unknown",
"CorrelationId":"81d124a1-3094-5000-62e6-1202998ae76d",
"TokenIssuedAtTime":"2024-05-02T20:02:26",
"UniqueTokenId":"XeDaLWgRe1rsdtbkm15SAw"
},
"CreationTime":"2024-05-02T20:07:27",
"Id":"24052721-2860-4804-fe81-08dc6ae37d61",
"Operation":"FileDownloaded",
"OrganizationId":"8326222c-5c86-45a1-b768-561ad270c694",
"RecordType":6,
"UserKey":"i:0h.f|membership|100320015ED2DA21@live.com",
"UserType":0,
"Version":1,
"Workload":"SharePoint",
"ClientIP":"198.51.100.1",
"UserId":"example@test.onmicrosoft.com",
"AuthenticationType":"FormsCookieAuth",
"BrowserName":"Firefox",
"BrowserVersion":"120.0",
"CorrelationId":"81d124a1-3094-5000-62e6-1202998ae76d",
"EventSource":"SharePoint",
"IsManagedDevice":false,
"ItemType":"File",
"ListId":"4e052150-0ee4-491f-b49a-64c46155b7bd",
"ListItemUniqueId":"6d5f5d0d-ac15-4323-8897-af9a4f2efba9",
"Platform":"WinDesktop",
"Site":"937d3dbd-bda1-45ba-8e85-b0bc4939425f",
"UserAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/120.0",
"WebId":"3098f69f-5903-4472-a2cb-88fb1ee8ea1f",
"DeviceDisplayName":"2a01:111:2054:217:7752:bc0c:d4bb:ce49",
"FileSizeBytes":18632,
"HighPriorityMediaProcessing":false,
"ListBaseType":1,
"ListServerTemplate":101,
"SourceFileExtension":"docx",
"SiteUrl":"https://test.sharepoint.com/sites/VerySecretInformation/",
"SourceRelativeUrl":"Shared Documents",
"SourceFileName":"Open File 6.docx",
"ApplicationDisplayName":"Unknown",
"ObjectId":"https://test.sharepoint.com/sites/VerySecretInformation/Shared Documents/Open File 6.docx"
}
Includes logs for Sharepoint and OneDrive.
Storage Duration: 180 days
Minimum retention is 180 days, but organizations can set a retention policy up to 10 years dependent on licensing, reference https://learn.microsoft.com/en-us/purview/audit-log-retention-policies
Duration: Typically 60 to 90 minutes after an event occurs.
Minimum retention is 180 days, but organizations can set a retention policy up to 10 years dependent on licensing, reference https://learn.microsoft.com/en-us/purview/audit-log-retention-policies
Microsoft 365 (M365) is a cloud-based productivity platform which provides access to the full suite of office applications including Outlook, SharePoint, OneDrive, Word, Excel, PowerPoint, etc. Identity and access management is controlled through Microsoft Entra ID (formerly Azure Active Directory), which is also available as an audit log dataset. M365 provides all audit logs through the Microsoft Purview service via audit log subscriptions. Logging levels and retention are controlled by the license of an organization, as well as the license assigned to each individual user.
The Office 365 Management Activity API is a REST web service that provides access to audit logging via subscriptions.
Events (3)
An account attempted to login to a system.
An account attempted to login to a system.
{
"actor":
{
"alternateId": "alice@example.com",
"detailEntry": null,
"displayName": "Alice Brown",
"id": "00ua1aaaa1abc0A0B123",
"type": "User"
},
"authenticationContext":
{
"authenticationProvider": null,
"authenticationStep": 0,
"credentialProvider": null,
"credentialType": null,
"externalSessionId": "10234ABC123abc1234abc1234",
"interface": null,
"issuer": null
},
"client":
{
"device": "Computer",
"geographicalContext":
{
"city": "San Francisco",
"country": "United States",
"geolocation":
{
"lat": 37.8199,
"lon": 122.4783
},
"postalCode": "94016",
"state": "California"
},
"id": null,
"ipAddress": "198.51.100.1",
"userAgent":
{
"browser": "CHROME",
"os": "Mac OS X",
"rawUserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36"
},
"zone": "null"
},
"debugContext":
{
"debugData":
{
"deviceFingerprint": "11111111111111111111111111111111",
"dtHash": "123aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
"oktaUserAgentExtended": "okta-auth-js/7.0.1 okta-signin-widget-7.9.1",
"origin": "https://example.okta.com",
"requestId": "ABCD111111111111111111111111",
"requestUri": "/api/v1/authn",
"threatSuspected": "false",
"url": "/api/v1/authn?"
}
},
"displayMessage": "User login to Okta",
"eventType": "user.session.start",
"outcome":
{
"reason": null,
"result": "SUCCESS"
},
"published": "2023-09-06T19:06:27.080Z",
"request":
{
"ipChain":
[
{
"geographicalContext":
{
"city": "San Francisco",
"country": "United States",
"geolocation":
{
"lat": 37.8199,
"lon": 122.4783
},
"postalCode": "94016",
"state": "California"
},
"ip": "198.51.100.1",
"source": null,
"version": "V4"
}
]
},
"securityContext":
{
"asNumber": 14618,
"asOrg": "amazon corporate llc",
"domain": "amazon.com",
"isProxy": false,
"isp": "amazon.com inc"
},
"severity": "INFO",
"target": null,
"transaction":
{
"detail":
{},
"id": "111111111111111111111111111",
"type": "WEB"
},
"uuid": "11111111-2222-3333-4444-abcdef111111111111",
"version": 0
}
{
"actor":
{
"alternateId": "alice@example.com",
"detailEntry": null,
"displayName": "Alice Brown",
"id": "00ua1aaaa1abc0A0B123",
"type": "User"
},
"authenticationContext":
{
"authenticationProvider": null,
"authenticationStep": 0,
"credentialProvider": null,
"credentialType": null,
"externalSessionId": "unknown",
"interface": null,
"issuer": null
},
"client":
{
"device": "Computer",
"geographicalContext":
{
"city": "San Francisco",
"country": "United States",
"geolocation":
{
"lat": 37.8199,
"lon": 122.4783
},
"postalCode": "94016",
"state": "California"
},
"id": null,
"ipAddress": "198.51.100.1",
"userAgent":
{
"browser": "CHROME",
"os": "Windows 10",
"rawUserAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36"
},
"zone": "null"
},
"debugContext":
{
"debugData":
{
"deviceFingerprint": "11111111111111111111111111111111",
"dtHash": "123aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
"logOnlySecurityData": "{\"risk\":{\"reasons\":\"Anomalous Device\",\"level\":\"MEDIUM\"},\"behaviors\":{\"New Geo-Location\":\"NEGATIVE\",\"New Device\":\"POSITIVE\",\"New IP\":\"NEGATIVE\",\"New State\":\"NEGATIVE\",\"New Country\":\"NEGATIVE\",\"New City\":\"NEGATIVE\"}}",
"oktaUserAgentExtended": "okta-auth-js/7.0.1 okta-signin-widget-7.9.1",
"requestId": "ABCD111111111111111111111111",
"requestUri": "/api/v1/authn",
"threatSuspected": "false",
"url": "/api/v1/authn?"
}
},
"displayMessage": "User login to Okta",
"eventType": "user.session.start",
"outcome":
{
"reason": "INVALID_CREDENTIALS",
"result": "FAILURE"
},
"published": "2023-09-13T16:27:10.220Z",
"request":
{
"ipChain":
[
{
"geographicalContext":
{
"city": "San Francisco",
"country": "United States",
"geolocation":
{
"lat": 37.8199,
"lon": 122.4783
},
"postalCode": "94016",
"state": "California"
},
"ip": "198.51.100.1",
"source": null,
"version": "V4"
}
]
},
"securityContext":
{
"asNumber": 14618,
"asOrg": "amazon corporate llc",
"domain": "amazon.com",
"isProxy": false,
"isp": "amazon.com inc"
},
"severity": "WARN",
"target": null,
"transaction":
{
"detail":
{},
"id": "111111111111111111111111111",
"type": "WEB"
},
"uuid": "11111111-2222-3333-4444-abcdef111111111111",
"version": 0
}
An account attempted to logout of a system.
An account attempted to logout of a system.
{
"actor":
{
"alternateId": "alice@example.com",
"detailEntry": null,
"displayName": "Alice Brown",
"id": "00ua1aaaa1abc0A0B123",
"type": "User"
},
"authenticationContext":
{
"authenticationProvider": null,
"authenticationStep": 0,
"credentialProvider": null,
"credentialType": null,
"externalSessionId": "10234ABC123abc1234abc1234",
"interface": null,
"issuer": null
},
"client":
{
"device": "Computer",
"geographicalContext":
{
"city": "San Francisco",
"country": "United States",
"geolocation":
{
"lat": 37.8199,
"lon": 122.4783
},
"postalCode": "94016",
"state": "California"
},
"id": null,
"ipAddress": "198.51.100.1",
"userAgent":
{
"browser": "CHROME",
"os": "Windows 10",
"rawUserAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36"
},
"zone": "null"
},
"debugContext":
{
"debugData":
{
"authnRequestId": "ABCD111111111111111111111000",
"deviceFingerprint": "11111111111111111111111111111111",
"dtHash": "123aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
"oktaUserAgentExtended": "okta-auth-js/7.0.1 okta-signin-widget-7.9.1",
"requestId": "ABCD111111111111111111111111",
"requestUri": "/api/v1/authn",
"threatSuspected": "false",
"url": "/api/v1/authn?"
}
},
"displayMessage": "User logout from Okta",
"eventType": "user.session.end",
"outcome":
{
"reason": null,
"result": "SUCCESS"
},
"published": "2023-09-14T16:24:24.572Z",
"request":
{
"ipChain":
[
{
"geographicalContext":
{
"city": "San Francisco",
"country": "United States",
"geolocation":
{
"lat": 37.8199,
"lon": 122.4783
},
"postalCode": "94016",
"state": "California"
},
"ip": "198.51.100.1",
"source": null,
"version": "V4"
}
]
},
"securityContext":
{
"asNumber": 14618,
"asOrg": "amazon corporate llc",
"domain": "amazon.com",
"isProxy": false,
"isp": "amazon.com inc"
},
"severity": "INFO",
"target": null,
"transaction":
{
"detail":
{},
"id": "111111111111111111111111111",
"type": "WEB"
},
"uuid": "11111111-2222-3333-4444-abcdef111111111111",
"version": 0
}
Enter or acknowledge an MFA factor which indicates success or failure.
Enter or acknowledge an MFA factor which indicates success or failure.
{
"actor":
{
"alternateId": "alice@example.com",
"detailEntry": null,
"displayName": "Alice Brown",
"id": "00ua1aaaa1abc0A0B123",
"type": "User"
},
"authenticationContext":
{
"authenticationProvider": "FACTOR_PROVIDER",
"authenticationStep": 0,
"credentialProvider": "GOOGLE",
"credentialType": "OTP",
"externalSessionId": "10234ABC123abc1234abc1234",
"interface": null,
"issuer": null
},
"client":
{
"device": "Computer",
"geographicalContext":
{
"city": "San Francisco",
"country": "United States",
"geolocation":
{
"lat": 37.8199,
"lon": 122.4783
},
"postalCode": "94016",
"state": "California"
},
"id": null,
"ipAddress": "198.51.100.1",
"userAgent":
{
"browser": "CHROME",
"os": "Mac OS X",
"rawUserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36"
},
"zone": "null"
},
"debugContext":
{
"debugData":
{
"authnRequestId": "ABCDEF_1111111111111",
"deviceFingerprint": "11111111111111111111111111111111",
"dtHash": "123aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
"factor": "SOFT_TOKEN",
"promptingPolicyTypes": "[OKTA_SIGN_ON]",
"requestId": "ABCD111111111111111111111111",
"requestUri": "/api/v1/authn/factors/00ua1aaaa1abc0A0B987/verify",
"threatSuspected": "false",
"url": "/api/v1/authn/factors/00ua1aaaa1abc0A0B987/verify?rememberDevice=false"
}
},
"displayMessage": "Authentication of user via MFA",
"eventType": "user.authentication.auth_via_mfa",
"outcome":
{
"reason": null,
"result": "SUCCESS"
},
"published": "2023-09-14T19:20:47.234Z",
"request":
{
"ipChain":
[
{
"geographicalContext":
{
"city": "San Francisco",
"country": "United States",
"geolocation":
{
"lat": 37.8199,
"lon": 122.4783
},
"postalCode": "94016",
"state": "California"
},
"ip": "198.51.100.1",
"source": null,
"version": "V4"
}
]
},
"securityContext":
{
"asNumber": 14618,
"asOrg": "amazon corporate llc",
"domain": "amazon.com",
"isProxy": false,
"isp": "amazon.com inc"
},
"severity": "INFO",
"target":
[
{
"alternateId": "alice@example.com",
"detailEntry": null,
"displayName": "Alice Brown",
"id": "00ua1aaaa1abc0A0B123",
"type": "User"
}
],
"transaction":
{
"detail":
{},
"id": "111111111111111111111111111",
"type": "WEB"
},
"uuid": "11111111-2222-3333-4444-abcdef111111111111",
"version": 0
}
{
"actor":
{
"alternateId": "alice@example.com",
"detailEntry": null,
"displayName": "Alice Brown",
"id": "00ua1aaaa1abc0A0B123",
"type": "User"
},
"authenticationContext":
{
"authenticationProvider": null,
"authenticationStep": 0,
"credentialProvider": null,
"credentialType": null,
"externalSessionId": "10234ABC123abc1234abc1234",
"interface": null,
"issuer": null
},
"client":
{
"device": "Computer",
"geographicalContext":
{
"city": "San Francisco",
"country": "United States",
"geolocation":
{
"lat": 37.8199,
"lon": 122.4783
},
"postalCode": "94016",
"state": "California"
},
"id": null,
"ipAddress": "198.51.100.1",
"userAgent":
{
"browser": "CHROME",
"os": "Mac OS X",
"rawUserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36"
},
"zone": "null"
},
"debugContext":
{
"debugData":
{
"dtHash": "123aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
"requestId": "ABCD111111111111111111111111",
"requestUri": "/api/internal/users/me/report-suspicious-activity",
"suspiciousActivityBrowser": "CHROME",
"suspiciousActivityEventCity": "San Francisco",
"suspiciousActivityEventCountry": "United States",
"suspiciousActivityEventId": "11111111-0000-2222-0000-aaaaaaaaaaaa",
"suspiciousActivityEventIp": "198.51.100.2",
"suspiciousActivityEventLatitude": "37.8199",
"suspiciousActivityEventLongitude": "122.4783",
"suspiciousActivityEventState": "California",
"suspiciousActivityEventTransactionId": "1111111111111111111111111111",
"suspiciousActivityEventType": "system.email.new_device_notification.sent_message",
"suspiciousActivityOs": "Mac OS X",
"suspiciousActivityTimestamp": "2023-09-14T19:06:50.770Z",
"url": "/api/internal/users/me/report-suspicious-activity?i=xxxxxxxx"
}
},
"displayMessage": "User report suspicious activity",
"eventType": "user.account.report_suspicious_activity_by_enduser",
"outcome":
{
"reason": null,
"result": "SUCCESS"
},
"published": "2023-09-14T19:07:28.185Z",
"request":
{
"ipChain":
[
{
"geographicalContext":
{
"city": "San Francisco",
"country": "United States",
"geolocation":
{
"lat": 37.8199,
"lon": 122.4783
},
"postalCode": "94016",
"state": "California"
},
"ip": "198.51.100.1",
"source": null,
"version": "V4"
}
]
},
"securityContext":
{
"asNumber": 14618,
"asOrg": "amazon corporate llc",
"domain": "amazon.com",
"isProxy": false,
"isp": "amazon.com inc"
},
"severity": "WARN",
"target":
[
{
"alternateId": "alice@example.com",
"detailEntry": null,
"displayName": "Alice Brown",
"id": "00ua1aaaa1abc0A0B123",
"type": "User"
}
],
"transaction":
{
"detail":
{},
"id": "111111111111111111111111111",
"type": "WEB"
},
"uuid": "11111111-2222-3333-4444-abcdef111111111111",
"version": 0
}
Events (18)
Creates a user.
Creates a user.
{
"actor":
{
"alternateId": "alice@example.com",
"detailEntry": null,
"displayName": "Alice Brown",
"id": "00ua1aaaa1abc0A0B123",
"type": "User"
},
"authenticationContext":
{
"authenticationProvider": null,
"authenticationStep": 0,
"credentialProvider": null,
"credentialType": null,
"externalSessionId": "10234ABC123abc1234abc1234",
"interface": null,
"issuer": null
},
"client":
{
"device": "Computer",
"geographicalContext":
{
"city": "San Francisco",
"country": "United States",
"geolocation":
{
"lat": 37.8199,
"lon": 122.4783
},
"postalCode": "94016",
"state": "California"
},
"id": null,
"ipAddress": "198.51.100.1",
"userAgent":
{
"browser": "CHROME",
"os": "Mac OS X",
"rawUserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36"
},
"zone": "null"
},
"debugContext":
{
"debugData":
{
"dtHash": "123aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
"requestId": "ABCD111111111111111111111111",
"requestUri": "/api/v1/users",
"url": "/api/v1/users?activate=true"
}
},
"displayMessage": "Create okta user",
"eventType": "user.lifecycle.create",
"outcome":
{
"reason": null,
"result": "SUCCESS"
},
"published": "2023-09-14T20:18:47.825Z",
"request":
{
"ipChain":
[
{
"geographicalContext":
{
"city": "San Francisco",
"country": "United States",
"geolocation":
{
"lat": 37.8199,
"lon": 122.4783
},
"postalCode": "94016",
"state": "California"
},
"ip": "198.51.100.1",
"source": null,
"version": "V4"
}
]
},
"securityContext":
{
"asNumber": 14618,
"asOrg": "amazon corporate llc",
"domain": "amazon.com",
"isProxy": false,
"isp": "amazon.com inc"
},
"severity": "INFO",
"target":
[
{
"alternateId": "john@example.com",
"detailEntry": null,
"displayName": "John Doe",
"id": "00ua1aaaa1abc0A0B111",
"type": "User"
}
],
"transaction":
{
"detail":
{},
"id": "111111111111111111111111111",
"type": "WEB"
},
"uuid": "11111111-2222-3333-4444-abcdef111111111111",
"version": 0
}
Reads information about a user.
Reads information about a user.
Updates information about a user.
Updates information about a user.
{
"actor":
{
"alternateId": "alice@example.com",
"detailEntry": null,
"displayName": "Alice Brown",
"id": "00ua1aaaa1abc0A0B123",
"type": "User"
},
"authenticationContext":
{
"authenticationProvider": null,
"authenticationStep": 0,
"credentialProvider": null,
"credentialType": null,
"externalSessionId": "10234ABC123abc1234abc1234",
"interface": null,
"issuer": null
},
"client":
{
"device": "Computer",
"geographicalContext":
{
"city": "San Francisco",
"country": "United States",
"geolocation":
{
"lat": 37.8199,
"lon": 122.4783
},
"postalCode": "94016",
"state": "California"
},
"id": null,
"ipAddress": "198.51.100.1",
"userAgent":
{
"browser": "CHROME",
"os": "Mac OS X",
"rawUserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36"
},
"zone": "null"
},
"debugContext":
{
"debugData":
{
"changedAttributes": "login,email",
"dtHash": "123aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
"requestId": "ABCD111111111111111111111111",
"requestUri": "/api/v1/users/00ua1aaaa1abc0A0B456",
"url": "/api/v1/users/00ua1aaaa1abc0A0B456?"
}
},
"displayMessage": "Update user profile for Okta",
"eventType": "user.account.update_profile",
"outcome":
{
"reason": null,
"result": "SUCCESS"
},
"published": "2023-09-14T20:20:05.557Z",
"request":
{
"ipChain":
[
{
"geographicalContext":
{
"city": "San Francisco",
"country": "United States",
"geolocation":
{
"lat": 37.8199,
"lon": 122.4783
},
"postalCode": "94016",
"state": "California"
},
"ip": "198.51.100.1",
"source": null,
"version": "V4"
}
]
},
"securityContext":
{
"asNumber": 14618,
"asOrg": "amazon corporate llc",
"domain": "amazon.com",
"isProxy": false,
"isp": "amazon.com inc"
},
"severity": "INFO",
"target":
[
{
"alternateId": "john@example.com",
"detailEntry": null,
"displayName": "John Doe",
"id": "00ua1aaaa1abc0A0B456",
"type": "User"
}
],
"transaction":
{
"detail":
{},
"id": "111111111111111111111111111",
"type": "WEB"
},
"uuid": "11111111-2222-3333-4444-abcdef111111111111",
"version": 0
}
Removes or deletes a user.
Removes or deletes a user.
{
"actor":
{
"alternateId": "alice@example.com",
"detailEntry": null,
"displayName": "Alice Brown",
"id": "00ua1aaaa1abc0A0B123",
"type": "User"
},
"authenticationContext":
{
"authenticationProvider": null,
"authenticationStep": 0,
"credentialProvider": null,
"credentialType": null,
"externalSessionId": "10234ABC123abc1234abc1234",
"interface": null,
"issuer": null
},
"client":
{
"device": "Computer",
"geographicalContext":
{
"city": "San Francisco",
"country": "United States",
"geolocation":
{
"lat": 37.8199,
"lon": 122.4783
},
"postalCode": "94016",
"state": "California"
},
"id": null,
"ipAddress": "198.51.100.1",
"userAgent":
{
"browser": "CHROME",
"os": "Mac OS X",
"rawUserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36"
},
"zone": "null"
},
"debugContext":
{
"debugData":
{
"dtHash": "123aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
"requestId": "ABCD111111111111111111111111",
"requestUri": "/api/v1/users/00ua1aaaa1abc0A0B987",
"url": "/api/v1/users/00ua1aaaa1abc0A0B987?"
}
},
"displayMessage": "Delete Okta user initiated",
"eventType": "user.lifecycle.delete.initiated",
"outcome":
{
"reason": null,
"result": "SUCCESS"
},
"published": "2023-09-14T20:21:30.151Z",
"request":
{
"ipChain":
[
{
"geographicalContext":
{
"city": "San Francisco",
"country": "United States",
"geolocation":
{
"lat": 37.8199,
"lon": 122.4783
},
"postalCode": "94016",
"state": "California"
},
"ip": "198.51.100.1",
"source": null,
"version": "V4"
}
]
},
"securityContext":
{
"asNumber": 14618,
"asOrg": "amazon corporate llc",
"domain": "amazon.com",
"isProxy": false,
"isp": "amazon.com inc"
},
"severity": "INFO",
"target":
[
{
"alternateId": "john@example.com",
"detailEntry": null,
"displayName": "John Doe",
"id": "00ua1aaaa1abc0A0B987",
"type": "User"
}
],
"transaction":
{
"detail":
{},
"id": "111111111111111111111111111",
"type": "WEB"
},
"uuid": "11111111-2222-3333-4444-abcdef111111111111",
"version": 0
}
Creates a logical group.
Creates a logical group.
{
"actor":
{
"alternateId": "alice@example.com",
"detailEntry": null,
"displayName": "Alice Brown",
"id": "00ua1aaaa1abc0A0B123",
"type": "User"
},
"authenticationContext":
{
"authenticationProvider": null,
"authenticationStep": 0,
"credentialProvider": null,
"credentialType": null,
"externalSessionId": "10234ABC123abc1234abc1234",
"interface": null,
"issuer": null
},
"client":
{
"device": "Computer",
"geographicalContext":
{
"city": "San Francisco",
"country": "United States",
"geolocation":
{
"lat": 37.8199,
"lon": 122.4783
},
"postalCode": "94016",
"state": "California"
},
"id": null,
"ipAddress": "198.51.100.1",
"userAgent":
{
"browser": "CHROME",
"os": "Mac OS X",
"rawUserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36"
},
"zone": "null"
},
"debugContext":
{
"debugData":
{
"dtHash": "123aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
"requestId": "ABCD111111111111111111111111",
"requestUri": "/api/v1/groups",
"url": "/api/v1/groups?"
}
},
"displayMessage": "Create okta group",
"eventType": "group.lifecycle.create",
"outcome":
{
"reason": null,
"result": "SUCCESS"
},
"published": "2023-09-14T18:58:09.243Z",
"request":
{
"ipChain":
[
{
"geographicalContext":
{
"city": "San Francisco",
"country": "United States",
"geolocation":
{
"lat": 37.8199,
"lon": 122.4783
},
"postalCode": "94016",
"state": "California"
},
"ip": "198.51.100.1",
"source": null,
"version": "V4"
}
]
},
"securityContext":
{
"asNumber": 14618,
"asOrg": "amazon corporate llc",
"domain": "amazon.com",
"isProxy": false,
"isp": "amazon.com inc"
},
"severity": "INFO",
"target":
[
{
"alternateId": "unknown",
"detailEntry": null,
"displayName": "custom_developers_group",
"id": "00ua1aaaa1abc0A0B789",
"type": "UserGroup"
}
],
"transaction":
{
"detail":
{},
"id": "111111111111111111111111111",
"type": "WEB"
},
"uuid": "11111111-2222-3333-4444-abcdef111111111111",
"version": 0
}
Reads a group.
Reads a group.
Updates a group.
Updates a group.
{
"actor":
{
"alternateId": "alice@example.com",
"detailEntry": null,
"displayName": "Alice Brown",
"id": "00ua1aaaa1abc0A0B123",
"type": "User"
},
"authenticationContext":
{
"authenticationProvider": null,
"authenticationStep": 0,
"credentialProvider": null,
"credentialType": null,
"externalSessionId": "10234ABC123abc1234abc1234",
"interface": null,
"issuer": null
},
"client":
{
"device": "Computer",
"geographicalContext":
{
"city": "San Francisco",
"country": "United States",
"geolocation":
{
"lat": 37.8199,
"lon": 122.4783
},
"postalCode": "94016",
"state": "California"
},
"id": null,
"ipAddress": "198.51.100.1",
"userAgent":
{
"browser": "CHROME",
"os": "Mac OS X",
"rawUserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36"
},
"zone": "null"
},
"debugContext":
{
"debugData":
{
"dtHash": "123aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
"groupAppAssignmentId": "xxxxxxxxxxxxxxxxxxxxx",
"requestId": "ABCD111111111111111111111111",
"requestUri": "/api/v1/apps/00ua1aaaa1abc0A0B456/groups/00ua1aaaa1abc0A0B987",
"url": "/api/v1/apps/00ua1aaaa1abc0A0B456/groups/00ua1aaaa1abc0A0B987?"
}
},
"displayMessage": "Add assigned application to group",
"eventType": "group.application_assignment.add",
"outcome":
{
"reason": null,
"result": "SUCCESS"
},
"published": "2023-09-14T20:22:38.036Z",
"request":
{
"ipChain":
[
{
"geographicalContext":
{
"city": "San Francisco",
"country": "United States",
"geolocation":
{
"lat": 37.8199,
"lon": 122.4783
},
"postalCode": "94016",
"state": "California"
},
"ip": "198.51.100.1",
"source": null,
"version": "V4"
}
]
},
"securityContext":
{
"asNumber": 14618,
"asOrg": "amazon corporate llc",
"domain": "amazon.com",
"isProxy": false,
"isp": "amazon.com inc"
},
"severity": "INFO",
"target":
[
{
"alternateId": "unknown",
"detailEntry": null,
"displayName": "salesforce_developers",
"id": "00ua1aaaa1abc0A0B987",
"type": "UserGroup"
},
{
"alternateId": "Salesforce",
"detailEntry": null,
"displayName": "Salesforce.com",
"id": "00ua1aaaa1abc0A0B456",
"type": "AppInstance"
}
],
"transaction":
{
"detail":
{},
"id": "111111111111111111111111111",
"type": "WEB"
},
"uuid": "11111111-2222-3333-4444-abcdef111111111111",
"version": 0
}
Removes or deletes a group.
Removes or deletes a group.
{
"actor":
{
"alternateId": "alice@example.com",
"detailEntry": null,
"displayName": "Alice Brown",
"id": "00ua1aaaa1abc0A0B123",
"type": "User"
},
"authenticationContext":
{
"authenticationProvider": null,
"authenticationStep": 0,
"credentialProvider": null,
"credentialType": null,
"externalSessionId": "10234ABC123abc1234abc1234",
"interface": null,
"issuer": null
},
"client":
{
"device": "Computer",
"geographicalContext":
{
"city": "San Francisco",
"country": "United States",
"geolocation":
{
"lat": 37.8199,
"lon": 122.4783
},
"postalCode": "94016",
"state": "California"
},
"id": null,
"ipAddress": "198.51.100.1",
"userAgent":
{
"browser": "CHROME",
"os": "Mac OS X",
"rawUserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36"
},
"zone": "null"
},
"debugContext":
{
"debugData":
{
"dtHash": "123aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
"requestId": "ABCD111111111111111111111111",
"requestUri": "/api/v1/groups/00ua1aaaa1abc0A0B987",
"url": "/api/v1/groups/00ua1aaaa1abc0A0B987?"
}
},
"displayMessage": "Delete okta group",
"eventType": "group.lifecycle.delete",
"outcome":
{
"reason": null,
"result": "SUCCESS"
},
"published": "2023-09-14T20:23:26.473Z",
"request":
{
"ipChain":
[
{
"geographicalContext":
{
"city": "San Francisco",
"country": "United States",
"geolocation":
{
"lat": 37.8199,
"lon": 122.4783
},
"postalCode": "94016",
"state": "California"
},
"ip": "198.51.100.1",
"source": null,
"version": "V4"
}
]
},
"securityContext":
{
"asNumber": 14618,
"asOrg": "amazon corporate llc",
"domain": "amazon.com",
"isProxy": false,
"isp": "amazon.com inc"
},
"severity": "INFO",
"target":
[
{
"alternateId": "unknown",
"detailEntry": null,
"displayName": "custom_okta_group",
"id": "00ua1aaaa1abc0A0B987",
"type": "UserGroup"
}
],
"transaction":
{
"detail":
{},
"id": "111111111111111111111111111",
"type": "WEB"
},
"uuid": "11111111-2222-3333-4444-abcdef111111111111",
"version": 0
}
Adds a service, user or account to a group.
Adds a service, user or account to a group.
{
"actor":
{
"alternateId": "alice@example.com",
"detailEntry": null,
"displayName": "Alice Brown",
"id": "00ua1aaaa1abc0A0B123",
"type": "User"
},
"authenticationContext":
{
"authenticationProvider": null,
"authenticationStep": 0,
"credentialProvider": null,
"credentialType": null,
"externalSessionId": "10234ABC123abc1234abc1234",
"interface": null,
"issuer": null
},
"client":
{
"device": "Computer",
"geographicalContext":
{
"city": "San Francisco",
"country": "United States",
"geolocation":
{
"lat": 37.8199,
"lon": 122.4783
},
"postalCode": "94016",
"state": "California"
},
"id": null,
"ipAddress": "198.51.100.1",
"userAgent":
{
"browser": "CHROME",
"os": "Mac OS X",
"rawUserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36"
},
"zone": "null"
},
"debugContext":
{
"debugData":
{
"dtHash": "123aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
"requestId": "ABCD111111111111111111111111",
"requestUri": "/api/v1/groups/00ua1aaaa1abc0A0B456/users/00ua1aaaa1abc0A0B987",
"url": "/api/v1/groups/00ua1aaaa1abc0A0B456/users/00ua1aaaa1abc0A0B987?"
}
},
"displayMessage": "Add user to group membership",
"eventType": "group.user_membership.add",
"outcome":
{
"reason": null,
"result": "SUCCESS"
},
"published": "2023-09-14T20:26:40.529Z",
"request":
{
"ipChain":
[
{
"geographicalContext":
{
"city": "San Francisco",
"country": "United States",
"geolocation":
{
"lat": 37.8199,
"lon": 122.4783
},
"postalCode": "94016",
"state": "California"
},
"ip": "198.51.100.1",
"source": null,
"version": "V4"
}
]
},
"securityContext":
{
"asNumber": 14618,
"asOrg": "amazon corporate llc",
"domain": "amazon.com",
"isProxy": false,
"isp": "amazon.com inc"
},
"severity": "INFO",
"target":
[
{
"alternateId": "john@example.com",
"detailEntry": null,
"displayName": "John Doe",
"id": "00ua1aaaa1abc0A0B987",
"type": "User"
},
{
"alternateId": "unknown",
"detailEntry": null,
"displayName": "custom_okta_group",
"id": "00ua1aaaa1abc0A0B456",
"type": "UserGroup"
}
],
"transaction":
{
"detail":
{},
"id": "111111111111111111111111111",
"type": "WEB"
},
"uuid": "11111111-2222-3333-4444-abcdef111111111111",
"version": 0
}
Removes a service, user or account from a group.
Removes a service, user or account from a group.
{
"actor":
{
"alternateId": "alice@example.com",
"detailEntry": null,
"displayName": "Alice Brown",
"id": "00ua1aaaa1abc0A0B123",
"type": "User"
},
"authenticationContext":
{
"authenticationProvider": null,
"authenticationStep": 0,
"credentialProvider": null,
"credentialType": null,
"externalSessionId": "10234ABC123abc1234abc1234",
"interface": null,
"issuer": null
},
"client":
{
"device": "Computer",
"geographicalContext":
{
"city": "San Francisco",
"country": "United States",
"geolocation":
{
"lat": 37.8199,
"lon": 122.4783
},
"postalCode": "94016",
"state": "California"
},
"id": null,
"ipAddress": "198.51.100.1",
"userAgent":
{
"browser": "CHROME",
"os": "Mac OS X",
"rawUserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36"
},
"zone": "null"
},
"debugContext":
{
"debugData":
{
"dtHash": "123aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
"requestId": "ABCD111111111111111111111111",
"requestUri": "/api/v1/groups/00ua1aaaa1abc0A0B345/users/00ua1aaaa1abc0A0B987",
"url": "/api/v1/groups/00ua1aaaa1abc0A0B345/users/00ua1aaaa1abc0A0B987?"
}
},
"displayMessage": "Remove user from group membership",
"eventType": "group.user_membership.remove",
"outcome":
{
"reason": null,
"result": "SUCCESS"
},
"published": "2023-09-14T20:27:00.112Z",
"request":
{
"ipChain":
[
{
"geographicalContext":
{
"city": "San Francisco",
"country": "United States",
"geolocation":
{
"lat": 37.8199,
"lon": 122.4783
},
"postalCode": "94016",
"state": "California"
},
"ip": "198.51.100.1",
"source": null,
"version": "V4"
}
]
},
"securityContext":
{
"asNumber": 14618,
"asOrg": "amazon corporate llc",
"domain": "amazon.com",
"isProxy": false,
"isp": "amazon.com inc"
},
"severity": "INFO",
"target":
[
{
"alternateId": "john@example.com",
"detailEntry": null,
"displayName": "John Doe",
"id": "00ua1aaaa1abc0A0B987",
"type": "User"
},
{
"alternateId": "unknown",
"detailEntry": null,
"displayName": "custom_okta_group",
"id": "00ua1aaaa1abc0A0B345",
"type": "UserGroup"
}
],
"transaction":
{
"detail":
{},
"id": "111111111111111111111111111",
"type": "WEB"
},
"uuid": "11111111-2222-3333-4444-abcdef111111111111",
"version": 0
}
Creates a new role.
Creates a new role.
{
"actor":
{
"alternateId": "alice@example.com",
"detailEntry": null,
"displayName": "Alice Brown",
"id": "00ua1aaaa1abc0A0B123",
"type": "User"
},
"authenticationContext":
{
"authenticationProvider": null,
"authenticationStep": 0,
"credentialProvider": null,
"credentialType": null,
"externalSessionId": "10234ABC123abc1234abc1234",
"interface": null,
"issuer": null
},
"client":
{
"device": "Computer",
"geographicalContext":
{
"city": "San Francisco",
"country": "United States",
"geolocation":
{
"lat": 37.8199,
"lon": 122.4783
},
"postalCode": "94016",
"state": "California"
},
"id": null,
"ipAddress": "198.51.100.1",
"userAgent":
{
"browser": "CHROME",
"os": "Mac OS X",
"rawUserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36"
},
"zone": "null"
},
"debugContext":
{
"debugData":
{
"dtHash": "123aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
"requestId": "ABCD111111111111111111111111",
"requestUri": "/api/v1/iam/roles",
"url": "/api/v1/iam/roles?"
}
},
"displayMessage": "Role created",
"eventType": "iam.role.create",
"outcome":
{
"reason": null,
"result": "SUCCESS"
},
"published": "2023-09-14T20:32:05.713Z",
"request":
{
"ipChain":
[
{
"geographicalContext":
{
"city": "San Francisco",
"country": "United States",
"geolocation":
{
"lat": 37.8199,
"lon": 122.4783
},
"postalCode": "94016",
"state": "California"
},
"ip": "198.51.100.1",
"source": null,
"version": "V4"
}
]
},
"securityContext":
{
"asNumber": 14618,
"asOrg": "amazon corporate llc",
"domain": "amazon.com",
"isProxy": false,
"isp": "amazon.com inc"
},
"severity": "INFO",
"target":
[
{
"alternateId": "unknown",
"detailEntry": null,
"displayName": "Custom Okta Role",
"id": "00ua1aaaa1abc0A0B345",
"type": "Role"
},
{
"alternateId": "unknown",
"detailEntry": null,
"displayName": "okta.users.manage",
"id": "okta.users.manage",
"type": "Permission"
},
{
"alternateId": "unknown",
"detailEntry": null,
"displayName": "okta.customizations.manage",
"id": "okta.customizations.manage",
"type": "Permission"
},
{
"alternateId": "unknown",
"detailEntry": null,
"displayName": "okta.profilesources.import.run",
"id": "okta.profilesources.import.run",
"type": "Permission"
},
{
"alternateId": "unknown",
"detailEntry": null,
"displayName": "okta.authzServers.manage",
"id": "okta.authzServers.manage",
"type": "Permission"
}
],
"transaction":
{
"detail":
{},
"id": "111111111111111111111111111",
"type": "WEB"
},
"uuid": "11111111-2222-3333-4444-abcdef111111111111",
"version": 0
}
Reads a role.
Reads a role.
Updates a role.
Updates a role.
{
"actor":
{
"alternateId": "alice@example.com",
"detailEntry": null,
"displayName": "Alice Brown",
"id": "00ua1aaaa1abc0A0B123",
"type": "User"
},
"authenticationContext":
{
"authenticationProvider": null,
"authenticationStep": 0,
"credentialProvider": null,
"credentialType": null,
"externalSessionId": "10234ABC123abc1234abc1234",
"interface": null,
"issuer": null
},
"client":
{
"device": "Computer",
"geographicalContext":
{
"city": "San Francisco",
"country": "United States",
"geolocation":
{
"lat": 37.8199,
"lon": 122.4783
},
"postalCode": "94016",
"state": "California"
},
"id": null,
"ipAddress": "198.51.100.1",
"userAgent":
{
"browser": "CHROME",
"os": "Mac OS X",
"rawUserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36"
},
"zone": "null"
},
"debugContext":
{
"debugData":
{
"dtHash": "123aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
"requestId": "ABCD111111111111111111111111",
"requestUri": "/api/v1/iam/roles/00ua1aaaa1abc0A0B456/permissions/okta.users.manage",
"url": "/api/v1/iam/roles/00ua1aaaa1abc0A0B456/permissions/okta.users.manage?"
}
},
"displayMessage": "Permissions deleted from Role",
"eventType": "iam.role.permissions.delete",
"outcome":
{
"reason": null,
"result": "SUCCESS"
},
"published": "2023-09-14T20:32:28.571Z",
"request":
{
"ipChain":
[
{
"geographicalContext":
{
"city": "San Francisco",
"country": "United States",
"geolocation":
{
"lat": 37.8199,
"lon": 122.4783
},
"postalCode": "94016",
"state": "California"
},
"ip": "198.51.100.1",
"source": null,
"version": "V4"
}
]
},
"securityContext":
{
"asNumber": 14618,
"asOrg": "amazon corporate llc",
"domain": "amazon.com",
"isProxy": false,
"isp": "amazon.com inc"
},
"severity": "INFO",
"target":
[
{
"alternateId": "unknown",
"detailEntry": null,
"displayName": "Custom Okta Role",
"id": "00ua1aaaa1abc0A0B456",
"type": "Role"
},
{
"alternateId": "unknown",
"detailEntry": null,
"displayName": "okta.users.manage",
"id": "okta.users.manage",
"type": "Permission"
}
],
"transaction":
{
"detail":
{},
"id": "111111111111111111111111111",
"type": "WEB"
},
"uuid": "11111111-2222-3333-4444-abcdef111111111111",
"version": 0
}
Removes or deletes a role.
Removes or deletes a role.
{
"actor":
{
"alternateId": "alice@example.com",
"detailEntry": null,
"displayName": "Alice Brown",
"id": "00ua1aaaa1abc0A0B123",
"type": "User"
},
"authenticationContext":
{
"authenticationProvider": null,
"authenticationStep": 0,
"credentialProvider": null,
"credentialType": null,
"externalSessionId": "10234ABC123abc1234abc1234",
"interface": null,
"issuer": null
},
"client":
{
"device": "Computer",
"geographicalContext":
{
"city": "San Francisco",
"country": "United States",
"geolocation":
{
"lat": 37.8199,
"lon": 122.4783
},
"postalCode": "94016",
"state": "California"
},
"id": null,
"ipAddress": "198.51.100.1",
"userAgent":
{
"browser": "CHROME",
"os": "Mac OS X",
"rawUserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36"
},
"zone": "null"
},
"debugContext":
{
"debugData":
{
"dtHash": "123aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
"requestId": "ABCD111111111111111111111111",
"requestUri": "/api/v1/iam/roles/00ua1aaaa1abc0A0B345",
"url": "/api/v1/iam/roles/00ua1aaaa1abc0A0B345?"
}
},
"displayMessage": "Role deleted",
"eventType": "iam.role.delete",
"outcome":
{
"reason": null,
"result": "SUCCESS"
},
"published": "2023-09-14T20:32:33.316Z",
"request":
{
"ipChain":
[
{
"geographicalContext":
{
"city": "San Francisco",
"country": "United States",
"geolocation":
{
"lat": 37.8199,
"lon": 122.4783
},
"postalCode": "94016",
"state": "California"
},
"ip": "198.51.100.1",
"source": null,
"version": "V4"
}
]
},
"securityContext":
{
"asNumber": 14618,
"asOrg": "amazon corporate llc",
"domain": "amazon.com",
"isProxy": false,
"isp": "amazon.com inc"
},
"severity": "INFO",
"target":
[
{
"alternateId": "unknown",
"detailEntry": null,
"displayName": "Custom Okta Admin Role",
"id": "00ua1aaaa1abc0A0B345",
"type": "Role"
}
],
"transaction":
{
"detail":
{},
"id": "111111111111111111111111111",
"type": "WEB"
},
"uuid": "11111111-2222-3333-4444-abcdef111111111111",
"version": 0
}
Adds a permission to a resource.
Adds a permission to a resource.
{
"actor":
{
"alternateId": "alice@example.com",
"detailEntry": null,
"displayName": "Alice Brown",
"id": "00ua1aaaa1abc0A0B123",
"type": "User"
},
"authenticationContext":
{
"authenticationProvider": null,
"authenticationStep": 0,
"credentialProvider": null,
"credentialType": null,
"externalSessionId": "10234ABC123abc1234abc1234",
"interface": null,
"issuer": null
},
"client":
{
"device": "Computer",
"geographicalContext":
{
"city": "San Francisco",
"country": "United States",
"geolocation":
{
"lat": 37.8199,
"lon": 122.4783
},
"postalCode": "94016",
"state": "California"
},
"id": null,
"ipAddress": "198.51.100.1",
"userAgent":
{
"browser": "CHROME",
"os": "Mac OS X",
"rawUserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36"
},
"zone": "null"
},
"debugContext":
{
"debugData":
{
"dtHash": "123aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
"privilegeGranted": "Super administrator",
"requestId": "ABCD111111111111111111111111",
"requestUri": "/api/v1/groups/cccccccccccccccccccc/users/00ua1aaaa1abc0A0B987",
"url": "/api/v1/groups/cccccccccccccccccccc/users/00ua1aaaa1abc0A0B987?"
}
},
"displayMessage": "Grant user privilege",
"eventType": "user.account.privilege.grant",
"outcome":
{
"reason": null,
"result": "SUCCESS"
},
"published": "2023-09-14T20:26:40.657Z",
"request":
{
"ipChain":
[
{
"geographicalContext":
{
"city": "San Francisco",
"country": "United States",
"geolocation":
{
"lat": 37.8199,
"lon": 122.4783
},
"postalCode": "94016",
"state": "California"
},
"ip": "198.51.100.1",
"source": null,
"version": "V4"
}
]
},
"securityContext":
{
"asNumber": 14618,
"asOrg": "amazon corporate llc",
"domain": "amazon.com",
"isProxy": false,
"isp": "amazon.com inc"
},
"severity": "INFO",
"target":
[
{
"alternateId": "john@example.com",
"detailEntry": null,
"displayName": "John Doe",
"id": "00ua1aaaa1abc0A0B987",
"type": "User"
}
],
"transaction":
{
"detail":
{},
"id": "111111111111111111111111111",
"type": "WEB"
},
"uuid": "11111111-2222-3333-4444-abcdef111111111111",
"version": 0
}
Removes a permission from a resource.
Removes a permission from a resource.
{
"actor":
{
"alternateId": "alice@example.com",
"detailEntry": null,
"displayName": "Alice Brown",
"id": "00ua1aaaa1abc0A0B123",
"type": "User"
},
"authenticationContext":
{
"authenticationProvider": null,
"authenticationStep": 0,
"credentialProvider": null,
"credentialType": null,
"externalSessionId": "10234ABC123abc1234abc1234",
"interface": null,
"issuer": null
},
"client":
{
"device": "Computer",
"geographicalContext":
{
"city": "San Francisco",
"country": "United States",
"geolocation":
{
"lat": 37.8199,
"lon": 122.4783
},
"postalCode": "94016",
"state": "California"
},
"id": null,
"ipAddress": "198.51.100.1",
"userAgent":
{
"browser": "CHROME",
"os": "Mac OS X",
"rawUserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36"
},
"zone": "null"
},
"debugContext":
{
"debugData":
{
"dtHash": "123aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
"privilegeRevoked": "Super administrator, Organization administrator, Application administrator (all), Application administrator, Read only admin, User administrator (all), User administrator, Help Desk administrator (all), Help Desk administrator, Mobile administrator, API Access Management administrator, Report administrator, Group Membership administrator",
"requestId": "ABCD111111111111111111111111",
"requestUri": "/api/v1/groups/00ua1aaaa1abc0A0B345/users/00ua1aaaa1abc0A0B987",
"url": "/api/v1/groups/00ua1aaaa1abc0A0B345/users/00ua1aaaa1abc0A0B987?"
}
},
"displayMessage": "Revoke user privilege",
"eventType": "user.account.privilege.revoke",
"outcome":
{
"reason": null,
"result": "SUCCESS"
},
"published": "2023-09-14T20:27:00.236Z",
"request":
{
"ipChain":
[
{
"geographicalContext":
{
"city": "San Francisco",
"country": "United States",
"geolocation":
{
"lat": 37.8199,
"lon": 122.4783
},
"postalCode": "94016",
"state": "California"
},
"ip": "198.51.100.1",
"source": null,
"version": "V4"
}
]
},
"securityContext":
{
"asNumber": 14618,
"asOrg": "amazon corporate llc",
"domain": "amazon.com",
"isProxy": false,
"isp": "amazon.com inc"
},
"severity": "INFO",
"target":
[
{
"alternateId": "john@example.com",
"detailEntry": null,
"displayName": "John Doe",
"id": "00ua1aaaa1abc0A0B987",
"type": "User"
}
],
"transaction":
{
"detail":
{},
"id": "111111111111111111111111111",
"type": "WEB"
},
"uuid": "11111111-2222-3333-4444-abcdef111111111111",
"version": 0
}
A MFA enrollment was added to an account.
A MFA enrollment was added to an account.
{
"actor":
{
"alternateId": "alice@example.com",
"detailEntry": null,
"displayName": "Alice Brown",
"id": "00ua1aaaa1abc0A0B123",
"type": "User"
},
"authenticationContext":
{
"authenticationProvider": null,
"authenticationStep": 0,
"credentialProvider": null,
"credentialType": null,
"externalSessionId": "10234ABC123abc1234abc1234",
"interface": null,
"issuer": null
},
"client":
{
"device": "Computer",
"geographicalContext":
{
"city": "San Francisco",
"country": "United States",
"geolocation":
{
"lat": 37.8199,
"lon": 122.4783
},
"postalCode": "94016",
"state": "California"
},
"id": null,
"ipAddress": "198.51.100.1",
"userAgent":
{
"browser": "CHROME",
"os": "Mac OS X",
"rawUserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36"
},
"zone": "null"
},
"debugContext":
{
"debugData":
{
"authnRequestId": "bbbbbbbbbbbbbbbbbbbbbbbbbbb",
"deviceFingerprint": "11111111111111111111111111111111",
"dtHash": "123aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
"requestId": "ABCD111111111111111111111111",
"requestUri": "/api/v1/authn/factors/2222222222222222222/lifecycle/activate",
"threatSuspected": "false",
"url": "/api/v1/authn/factors/2222222222222222222/lifecycle/activate?"
}
},
"displayMessage": "Activate factor for user",
"eventType": "user.mfa.factor.activate",
"outcome":
{
"reason": "User set up SOFT_TOKEN factor",
"result": "SUCCESS"
},
"published": "2023-09-14T19:09:25.749Z",
"request":
{
"ipChain":
[
{
"geographicalContext":
{
"city": "San Francisco",
"country": "United States",
"geolocation":
{
"lat": 37.8199,
"lon": 122.4783
},
"postalCode": "94016",
"state": "California"
},
"ip": "198.51.100.1",
"source": null,
"version": "V4"
}
]
},
"securityContext":
{
"asNumber": 14618,
"asOrg": "amazon corporate llc",
"domain": "amazon.com",
"isProxy": false,
"isp": "amazon.com inc"
},
"severity": "INFO",
"target":
[
{
"alternateId": "alice@example.com",
"detailEntry": null,
"displayName": "Alice Brown",
"id": "00ua1aaaa1abc0A0B123",
"type": "User"
}
],
"transaction":
{
"detail":
{},
"id": "111111111111111111111111111",
"type": "WEB"
},
"uuid": "11111111-2222-3333-4444-abcdef111111111111",
"version": 0
}
A MFA enrollment was removed from an account.
A MFA enrollment was removed from an account.
{
"actor":
{
"alternateId": "alice@example.com",
"detailEntry": null,
"displayName": "Alice Brown",
"id": "00ua1aaaa1abc0A0B123",
"type": "User"
},
"authenticationContext":
{
"authenticationProvider": null,
"authenticationStep": 0,
"credentialProvider": null,
"credentialType": null,
"externalSessionId": "10234ABC123abc1234abc1234",
"interface": null,
"issuer": null
},
"client":
{
"device": "Computer",
"geographicalContext":
{
"city": "San Francisco",
"country": "United States",
"geolocation":
{
"lat": 37.8199,
"lon": 122.4783
},
"postalCode": "94016",
"state": "California"
},
"id": null,
"ipAddress": "198.51.100.1",
"userAgent":
{
"browser": "CHROME",
"os": "Windows 10",
"rawUserAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36"
},
"zone": "null"
},
"debugContext":
{
"debugData":
{
"dtHash": "123aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
"requestId": "ABCD111111111111111111111111",
"requestUri": "/api/v1/users/00ua1aaaa1abc0A0B987/lifecycle/reset_factors",
"url": "/api/v1/users/00ua1aaaa1abc0A0B987/lifecycle/reset_factors?"
}
},
"displayMessage": "Reset factor for user",
"eventType": "user.mfa.factor.deactivate",
"outcome":
{
"reason": "User reset OKTA_SOFT_TOKEN factor",
"result": "SUCCESS"
},
"published": "2023-09-14T15:49:03.007Z",
"request":
{
"ipChain":
[
{
"geographicalContext":
{
"city": "San Francisco",
"country": "United States",
"geolocation":
{
"lat": 37.8199,
"lon": 122.4783
},
"postalCode": "94016",
"state": "California"
},
"ip": "198.51.100.1",
"source": null,
"version": "V4"
}
]
},
"securityContext":
{
"asNumber": 14618,
"asOrg": "amazon corporate llc",
"domain": "amazon.com",
"isProxy": false,
"isp": "amazon.com inc"
},
"severity": "INFO",
"target":
[
{
"alternateId": "john@example.com",
"detailEntry": null,
"displayName": "John Doe",
"id": "00ua1aaaa1abc0A0B987",
"type": "User"
}
],
"transaction":
{
"detail":
{},
"id": "111111111111111111111111111",
"type": "WEB"
},
"uuid": "11111111-2222-3333-4444-abcdef111111111111",
"version": 0
}
Events (8)
Creates a security configuration policy or enables settings.
Creates a security configuration policy or enables settings.
{
"actor":
{
"alternateId": "alice@example.com",
"detailEntry": null,
"displayName": "Alice Brown",
"id": "00ua1aaaa1abc0A0B123",
"type": "User"
},
"authenticationContext":
{
"authenticationProvider": null,
"authenticationStep": 0,
"credentialProvider": null,
"credentialType": null,
"externalSessionId": "10234ABC123abc1234abc1234",
"interface": null,
"issuer": null
},
"client":
{
"device": "Computer",
"geographicalContext":
{
"city": "San Francisco",
"country": "United States",
"geolocation":
{
"lat": 37.8199,
"lon": 122.4783
},
"postalCode": "94016",
"state": "California"
},
"id": null,
"ipAddress": "198.51.100.1",
"userAgent":
{
"browser": "CHROME",
"os": "Mac OS X",
"rawUserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36"
},
"zone": "null"
},
"debugContext":
{
"debugData":
{
"dtHash": "123aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
"protocol": "OIDC",
"requestId": "ABCD111111111111111111111111",
"requestUri": "/api/v1/idps",
"url": "/api/v1/idps?"
}
},
"displayMessage": "Create an Identity Provider",
"eventType": "system.idp.lifecycle.create",
"outcome":
{
"reason": null,
"result": "SUCCESS"
},
"published": "2023-09-14T20:33:22.575Z",
"request":
{
"ipChain":
[
{
"geographicalContext":
{
"city": "San Francisco",
"country": "United States",
"geolocation":
{
"lat": 37.8199,
"lon": 122.4783
},
"postalCode": "94016",
"state": "California"
},
"ip": "198.51.100.1",
"source": null,
"version": "V4"
}
]
},
"securityContext":
{
"asNumber": 14618,
"asOrg": "amazon corporate llc",
"domain": "amazon.com",
"isProxy": false,
"isp": "amazon.com inc"
},
"severity": "INFO",
"target":
[
{
"alternateId": "oin_salesforce_idp",
"detailEntry": null,
"displayName": "Salesforce IDP",
"id": "00ua1aaaa1abc0A0B987",
"type": "IdentityProvider"
}
],
"transaction":
{
"detail":
{},
"id": "111111111111111111111111111",
"type": "WEB"
},
"uuid": "11111111-2222-3333-4444-abcdef111111111111",
"version": 0
}
Reads a security configuration policy or settings.
Reads a security configuration policy or settings.
Updates a security configuration policy or settings.
Updates a security configuration policy or settings.
{
"actor":
{
"alternateId": "alice@example.com",
"detailEntry": null,
"displayName": "Alice Brown",
"id": "00ua1aaaa1abc0A0B123",
"type": "User"
},
"authenticationContext":
{
"authenticationProvider": null,
"authenticationStep": 0,
"credentialProvider": null,
"credentialType": null,
"externalSessionId": "10234ABC123abc1234abc1234",
"interface": null,
"issuer": null
},
"client":
{
"device": "Computer",
"geographicalContext":
{
"city": "San Francisco",
"country": "United States",
"geolocation":
{
"lat": 37.8199,
"lon": 122.4783
},
"postalCode": "94016",
"state": "California"
},
"id": null,
"ipAddress": "198.51.100.1",
"userAgent":
{
"browser": "CHROME",
"os": "Windows 10",
"rawUserAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36"
},
"zone": "null"
},
"debugContext":
{
"debugData":
{
"dtHash": "123aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
"requestId": "ABCD111111111111111111111111",
"requestUri": "/api/v1/zones/nzua1aaaa1abc0A0B987",
"url": "/api/v1/zones/nzua1aaaa1abc0A0B987?",
"zoneData":
{
"gateways":
[
{
"type": "CIDR",
"value": "10.0.0.1/32"
},
{
"type": "CIDR",
"value": "172.31.0.1/32"
},
{
"type": "CIDR",
"value": "192.168.1.0/24"
}
],
"proxies":
[],
"type": "IP"
}
}
},
"displayMessage": "Network zone update",
"eventType": "zone.update",
"outcome":
{
"reason": null,
"result": "SUCCESS"
},
"published": "2023-09-12T01:40:39.219Z",
"request":
{
"ipChain":
[
{
"geographicalContext":
{
"city": "San Francisco",
"country": "United States",
"geolocation":
{
"lat": 37.8199,
"lon": 122.4783
},
"postalCode": "94016",
"state": "California"
},
"ip": "198.51.100.1",
"source": null,
"version": "V4"
}
]
},
"securityContext":
{
"asNumber": 14618,
"asOrg": "amazon corporate llc",
"domain": "amazon.com",
"isProxy": false,
"isp": "amazon.com inc"
},
"severity": "INFO",
"target":
[
{
"alternateId": "unknown",
"detailEntry": null,
"displayName": "Custon Okta Network Zone",
"id": "nzua1aaaa1abc0A0B987",
"type": "NetworkZoneEntity"
}
],
"transaction":
{
"detail":
{},
"id": "111111111111111111111111111",
"type": "WEB"
},
"uuid": "11111111-2222-3333-4444-abcdef111111111111",
"version": 0
}
Removes or deletes a security configuration policy or setting.
Removes or deletes a security configuration policy or setting.
{
"actor":
{
"alternateId": "alice@example.com",
"detailEntry": null,
"displayName": "Alice Brown",
"id": "00ua1aaaa1abc0A0B123",
"type": "User"
},
"authenticationContext":
{
"authenticationProvider": null,
"authenticationStep": 0,
"credentialProvider": null,
"credentialType": null,
"externalSessionId": "10234ABC123abc1234abc1234",
"interface": null,
"issuer": null
},
"client":
{
"device": "Computer",
"geographicalContext":
{
"city": "San Francisco",
"country": "United States",
"geolocation":
{
"lat": 37.8199,
"lon": 122.4783
},
"postalCode": "94016",
"state": "California"
},
"id": null,
"ipAddress": "198.51.100.1",
"userAgent":
{
"browser": "CHROME",
"os": "Mac OS X",
"rawUserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36"
},
"zone": "null"
},
"debugContext":
{
"debugData":
{
"dtHash": "123aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
"requestId": "ABCD111111111111111111111111",
"requestUri": "/api/v1/behaviors/00ua1aaaa1abc0A0B987",
"url": "/api/v1/behaviors/00ua1aaaa1abc0A0B987?"
}
},
"displayMessage": "A behavior setting was deleted",
"eventType": "security.behavior.settings.delete",
"outcome":
{
"reason": null,
"result": "SUCCESS"
},
"published": "2023-09-14T20:34:41.030Z",
"request":
{
"ipChain":
[
{
"geographicalContext":
{
"city": "San Francisco",
"country": "United States",
"geolocation":
{
"lat": 37.8199,
"lon": 122.4783
},
"postalCode": "94016",
"state": "California"
},
"ip": "198.51.100.1",
"source": null,
"version": "V4"
}
]
},
"securityContext":
{
"asNumber": 14618,
"asOrg": "amazon corporate llc",
"domain": "amazon.com",
"isProxy": false,
"isp": "amazon.com inc"
},
"severity": "INFO",
"target":
[
{
"alternateId": "unknown",
"detailEntry":
{
"behaviorType": "ANOMALOUS_LOCATION"
},
"displayName": "Adding Location Behavior",
"id": "00ua1aaaa1abc0A0B987",
"type": "BehaviorSettings"
}
],
"transaction":
{
"detail":
{},
"id": "111111111111111111111111111",
"type": "WEB"
},
"uuid": "11111111-2222-3333-4444-abcdef111111111111",
"version": 0
}
Creates a new integration.
Creates a new integration.
{
"actor":
{
"alternateId": "alice@example.com",
"detailEntry": null,
"displayName": "Alice Brown",
"id": "00ua1aaaa1abc0A0B123",
"type": "User"
},
"authenticationContext":
{
"authenticationProvider": null,
"authenticationStep": 0,
"credentialProvider": null,
"credentialType": null,
"externalSessionId": "10234ABC123abc1234abc1234",
"interface": null,
"issuer": null
},
"client":
{
"device": "Computer",
"geographicalContext":
{
"city": "San Francisco",
"country": "United States",
"geolocation":
{
"lat": 37.8199,
"lon": 122.4783
},
"postalCode": "94016",
"state": "California"
},
"id": null,
"ipAddress": "198.51.100.1",
"userAgent":
{
"browser": "CHROME",
"os": "Mac OS X",
"rawUserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36"
},
"zone": "null"
},
"debugContext":
{
"debugData":
{
"appVersion": "00000000-1111-2222-3333-444444444444",
"dtHash": "123aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
"requestId": "ABCD111111111111111111111111",
"requestUri": "/api/internal/orgadmin/apps/saml",
"url": "/api/internal/orgadmin/apps/saml?"
}
},
"displayMessage": "Create application",
"eventType": "application.lifecycle.create",
"outcome":
{
"reason": null,
"result": "SUCCESS"
},
"published": "2023-09-14T20:37:50.674Z",
"request":
{
"ipChain":
[
{
"geographicalContext":
{
"city": "San Francisco",
"country": "United States",
"geolocation":
{
"lat": 37.8199,
"lon": 122.4783
},
"postalCode": "94016",
"state": "California"
},
"ip": "198.51.100.1",
"source": null,
"version": "V4"
}
]
},
"securityContext":
{
"asNumber": 14618,
"asOrg": "amazon corporate llc",
"domain": "amazon.com",
"isProxy": false,
"isp": "amazon.com inc"
},
"severity": "INFO",
"target":
[
{
"alternateId": "Salesforce",
"detailEntry": null,
"displayName": "Salesforce",
"id": "00ua1aaaa1abc0A0B987",
"type": "AppInstance"
},
{
"alternateId": "alice@example.com",
"detailEntry": null,
"displayName": "Alice Brown",
"id": "00ua1aaaa1abc0A0B123",
"type": "User"
}
],
"transaction":
{
"detail":
{},
"id": "111111111111111111111111111",
"type": "WEB"
},
"uuid": "11111111-2222-3333-4444-abcdef111111111111",
"version": 0
}
Reads an existing integration.
Reads an existing integration.
Updates an existing integration.
Updates an existing integration.
{
"actor":
{
"alternateId": "alice@example.com",
"detailEntry": null,
"displayName": "Alice Brown",
"id": "00ua1aaaa1abc0A0B123",
"type": "User"
},
"authenticationContext":
{
"authenticationProvider": null,
"authenticationStep": 0,
"credentialProvider": null,
"credentialType": null,
"externalSessionId": "10234ABC123abc1234abc1234",
"interface": null,
"issuer": null
},
"client":
{
"device": "Computer",
"geographicalContext":
{
"city": "San Francisco",
"country": "United States",
"geolocation":
{
"lat": 37.8199,
"lon": 122.4783
},
"postalCode": "94016",
"state": "California"
},
"id": null,
"ipAddress": "198.51.100.1",
"userAgent":
{
"browser": "CHROME",
"os": "Mac OS X",
"rawUserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36"
},
"zone": "null"
},
"debugContext":
{
"debugData":
{
"customMessage": "Sign on method changed, Sign on method changed",
"dtHash": "123aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
"requestId": "ABCD111111111111111111111111",
"newSignonModeType": "SAML_2_0",
"oldSignonModeType": "BROWSER_PLUGIN",
"requestUri": "/admin/app/salesforce/instance/00ua1aaaa1abc0A0B345/settings/sso",
"url": "/admin/app/salesforce/instance/00ua1aaaa1abc0A0B345/settings/sso?"
}
},
"displayMessage": "Update application",
"eventType": "application.lifecycle.update",
"outcome":
{
"reason": "Sign on method changed, Sign on method changed",
"result": "SUCCESS"
},
"published": "2023-09-14T20:39:48.184Z",
"request":
{
"ipChain":
[
{
"geographicalContext":
{
"city": "San Francisco",
"country": "United States",
"geolocation":
{
"lat": 37.8199,
"lon": 122.4783
},
"postalCode": "94016",
"state": "California"
},
"ip": "198.51.100.1",
"source": null,
"version": "V4"
}
]
},
"securityContext":
{
"asNumber": 14618,
"asOrg": "amazon corporate llc",
"domain": "amazon.com",
"isProxy": false,
"isp": "amazon.com inc"
},
"severity": "INFO",
"target":
[
{
"alternateId": "Salesforce",
"detailEntry": null,
"displayName": "Salesforce",
"id": "00ua1aaaa1abc0A0B345",
"type": "AppInstance"
}
],
"transaction":
{
"detail":
{},
"id": "111111111111111111111111111",
"type": "WEB"
},
"uuid": "11111111-2222-3333-4444-abcdef111111111111",
"version": 0
}
Removes or deletes an existing integration.
Removes or deletes an existing integration.
{
"actor":
{
"alternateId": "alice@example.com",
"detailEntry": null,
"displayName": "Alice Brown",
"id": "00ua1aaaa1abc0A0B123",
"type": "User"
},
"authenticationContext":
{
"authenticationProvider": null,
"authenticationStep": 0,
"credentialProvider": null,
"credentialType": null,
"externalSessionId": "10234ABC123abc1234abc1234",
"interface": null,
"issuer": null
},
"client":
{
"device": "Computer",
"geographicalContext":
{
"city": "San Francisco",
"country": "United States",
"geolocation":
{
"lat": 37.8199,
"lon": 122.4783
},
"postalCode": "94016",
"state": "California"
},
"id": null,
"ipAddress": "198.51.100.1",
"userAgent":
{
"browser": "CHROME",
"os": "Mac OS X",
"rawUserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36"
},
"zone": "null"
},
"debugContext":
{
"debugData":
{
"dtHash": "123aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
"requestId": "ABCD111111111111111111111111",
"requestUri": "/admin/app/dev-salesforce_1/delete/00ua1aaaa1abc0A0B987",
"url": "/admin/app/dev-salesforce_1/delete/00ua1aaaa1abc0A0B987?"
}
},
"displayMessage": "Delete application",
"eventType": "application.lifecycle.delete",
"outcome":
{
"reason": null,
"result": "SUCCESS"
},
"published": "2023-09-14T20:38:09.948Z",
"request":
{
"ipChain":
[
{
"geographicalContext":
{
"city": "San Francisco",
"country": "United States",
"geolocation":
{
"lat": 37.8199,
"lon": 122.4783
},
"postalCode": "94016",
"state": "California"
},
"ip": "198.51.100.1",
"source": null,
"version": "V4"
}
]
},
"securityContext":
{
"asNumber": 14618,
"asOrg": "amazon corporate llc",
"domain": "amazon.com",
"isProxy": false,
"isp": "amazon.com inc"
},
"severity": "INFO",
"target":
[
{
"alternateId": "Salesforce",
"detailEntry": null,
"displayName": "Salesforce",
"id": "00ua1aaaa1abc0A0B987",
"type": "AppInstance"
}
],
"transaction":
{
"detail":
{},
"id": "111111111111111111111111111",
"type": "WEB"
},
"uuid": "11111111-2222-3333-4444-abcdef111111111111",
"version": 0
}
Events (5)
A resource was created.
A resource was created.
{
"actor":
{
"alternateId": "alice@example.com",
"detailEntry": null,
"displayName": "Alice Brown",
"id": "00ua1aaaa1abc0A0B123",
"type": "User"
},
"authenticationContext":
{
"authenticationProvider": null,
"authenticationStep": 0,
"credentialProvider": null,
"credentialType": null,
"externalSessionId": "10234ABC123abc1234abc1234",
"interface": null,
"issuer": null
},
"client":
{
"device": "Computer",
"geographicalContext":
{
"city": "San Francisco",
"country": "United States",
"geolocation":
{
"lat": 37.8199,
"lon": 122.4783
},
"postalCode": "94016",
"state": "California"
},
"id": null,
"ipAddress": "198.51.100.1",
"userAgent":
{
"browser": "CHROMIUM_EDGE",
"os": "Windows 10",
"rawUserAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36 Edg/116.0.1938.81"
},
"zone": "null"
},
"debugContext":
{
"debugData":
{
"concurrencyPercentage": "50",
"dtHash": "123aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
"rateLimitPercentage": "50",
"requestId": "ABCD111111111111111111111111",
"requestUri": "/api/internal/tokens",
"url": "/api/internal/tokens?expand=user"
}
},
"displayMessage": "Create API token",
"eventType": "system.api_token.create",
"outcome":
{
"reason": null,
"result": "SUCCESS"
},
"published": "2023-09-14T15:00:54.589Z",
"request":
{
"ipChain":
[
{
"geographicalContext":
{
"city": "San Francisco",
"country": "United States",
"geolocation":
{
"lat": 37.8199,
"lon": 122.4783
},
"postalCode": "94016",
"state": "California"
},
"ip": "198.51.100.1",
"source": null,
"version": "V4"
}
]
},
"securityContext":
{
"asNumber": 14618,
"asOrg": "amazon corporate llc",
"domain": "amazon.com",
"isProxy": false,
"isp": "amazon.com inc"
},
"severity": "INFO",
"target":
[
{
"alternateId": "unknown",
"detailEntry": null,
"displayName": "external_api_token",
"id": "00ua1aaaa1abc0A0B456",
"type": "Token"
}
],
"transaction":
{
"detail":
{},
"id": "111111111111111111111111111",
"type": "WEB"
},
"uuid": "11111111-2222-3333-4444-abcdef111111111111",
"version": 0
}
A resource was read.
A resource was read.
A resource was updated.
A resource was updated.
{
"actor":
{
"alternateId": "alice@example.com",
"detailEntry": null,
"displayName": "Alice Brown",
"id": "00ua1aaaa1abc0A0B123",
"type": "User"
},
"authenticationContext":
{
"authenticationProvider": null,
"authenticationStep": 0,
"credentialProvider": null,
"credentialType": null,
"externalSessionId": "10234ABC123abc1234abc1234",
"interface": null,
"issuer": null
},
"client":
{
"device": "Computer",
"geographicalContext":
{
"city": "San Francisco",
"country": "United States",
"geolocation":
{
"lat": 37.8199,
"lon": 122.4783
},
"postalCode": "94016",
"state": "California"
},
"id": null,
"ipAddress": "198.51.100.1",
"userAgent":
{
"browser": "CHROME",
"os": "Windows 10",
"rawUserAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36"
},
"zone": "null"
},
"debugContext":
{
"debugData":
{
"dtHash": "123aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
"requestId": "ABCD111111111111111111111111",
"requestUri": "/api/v1/groups/rules/00ua1aaaa1abc0A0B567",
"url": "/api/v1/groups/rules/00ua1aaaa1abc0A0B567?"
}
},
"displayMessage": "Update policy rule",
"eventType": "policy.rule.update",
"outcome":
{
"reason": null,
"result": "SUCCESS"
},
"published": "2023-09-19T20:41:41.654Z",
"request":
{
"ipChain":
[
{
"geographicalContext":
{
"city": "San Francisco",
"country": "United States",
"geolocation":
{
"lat": 37.8199,
"lon": 122.4783
},
"postalCode": "94016",
"state": "California"
},
"ip": "198.51.100.1",
"source": null,
"version": "V4"
}
]
},
"securityContext":
{
"asNumber": 14618,
"asOrg": "amazon corporate llc",
"domain": "amazon.com",
"isProxy": false,
"isp": "amazon.com inc"
},
"severity": "INFO",
"target":
[
{
"alternateId": "unknown",
"detailEntry":
{
"policyType": "group_rule"
},
"displayName": "group rule default policy",
"id": "00ua1aaaa1abc0A0B567",
"type": "PolicyEntity"
},
{
"alternateId": "Salesforce",
"detailEntry": null,
"displayName": "Salesforce",
"id": "00ua1aaaa1abc0A0B987",
"type": "PolicyRule"
}
],
"transaction":
{
"detail":
{},
"id": "111111111111111111111111111",
"type": "WEB"
},
"uuid": "11111111-2222-3333-4444-abcdef111111111111",
"version": 0
}
A resource was removed or deleted.
A resource was removed or deleted.
{
"actor":
{
"alternateId": "alice@example.com",
"detailEntry": null,
"displayName": "Alice Brown",
"id": "00ua1aaaa1abc0A0B123",
"type": "User"
},
"authenticationContext":
{
"authenticationProvider": null,
"authenticationStep": 0,
"credentialProvider": null,
"credentialType": null,
"externalSessionId": "10234ABC123abc1234abc1234",
"interface": null,
"issuer": null
},
"client":
{
"device": "Computer",
"geographicalContext":
{
"city": "San Francisco",
"country": "United States",
"geolocation":
{
"lat": 37.8199,
"lon": 122.4783
},
"postalCode": "94016",
"state": "California"
},
"id": null,
"ipAddress": "198.51.100.1",
"userAgent":
{
"browser": "CHROMIUM_EDGE",
"os": "Windows 10",
"rawUserAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36 Edg/116.0.1938.81"
},
"zone": "null"
},
"debugContext":
{
"debugData":
{
"sessionId": "11111111-0000-2222-3333-999999999999"
}
},
"displayMessage": "Flow deleted",
"eventType": "workflows.user.flow.delete",
"outcome":
{
"reason": null,
"result": "SUCCESS"
},
"published": "2023-09-18T19:16:16.459Z",
"request":
{
"ipChain":
[
{
"geographicalContext":
{
"city": "San Francisco",
"country": "United States",
"geolocation":
{
"lat": 37.8199,
"lon": 122.4783
},
"postalCode": "94016",
"state": "California"
},
"ip": "198.51.100.1",
"source": null,
"version": "V4"
}
]
},
"securityContext":
{
"asNumber": 14618,
"asOrg": "amazon corporate llc",
"domain": "amazon.com",
"isProxy": false,
"isp": "amazon.com inc"
},
"securityContext": null,
"severity": "INFO",
"target":
[
{
"alternateId": "Okta Workflows",
"detailEntry": null,
"displayName": "Okta Workflows",
"id": "00ua1aaaa1abc0A0B987",
"type": "AppInstance"
},
{
"alternateId": "Custom Okta Workflow with Slack",
"detailEntry": null,
"displayName": "Custom Okta Workflow with Slack",
"id": "123456",
"type": "Flow"
}
],
"transaction":
{
"detail":
{},
"id": "111111111111111111111111111",
"type": "WEB"
},
"uuid": "11111111-2222-3333-4444-abcdef111111111111",
"version": 0
}
A resource was downloaded.
A resource was downloaded.
{
"actor":
{
"alternateId": "alice@example.com",
"detailEntry": null,
"displayName": "Alice Brown",
"id": "00ua1aaaa1abc0A0B123",
"type": "User"
},
"authenticationContext":
{
"authenticationProvider": null,
"authenticationStep": 0,
"credentialProvider": null,
"credentialType": null,
"externalSessionId": "10234ABC123abc1234abc1234",
"interface": null,
"issuer": null
},
"client":
{
"device": "Computer",
"geographicalContext":
{
"city": "San Francisco",
"country": "United States",
"geolocation":
{
"lat": 37.8199,
"lon": 122.4783
},
"postalCode": "94016",
"state": "California"
},
"id": null,
"ipAddress": "198.51.100.1",
"userAgent":
{
"browser": "CHROME",
"os": "Windows 10",
"rawUserAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36"
},
"zone": "null"
},
"debugContext":
{
"debugData":
{
"dtHash": "123aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
"jobid": "mfa88888888888888888",
"requestId": "ABCD111111111111111111111111",
"requestUri": "/reports/user/mfa/download/mfa88888888888888888.csv",
"url": "/reports/user/mfa/download/mfa88888888888888888.csv?"
}
},
"displayMessage": "Report CSV Export Downloaded",
"eventType": "analytics.reports.export.download",
"outcome":
{
"reason": null,
"result": "SUCCESS"
},
"published": "2023-09-14T17:45:28.879Z",
"request":
{
"ipChain":
[
{
"geographicalContext":
{
"city": "San Francisco",
"country": "United States",
"geolocation":
{
"lat": 37.8199,
"lon": 122.4783
},
"postalCode": "94016",
"state": "California"
},
"ip": "198.51.100.1",
"source": null,
"version": "V4"
}
]
},
"securityContext":
{
"asNumber": 14618,
"asOrg": "amazon corporate llc",
"domain": "amazon.com",
"isProxy": false,
"isp": "amazon.com inc"
},
"severity": "INFO",
"target":
[
{
"alternateId": "unknown",
"detailEntry": null,
"displayName": "MFA Usage",
"id": "mfa",
"type": "Report"
}
],
"transaction":
{
"detail":
{},
"id": "111111111111111111111111111",
"type": "WEB"
},
"uuid": "11111111-2222-3333-4444-abcdef111111111111",
"version": 0
}
The Okta System Log API provides near real-time, read-only access to an organization's system log.
Storage Duration: System Log events are retained in Okta for a period of 90 days.
https://support.okta.com/help/s/article/Customer-Data-Retention-Policy?language=en_US
Duration: Near real-time
https://support.okta.com/help/s/article/Customer-Data-Retention-Policy?language=en_US
Okta is a cloud-based identity and access management (IAM) platform that provides centralized authentication, management of user identities, and access control to applications and data. The Okta System Log records events related to an organization, such as user logins, password changes, and application access. The System Log can be used to understand platform and user activity, troubleshoot problems, and investigate security incidents. The Okta System Log API is a RESTful API that allows an organization to programmatically access the Okta System Log. The API provides a way to retrieve, filter, and export events.
The Okta System Log API provides near real-time, read-only access to an organization's system log.
Events (3)
An account attempted to login to a system.
An account attempted to login to a system.
{
"account_id": 12345,
"actor_system": "",
"actor_user_id": 12345561,
"actor_user_name": "John Doe",
"app_id": null,
"app_name": null,
"assuming_acting_user_id": null,
"browser_fingerprint": null,
"client_id": null,
"created_at": "2015-11-26T01:11:22.575Z",
"custom_message": null,
"directory_id": null,
"directory_sync_run_id": null,
"error_description": null,
"event_type_id": 5,
"event_type_ids": null,
"group_id": null,
"group_name": null,
"id": 1234512345,
"ipaddr": null,
"notes": "Authentication method: password + OTP.",
"operation_name": null,
"otp_device_id": null,
"otp_device_name": null,
"policy_id": null,
"policy_name": null,
"proxy_ip": null,
"resolution": null,
"resource_type_id": null,
"risk_cookie_id": null,
"risk_reasons": null,
"risk_score": null,
"role_id": null,
"role_name": null,
"since": null,
"until": null,
"user_id": 12345561,
"user_name": "John Doe"
}
{
"account_id": 12345,
"actor_system": "",
"actor_user_id": 12345123,
"actor_user_name": "John Doe",
"app_id": null,
"app_name": null,
"assuming_acting_user_id": null,
"browser_fingerprint": null,
"client_id": null,
"created_at": "2015-11-26T01:31:48.144Z",
"custom_message": null,
"directory_id": null,
"directory_sync_run_id": null,
"error_description": null,
"event_type_id": 6,
"event_type_ids": null,
"group_id": null,
"group_name": null,
"id": 1234512345,
"ipaddr": "8.8.8.8",
"notes": "Authentication method: password (invalid password).",
"operation_name": null,
"otp_device_id": null,
"otp_device_name": null,
"policy_id": null,
"policy_name": null,
"proxy_ip": null,
"resolution": null,
"resource_type_id": null,
"risk_cookie_id": null,
"risk_reasons": null,
"risk_score": null,
"role_id": null,
"role_name": null,
"since": null,
"until": null,
"user_id": 12345194,
"user_name": "John Doe"
}
An account attempted to logout of a system.
An account attempted to logout of a system.
{
"account_id": 12345,
"actor_system": "",
"actor_user_id": 12345123,
"actor_user_name": "John Doe",
"app_id": null,
"app_name": null,
"assuming_acting_user_id": null,
"browser_fingerprint": null,
"client_id": null,
"created_at": "2015-11-24T16:53:16.188Z",
"custom_message": null,
"directory_id": null,
"directory_sync_run_id": null,
"error_description": null,
"event_type_id": 7,
"event_type_ids": null,
"group_id": null,
"group_name": null,
"id": 1234512345,
"ipaddr": null,
"notes": null,
"operation_name": null,
"otp_device_id": null,
"otp_device_name": null,
"policy_id": null,
"policy_name": null,
"proxy_ip": null,
"resolution": null,
"resource_type_id": null,
"risk_cookie_id": null,
"risk_reasons": null,
"risk_score": null,
"role_id": null,
"role_name": null,
"since": null,
"until": null,
"user_id": 12345629,
"user_name": "John Doe"
}
Enter or acknowledge an MFA factor which indicates success or failure.
Enter or acknowledge an MFA factor which indicates success or failure.
{
"account_id": 232548,
"actor_system": null,
"actor_user_id": 232044969,
"actor_user_name": "Harry Potter",
"app_id": null,
"app_name": null,
"assuming_acting_user_id": null,
"browser_fingerprint": null,
"client_id": null,
"created_at": "2024-02-26T21:10:40.642Z",
"custom_message": null,
"directory_id": null,
"directory_sync_run_id": null,
"error_description": null,
"event_type_id": 1400,
"event_type_ids": null,
"group_id": null,
"group_name": null,
"id": 44962098238,
"ipaddr": "8.8.8.8",
"notes": "Authentication method: OTP (Valid OTP). Factor name: OneLogin Email",
"operation_name": null,
"otp_device_id": 18013181,
"otp_device_name": "OneLogin OneLogin Email",
"policy_id": null,
"policy_name": null,
"proxy_ip": null,
"resolution": null,
"resource_type_id": null,
"risk_cookie_id": null,
"risk_reasons": null,
"risk_score": null,
"role_id": null,
"role_name": null,
"since": null,
"until": null,
"user_id": 232044969,
"user_name": "Harry Potter"
}
{
"account_id": 232548,
"actor_system": null,
"actor_user_id": 232044969,
"actor_user_name": "Harry Potter",
"app_id": null,
"app_name": null,
"assuming_acting_user_id": null,
"browser_fingerprint": null,
"client_id": null,
"created_at": "2024-02-27T23:48:09.212Z",
"custom_message": null,
"directory_id": null,
"directory_sync_run_id": null,
"error_description": null,
"event_type_id": 1002,
"event_type_ids": null,
"group_id": null,
"group_name": null,
"id": 44994186214,
"ipaddr": "8.8.8.8",
"notes": "Validation failed",
"operation_name": null,
"otp_device_id": null,
"otp_device_name": null,
"policy_id": 379268,
"policy_name": "MFA-policy-odza",
"proxy_ip": null,
"resolution": null,
"resource_type_id": null,
"risk_cookie_id": null,
"risk_reasons": null,
"risk_score": null,
"role_id": null,
"role_name": null,
"since": null,
"until": null,
"user_id": 232044969,
"user_name": "Harry Potter"
}
Events (18)
Creates a user.
Creates a user.
{
"account_id": 12345,
"actor_system": "",
"actor_user_id": 1234517,
"actor_user_name": "John Doe",
"app_id": null,
"app_name": null,
"assuming_acting_user_id": null,
"browser_fingerprint": null,
"client_id": null,
"created_at": "2015-11-20T18:29:22.202Z",
"custom_message": null,
"directory_id": null,
"directory_sync_run_id": null,
"error_description": null,
"event_type_id": 13,
"event_type_ids": null,
"group_id": null,
"group_name": null,
"id": 1234512345,
"ipaddr": "8.8.8.8",
"notes": null,
"operation_name": null,
"otp_device_id": null,
"otp_device_name": null,
"policy_id": null,
"policy_name": null,
"proxy_ip": null,
"resolution": null,
"resource_type_id": null,
"risk_cookie_id": null,
"risk_reasons": null,
"risk_score": null,
"role_id": null,
"role_name": null,
"since": null,
"until": null,
"user_id": 12345679,
"user_name": "George Washington"
}
Reads information about a user.
Reads information about a user.
Updates information about a user.
Updates information about a user.
{
"account_id": 12345,
"actor_system": "",
"actor_user_id": 12345134,
"actor_user_name": "John Doe",
"app_id": null,
"app_name": null,
"assuming_acting_user_id": null,
"browser_fingerprint": null,
"client_id": null,
"created_at": "2015-11-25T05:39:01.919Z",
"custom_message": null,
"directory_id": null,
"directory_sync_run_id": null,
"error_description": null,
"event_type_id": 14,
"event_type_ids": null,
"group_id": null,
"group_name": null,
"id": 1234512345,
"ipaddr": "8.8.8.8",
"notes": null,
"operation_name": null,
"otp_device_id": null,
"otp_device_name": null,
"policy_id": null,
"policy_name": null,
"proxy_ip": null,
"resolution": null,
"resource_type_id": null,
"risk_cookie_id": null,
"risk_reasons": null,
"risk_score": null,
"role_id": null,
"role_name": null,
"since": null,
"until": null,
"user_id": 12345280,
"user_name": "John Bon Jovi"
}
Removes or deletes a user.
Removes or deletes a user.
{
"account_id": 232548,
"actor_system": "",
"actor_user_id": 232044969,
"actor_user_name": "Harry Potter",
"app_id": null,
"app_name": null,
"assuming_acting_user_id": null,
"browser_fingerprint": null,
"client_id": null,
"created_at": "2024-02-28T17:58:03.705Z",
"custom_message": null,
"directory_id": null,
"directory_sync_run_id": null,
"error_description": null,
"event_type_id": 17,
"event_type_ids": null,
"group_id": null,
"group_name": null,
"id": 45015573454,
"ipaddr": "8.8.8.8",
"notes": null,
"operation_name": null,
"otp_device_id": null,
"otp_device_name": null,
"policy_id": null,
"policy_name": null,
"proxy_ip": null,
"resolution": null,
"resource_type_id": null,
"risk_cookie_id": null,
"risk_reasons": null,
"risk_score": null,
"role_id": null,
"role_name": null,
"since": null,
"until": null,
"user_id": 232309650,
"user_name": "John Doe"
}
Creates a logical group.
Creates a logical group.
{
"account_id": 232548,
"actor_system": "",
"actor_user_id": 226011705,
"actor_user_name": "Lance Armstrong",
"app_id": null,
"app_name": null,
"assuming_acting_user_id": null,
"browser_fingerprint": null,
"client_id": null,
"created_at": "2024-03-01T23:07:24.993Z",
"custom_message": null,
"directory_id": null,
"directory_sync_run_id": null,
"error_description": null,
"event_type_id": 3020,
"event_type_ids": null,
"group_id": 509316,
"group_name": "createdgroup",
"id": 45082115051,
"ipaddr": "8.8.8.8",
"notes": null,
"operation_name": null,
"otp_device_id": null,
"otp_device_name": null,
"policy_id": null,
"policy_name": null,
"proxy_ip": null,
"resolution": null,
"resource_type_id": null,
"risk_cookie_id": null,
"risk_reasons": null,
"risk_score": null,
"role_id": null,
"role_name": null,
"since": null,
"until": null,
"user_id": null,
"user_name": null
}
Reads a group.
Reads a group.
Updates a group.
Updates a group.
{
"account_id": 232548,
"actor_system": "",
"actor_user_id": 226011705,
"actor_user_name": "Lance Armstrong",
"app_id": null,
"app_name": null,
"assuming_acting_user_id": null,
"browser_fingerprint": null,
"client_id": null,
"created_at": "2024-03-01T23:07:45.758Z",
"custom_message": null,
"directory_id": null,
"directory_sync_run_id": null,
"error_description": null,
"event_type_id": 3021,
"event_type_ids": null,
"group_id": 509316,
"group_name": "createdgroup",
"id": 45082120012,
"ipaddr": "8.8.8.8",
"notes": "\nPolicy changed from MFA-policy-test to Default policy",
"operation_name": null,
"otp_device_id": null,
"otp_device_name": null,
"policy_id": null,
"policy_name": null,
"proxy_ip": null,
"resolution": null,
"resource_type_id": null,
"risk_cookie_id": null,
"risk_reasons": null,
"risk_score": null,
"role_id": null,
"role_name": null,
"since": null,
"until": null,
"user_id": null,
"user_name": null
}
Removes or deletes a group.
Removes or deletes a group.
{
"account_id": 232548,
"actor_system": "",
"actor_user_id": 226011705,
"actor_user_name": "Lance Armstrong",
"app_id": null,
"app_name": null,
"assuming_acting_user_id": null,
"browser_fingerprint": null,
"client_id": null,
"created_at": "2024-03-01T23:07:33.053Z",
"custom_message": null,
"directory_id": null,
"directory_sync_run_id": null,
"error_description": null,
"event_type_id": 3022,
"event_type_ids": null,
"group_id": 509222,
"group_name": "testnewgroup",
"id": 45082116944,
"ipaddr": "8.8.8.8",
"notes": null,
"operation_name": null,
"otp_device_id": null,
"otp_device_name": null,
"policy_id": null,
"policy_name": null,
"proxy_ip": null,
"resolution": null,
"resource_type_id": null,
"risk_cookie_id": null,
"risk_reasons": null,
"risk_score": null,
"role_id": null,
"role_name": null,
"since": null,
"until": null,
"user_id": null,
"user_name": null
}
Adds a service, user or account to a group.
Adds a service, user or account to a group.
{
"account_id": 232548,
"actor_system": "",
"actor_user_id": 226011705,
"actor_user_name": "Lance Armstrong",
"app_id": null,
"app_name": null,
"assuming_acting_user_id": null,
"browser_fingerprint": null,
"client_id": null,
"created_at": "2024-03-06T18:08:39.200Z",
"custom_message": null,
"directory_id": null,
"directory_sync_run_id": null,
"error_description": null,
"event_type_id": 14,
"event_type_ids": null,
"group_id": null,
"group_name": null,
"id": 45191535162,
"ipaddr": "8.8.8.8",
"notes": "changed Group to examplegroup",
"operation_name": null,
"otp_device_id": null,
"otp_device_name": null,
"policy_id": null,
"policy_name": null,
"proxy_ip": null,
"resolution": null,
"resource_type_id": null,
"risk_cookie_id": null,
"risk_reasons": null,
"risk_score": null,
"role_id": null,
"role_name": null,
"since": null,
"until": null,
"user_id": 232044969,
"user_name": "Harry Potter"
}
Removes a service, user or account from a group.
Removes a service, user or account from a group.
{
"account_id": 232548,
"actor_system": "",
"actor_user_id": 226011705,
"actor_user_name": "Lance Armstrong",
"app_id": null,
"app_name": null,
"assuming_acting_user_id": null,
"browser_fingerprint": null,
"client_id": null,
"created_at": "2024-03-06T18:15:09.794Z",
"custom_message": null,
"directory_id": null,
"directory_sync_run_id": null,
"error_description": null,
"event_type_id": 14,
"event_type_ids": null,
"group_id": null,
"group_name": null,
"id": 45191722046,
"ipaddr": "8.8.8.8",
"notes": "changed Group to None",
"operation_name": null,
"otp_device_id": null,
"otp_device_name": null,
"policy_id": null,
"policy_name": null,
"proxy_ip": null,
"resolution": null,
"resource_type_id": null,
"risk_cookie_id": null,
"risk_reasons": null,
"risk_score": null,
"role_id": null,
"role_name": null,
"since": null,
"until": null,
"user_id": 232044969,
"user_name": "Harry Potter"
}
Creates a new role.
Creates a new role.
{
"account_id": 232548,
"actor_system": "",
"actor_user_id": 226011705,
"actor_user_name": "Lance Armstrong",
"app_id": null,
"app_name": null,
"assuming_acting_user_id": null,
"browser_fingerprint": null,
"client_id": null,
"created_at": "2024-03-01T23:10:26.647Z",
"custom_message": null,
"directory_id": null,
"directory_sync_run_id": null,
"error_description": null,
"event_type_id": 1801,
"event_type_ids": null,
"group_id": null,
"group_name": null,
"id": 45082158160,
"ipaddr": "8.8.8.8",
"notes": null,
"operation_name": null,
"otp_device_id": null,
"otp_device_name": null,
"policy_id": null,
"policy_name": null,
"proxy_ip": null,
"resolution": null,
"resource_type_id": null,
"risk_cookie_id": null,
"risk_reasons": null,
"risk_score": null,
"role_id": 712587,
"role_name": "newrole",
"since": null,
"until": null,
"user_id": 226011705,
"user_name": "Lance Armstrong"
}
Reads a role.
Reads a role.
Updates a role.
Updates a role.
{
"account_id": 232548,
"actor_system": "",
"actor_user_id": 226011705,
"actor_user_name": "Lance Armstrong",
"app_id": 3184929,
"app_name": "Amiando",
"assuming_acting_user_id": null,
"browser_fingerprint": null,
"client_id": null,
"created_at": "2024-03-06T18:31:12.396Z",
"custom_message": null,
"directory_id": null,
"directory_sync_run_id": null,
"error_description": null,
"event_type_id": 1,
"event_type_ids": null,
"group_id": null,
"group_name": null,
"id": 45192178366,
"ipaddr": "8.8.8.8",
"notes": null,
"operation_name": null,
"otp_device_id": null,
"otp_device_name": null,
"policy_id": null,
"policy_name": null,
"proxy_ip": null,
"resolution": null,
"resource_type_id": null,
"risk_cookie_id": null,
"risk_reasons": null,
"risk_score": null,
"role_id": 712587,
"role_name": "newrole",
"since": null,
"until": null,
"user_id": null,
"user_name": null
}
Removes or deletes a role.
Removes or deletes a role.
{
"account_id": 232548,
"actor_system": "",
"actor_user_id": 226011705,
"actor_user_name": "Lance Armstrong",
"app_id": null,
"app_name": null,
"assuming_acting_user_id": null,
"browser_fingerprint": null,
"client_id": null,
"created_at": "2024-03-06T18:31:50.385Z",
"custom_message": null,
"directory_id": null,
"directory_sync_run_id": null,
"error_description": null,
"event_type_id": 1802,
"event_type_ids": null,
"group_id": null,
"group_name": null,
"id": 45192198208,
"ipaddr": "8.8.8.8",
"notes": null,
"operation_name": null,
"otp_device_id": null,
"otp_device_name": null,
"policy_id": null,
"policy_name": null,
"proxy_ip": null,
"resolution": null,
"resource_type_id": null,
"risk_cookie_id": null,
"risk_reasons": null,
"risk_score": null,
"role_id": 680252,
"role_name": "Default",
"since": null,
"until": null,
"user_id": 226011705,
"user_name": "Lance Armstrong"
}
Adds a permission to a resource.
Adds a permission to a resource.
{
"account_id": 232548,
"actor_system": "",
"actor_user_id": 226011705,
"actor_user_name": "Lance Armstrong",
"app_id": null,
"app_name": null,
"assuming_acting_user_id": null,
"browser_fingerprint": null,
"client_id": null,
"created_at": "2024-03-01T23:18:00.847Z",
"custom_message": null,
"directory_id": null,
"directory_sync_run_id": null,
"error_description": null,
"event_type_id": 72,
"event_type_ids": null,
"group_id": null,
"group_name": null,
"id": 45082260689,
"ipaddr": "8.8.8.8",
"notes": null,
"operation_name": null,
"otp_device_id": null,
"otp_device_name": null,
"policy_id": null,
"policy_name": null,
"proxy_ip": null,
"resolution": null,
"resource_type_id": null,
"risk_cookie_id": null,
"risk_reasons": null,
"risk_score": null,
"role_id": null,
"role_name": null,
"since": null,
"until": null,
"user_id": 232044969,
"user_name": "Harry Potter"
}
Removes a permission from a resource.
Removes a permission from a resource.
{
"account_id": 232548,
"actor_system": "",
"actor_user_id": 226011705,
"actor_user_name": "Lance Armstrong",
"app_id": null,
"app_name": null,
"assuming_acting_user_id": null,
"browser_fingerprint": null,
"client_id": null,
"created_at": "2024-02-26T19:03:42.544Z",
"custom_message": null,
"directory_id": null,
"directory_sync_run_id": null,
"error_description": null,
"event_type_id": 73,
"event_type_ids": null,
"group_id": null,
"group_name": null,
"id": 44958862055,
"ipaddr": "8.8.8.8",
"notes": null,
"operation_name": null,
"otp_device_id": null,
"otp_device_name": null,
"policy_id": null,
"policy_name": null,
"proxy_ip": null,
"resolution": null,
"resource_type_id": null,
"risk_cookie_id": null,
"risk_reasons": null,
"risk_score": null,
"role_id": null,
"role_name": null,
"since": null,
"until": null,
"user_id": 232044969,
"user_name": "Harry Potter"
}
A MFA enrollment was added to an account.
A MFA enrollment was added to an account.
{
"account_id": 12345,
"actor_system": "",
"actor_user_id": 12345629,
"actor_user_name": "John Doe",
"app_id": null,
"app_name": null,
"assuming_acting_user_id": null,
"browser_fingerprint": null,
"client_id": null,
"created_at": "2015-11-24T09:02:46.359Z",
"custom_message": null,
"directory_id": null,
"directory_sync_run_id": null,
"error_description": null,
"event_type_id": 22,
"event_type_ids": null,
"group_id": null,
"group_name": null,
"id": 1234512345,
"ipaddr": null,
"notes": null,
"operation_name": null,
"otp_device_id": 123456,
"otp_device_name": "john.doe@ext.acmecorp.com",
"policy_id": null,
"policy_name": null,
"proxy_ip": null,
"resolution": null,
"resource_type_id": null,
"risk_cookie_id": null,
"risk_reasons": null,
"risk_score": null,
"role_id": null,
"role_name": null,
"since": null,
"until": null,
"user_id": 12345629,
"user_name": "John Doe"
}
A MFA enrollment was removed from an account.
A MFA enrollment was removed from an account.
{
"account_id": 232548,
"actor_system": "",
"actor_user_id": 226011705,
"actor_user_name": "Lance Armstrong",
"app_id": null,
"app_name": null,
"assuming_acting_user_id": null,
"browser_fingerprint": null,
"client_id": null,
"created_at": "2024-02-26T21:11:23.835Z",
"custom_message": null,
"directory_id": null,
"directory_sync_run_id": null,
"error_description": null,
"event_type_id": 24,
"event_type_ids": null,
"group_id": null,
"group_name": null,
"id": 44962113859,
"ipaddr": "8.8.8.8",
"notes": null,
"operation_name": null,
"otp_device_id": 18013181,
"otp_device_name": "OneLogin Email",
"policy_id": null,
"policy_name": null,
"proxy_ip": null,
"resolution": null,
"resource_type_id": null,
"risk_cookie_id": null,
"risk_reasons": null,
"risk_score": null,
"role_id": null,
"role_name": null,
"since": null,
"until": null,
"user_id": 232044969,
"user_name": "Harry Potter"
}
Events (8)
Creates a security configuration policy or enables settings.
Creates a security configuration policy or enables settings.
Reads a security configuration policy or settings.
Reads a security configuration policy or settings.
Updates a security configuration policy or settings.
Updates a security configuration policy or settings.
Removes or deletes a security configuration policy or setting.
Removes or deletes a security configuration policy or setting.
Creates a new integration.
Creates a new integration.
{
"account_id": 232548,
"actor_system": "",
"actor_user_id": 232044969,
"actor_user_name": "Harry Potter",
"app_id": 3159937,
"app_name": "43 Things",
"assuming_acting_user_id": null,
"browser_fingerprint": null,
"client_id": null,
"created_at": "2024-02-27T20:37:13.351Z",
"custom_message": null,
"directory_id": null,
"directory_sync_run_id": null,
"error_description": null,
"event_type_id": 600,
"event_type_ids": null,
"group_id": null,
"group_name": null,
"id": 44990112363,
"ipaddr": "8.8.8.8",
"notes": null,
"operation_name": null,
"otp_device_id": null,
"otp_device_name": null,
"policy_id": null,
"policy_name": null,
"proxy_ip": null,
"resolution": null,
"resource_type_id": null,
"risk_cookie_id": null,
"risk_reasons": null,
"risk_score": null,
"role_id": null,
"role_name": null,
"since": null,
"until": null,
"user_id": 232044969,
"user_name": "Harry Potter"
}
Reads an existing integration.
Reads an existing integration.
Updates an existing integration.
Updates an existing integration.
{
"account_id": 232548,
"actor_system": "",
"actor_user_id": 226011705,
"actor_user_name": "Lance Armstrong",
"app_id": 3159998,
"app_name": "Anaplan",
"assuming_acting_user_id": null,
"browser_fingerprint": null,
"client_id": null,
"created_at": "2024-03-04T17:47:42.846Z",
"custom_message": null,
"directory_id": null,
"directory_sync_run_id": null,
"error_description": null,
"event_type_id": 601,
"event_type_ids": null,
"group_id": null,
"group_name": null,
"id": 45133717008,
"ipaddr": "8.8.8.8",
"notes": null,
"operation_name": null,
"otp_device_id": null,
"otp_device_name": null,
"policy_id": null,
"policy_name": null,
"proxy_ip": null,
"resolution": null,
"resource_type_id": null,
"risk_cookie_id": null,
"risk_reasons": null,
"risk_score": null,
"role_id": null,
"role_name": null,
"since": null,
"until": null,
"user_id": 226011705,
"user_name": "Lance Armstrong"
}
Removes or deletes an existing integration.
Removes or deletes an existing integration.
{
"account_id": 232548,
"actor_system": "",
"actor_user_id": 232044969,
"actor_user_name": "Harry Potter",
"app_id": 3159937,
"app_name": "43 Things",
"assuming_acting_user_id": null,
"browser_fingerprint": null,
"client_id": null,
"created_at": "2024-02-27T20:38:22.572Z",
"custom_message": null,
"directory_id": null,
"directory_sync_run_id": null,
"error_description": null,
"event_type_id": 602,
"event_type_ids": null,
"group_id": null,
"group_name": null,
"id": 44990138411,
"ipaddr": "",
"notes": null,
"operation_name": null,
"otp_device_id": null,
"otp_device_name": null,
"policy_id": null,
"policy_name": null,
"proxy_ip": null,
"resolution": null,
"resource_type_id": null,
"risk_cookie_id": null,
"risk_reasons": null,
"risk_score": null,
"role_id": null,
"role_name": null,
"since": null,
"until": null,
"user_id": 232044969,
"user_name": "Harry Potter"
}
Events (5)
A resource was created.
A resource was created.
{
"account_id": 232548,
"actor_system": "",
"actor_user_id": 226011705,
"actor_user_name": "Lance Armstrong",
"app_id": null,
"app_name": null,
"assuming_acting_user_id": null,
"browser_fingerprint": null,
"client_id": null,
"created_at": "2024-02-28T18:31:48.480Z",
"custom_message": null,
"directory_id": null,
"directory_sync_run_id": null,
"error_description": null,
"event_type_id": 179,
"event_type_ids": null,
"group_id": null,
"group_name": null,
"id": 45016591484,
"ipaddr": "8.8.8.8",
"notes": null,
"operation_name": null,
"otp_device_id": null,
"otp_device_name": null,
"policy_id": null,
"policy_name": null,
"proxy_ip": null,
"resolution": null,
"resource_type_id": null,
"risk_cookie_id": null,
"risk_reasons": null,
"risk_score": null,
"role_id": null,
"role_name": null,
"since": null,
"until": null,
"user_id": 226011705,
"user_name": "Lance Armstrong"
}
A resource was read.
A resource was read.
A resource was updated.
A resource was updated.
A resource was removed or deleted.
A resource was removed or deleted.
{
"account_id": 232548,
"actor_system": "",
"actor_user_id": 226011705,
"actor_user_name": "Lance Armstrong",
"app_id": null,
"app_name": null,
"assuming_acting_user_id": null,
"browser_fingerprint": null,
"client_id": null,
"created_at": "2024-03-04T17:54:07.805Z",
"custom_message": null,
"directory_id": null,
"directory_sync_run_id": null,
"error_description": null,
"event_type_id": 180,
"event_type_ids": null,
"group_id": null,
"group_name": null,
"id": 45133880563,
"ipaddr": "8.8.8.8",
"notes": null,
"operation_name": null,
"otp_device_id": null,
"otp_device_name": null,
"policy_id": null,
"policy_name": null,
"proxy_ip": null,
"resolution": null,
"resource_type_id": null,
"risk_cookie_id": null,
"risk_reasons": null,
"risk_score": null,
"role_id": null,
"role_name": null,
"since": null,
"until": null,
"user_id": 226011705,
"user_name": "Lance Armstrong"
}
A resource was downloaded.
A resource was downloaded.
{
"account_id": 232548,
"actor_system": "",
"actor_user_id": 226011705,
"actor_user_name": "Lance Armstrong",
"app_id": null,
"app_name": null,
"assuming_acting_user_id": null,
"browser_fingerprint": null,
"client_id": null,
"created_at": "2024-03-04T17:58:38.133Z",
"custom_message": null,
"directory_id": null,
"directory_sync_run_id": null,
"error_description": null,
"event_type_id": 27,
"event_type_ids": null,
"group_id": null,
"group_name": null,
"id": 45133990798,
"ipaddr": "8.8.8.8",
"notes": null,
"operation_name": null,
"otp_device_id": null,
"otp_device_name": null,
"policy_id": null,
"policy_name": null,
"proxy_ip": null,
"resolution": null,
"resource_type_id": null,
"risk_cookie_id": null,
"risk_reasons": null,
"risk_score": null,
"role_id": null,
"role_name": null,
"since": null,
"until": null,
"user_id": 232044969,
"user_name": "Harry Potter"
}
The OneLogin events API provides near real-time, read-only access to an organization's activity log.
Storage Duration: Unknown
N/A
Duration: Near real-time
N/A
OneLogin is a cloud-based identity and access management (IAM) platform that provides centralized authentication, management of user identities, and access control to applications and data. OneLogin Events record logs related to an organization, such as user logins, password changes, and application access. The Events can be used to understand platform and user activity, troubleshoot problems, and investigate security incidents. The OneLogin Get Events API allows an organization to programmatically access the OneLogin Event logs. The API provides a way to retrieve, filter, and export events.
The OneLogin Get Events API provides near real-time, read-only access to an organization's event log.
Events (3)
An account attempted to login to a system.
An account attempted to login to a system.
{
"_links": {
"self": {
"href": "https://api.pingone.com/v1/environments/1234abc1-a123-1234-ab12-1ab123a1234a/activities/1234abc1-a123-1234-ab12-1ab123a1234a"
}
},
"action": {
"description": "User Access Allowed",
"type": "USER.ACCESS_ALLOWED"
},
"actors": {
"client": {
"environment": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"href": "https://api.pingone.com/v1/environments/1234abc1-a123-1234-ab12-1ab123a1234a/applications/1234abc1-a123-1234-ab12-1ab123a1234a",
"id": "1234abc1-a123-1234-ab12-1ab123a1234a",
"name": "ao",
"type": "CLIENT"
},
"user": {
"environment": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"href": "https://api.pingone.com/v1/environments/1234abc1-a123-1234-ab12-1ab123a1234a/users/1234abc1-a123-1234-ab12-1ab123a1234a",
"id": "1234abc1-a123-1234-ab12-1ab123a1234a",
"name": "jdoe@acme.co",
"population": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"type": "USER"
}
},
"correlationId": "1234abc1-a123-1234-ab12-1ab123a1234a",
"createdAt": "2024-04-16T18:52:26.485Z",
"id": "1234abc1-a123-1234-ab12-1ab123a1234a",
"recordedAt": "2024-04-16T18:52:26.476Z",
"resources": [
{
"environment": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"href": "https://api.pingone.com/v1/environments/1234abc1-a123-1234-ab12-1ab123a1234a/users/1234abc1-a123-1234-ab12-1ab123a1234a",
"id": "1234abc1-a123-1234-ab12-1ab123a1234a",
"name": "jdoe@acme.co",
"population": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"type": "USER"
}
],
"result": {
"description": "Passed role access control",
"status": "SUCCESS"
},
"source": {
"ipAddress": "2001:4860:4860::8888",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36"
}
}
{
"_links": {
"self": {
"href": "https://api.pingone.com/v1/environments/1234abc1-a123-1234-ab12-1ab123a1234a/activities/1234abc1-a123-1234-ab12-1ab123a1234a"
}
},
"action": {
"description": "User Access Denied",
"type": "USER.ACCESS_DENIED"
},
"actors": {
"client": {
"environment": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"href": "https://api.pingone.com/v1/environments/1234abc1-a123-1234-ab12-1ab123a1234a/applications/1234abc1-a123-1234-ab12-1ab123a1234a",
"id": "1234abc1-a123-1234-ab12-1ab123a1234a",
"name": "PingOne Admin Console",
"type": "CLIENT"
},
"user": {
"environment": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"href": "https://api.pingone.com/v1/environments/1234abc1-a123-1234-ab12-1ab123a1234a/users/1234abc1-a123-1234-ab12-1ab123a1234a",
"id": "1234abc1-a123-1234-ab12-1ab123a1234a",
"name": "jsmith@acme.co",
"population": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"type": "USER"
}
},
"correlationId": "1234abc1-a123-1234-ab12-1ab123a1234a",
"createdAt": "2024-04-09T21:41:11.471Z",
"id": "1234abc1-a123-1234-ab12-1ab123a1234a",
"recordedAt": "2024-04-09T21:41:11.459Z",
"resources": [
{
"environment": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"href": "https://api.pingone.com/v1/environments/1234abc1-a123-1234-ab12-1ab123a1234a/users/1234abc1-a123-1234-ab12-1ab123a1234a",
"id": "1234abc1-a123-1234-ab12-1ab123a1234a",
"name": "jsmith@acme.co",
"population": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"type": "USER"
}
],
"result": {
"description": "Failed role access control",
"status": "FAILED"
},
"source": {
"ipAddress": "2001:4860:4860::8888",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36"
}
}
An account attempted to logout of a system.
An account attempted to logout of a system.
{
"_links": {
"self": {
"href": "https://api.pingone.com/v1/environments/1234abc1-a123-1234-ab12-1ab123a1234a/activities/1234abc1-a123-1234-ab12-1ab123a1234a"
}
},
"action": {
"description": "Session Deleted",
"type": "SESSION.DELETED"
},
"correlationId": "1234abc1-a123-1234-ab12-1ab123a1234a",
"createdAt": "2024-04-16T20:08:56.060Z",
"id": "1234abc1-a123-1234-ab12-1ab123a1234a",
"recordedAt": "2024-04-16T20:08:56.047Z",
"resources": [
{
"environment": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"href": "https://api.pingone.com/v1/environments/1234abc1-a123-1234-ab12-1ab123a1234a/users/1234abc1-a123-1234-ab12-1ab123a1234a",
"id": "1234abc1-a123-1234-ab12-1ab123a1234a",
"name": "jdoe@acme.co",
"population": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"type": "USER"
},
{
"environment": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"href": "https://api.pingone.com/v1/environments/1234abc1-a123-1234-ab12-1ab123a1234a/sessions/1234abc1-a123-1234-ab12-1ab123a1234a",
"id": "1234abc1-a123-1234-ab12-1ab123a1234a",
"name": "User Session 1234abc1-a123-1234-ab12-1ab123a1234a",
"type": "SESSION"
}
],
"result": {
"description": "Deleted Session '1234abc1-a123-1234-ab12-1ab123a1234a' for User '1234abc1-a123-1234-ab12-1ab123a1234a'",
"status": "SUCCESS"
},
"source": {
"ipAddress": "2001:4860:4860::8888",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36"
}
}
Enter or acknowledge an MFA factor which indicates success or failure.
Enter or acknowledge an MFA factor which indicates success or failure.
{
"_links": {
"self": {
"href": "https://api.pingone.com/v1/environments/1234abc1-a123-1234-ab12-1ab123a1234a/activities/1234abc1-a123-1234-ab12-1ab123a1234a"
}
},
"action": {
"description": "Otp Check Success",
"type": "OTP.CHECK_SUCCESS"
},
"actors": {
"client": {
"environment": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"href": "https://api.pingone.com/v1/environments/1234abc1-a123-1234-ab12-1ab123a1234a/applications/1234abc1-a123-1234-ab12-1ab123a1234a",
"id": "1234abc1-a123-1234-ab12-1ab123a1234a",
"name": "PingOne Admin Console",
"type": "CLIENT"
},
"user": {
"environment": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"href": "https://api.pingone.com/v1/environments/1234abc1-a123-1234-ab12-1ab123a1234a/users/1234abc1-a123-1234-ab12-1ab123a1234a",
"id": "1234abc1-a123-1234-ab12-1ab123a1234a",
"name": "jdoe@acme.co",
"population": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"type": "USER"
}
},
"correlationId": "1234abc1-a123-1234-ab12-1ab123a1234a",
"createdAt": "2024-04-10T22:25:46.482Z",
"id": "1234abc1-a123-1234-ab12-1ab123a1234a",
"internalCorrelation": {
"sessionId": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"recordedAt": "2024-04-10T22:25:46.470Z",
"resources": [
{
"environment": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"href": "https://api.pingone.com/v1/environments/1234abc1-a123-1234-ab12-1ab123a1234a/flows/1234abc1-a123-1234-ab12-1ab123a1234a",
"id": "1234abc1-a123-1234-ab12-1ab123a1234a",
"name": "1234abc1-a123-1234-ab12-1ab123a1234a",
"type": "FLOW"
},
{
"environment": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"href": "https://api.pingone.com/v1/environments/1234abc1-a123-1234-ab12-1ab123a1234a/users/1234abc1-a123-1234-ab12-1ab123a1234a/devices/1234abc1-a123-1234-ab12-1ab123a1234a",
"id": "1234abc1-a123-1234-ab12-1ab123a1234a",
"name": "TOTP",
"type": "DEVICE"
}
],
"result": {
"description": "TOTP authenticator authentication approved",
"status": "SUCCESS"
},
"source": {
"ipAddress": "2001:4860:4860::8888",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36"
}
}
Events (18)
Creates a user.
Creates a user.
{
"_links": {
"self": {
"href": "https://api.pingone.com/v1/environments/1234abc1-a123-1234-ab12-1ab123a1234a/activities/1234abc1-a123-1234-ab12-1ab123a1234a"
}
},
"action": {
"description": "User Created",
"type": "USER.CREATED"
},
"actors": {
"client": {
"id": "adminui",
"name": "adminui",
"type": "CLIENT"
},
"user": {
"environment": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"href": "https://api.pingone.com/v1/environments/1234abc1-a123-1234-ab12-1ab123a1234a/users/1234abc1-a123-1234-ab12-1ab123a1234a",
"id": "1234abc1-a123-1234-ab12-1ab123a1234a",
"name": "jdoe@acme.co",
"population": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"type": "USER"
}
},
"correlationId": "1234abc1-a123-1234-ab12-1ab123a1234a",
"createdAt": "2024-04-16T20:29:30.972Z",
"id": "1234abc1-a123-1234-ab12-1ab123a1234a",
"internalCorrelation": {
"sessionId": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"recordedAt": "2024-04-16T20:29:30.951Z",
"resources": [
{
"environment": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"href": "https://api.pingone.com/v1/environments/1234abc1-a123-1234-ab12-1ab123a1234a/users/1234abc1-a123-1234-ab12-1ab123a1234a",
"id": "1234abc1-a123-1234-ab12-1ab123a1234a",
"name": "example_new_user",
"population": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"type": "USER"
}
],
"result": {
"description": "Created User example_new_user",
"status": "SUCCESS"
},
"source": {
"ipAddress": "2001:4860:4860::8888",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36"
}
}
Reads information about a user.
Reads information about a user.
Updates information about a user.
Updates information about a user.
{
"_embedded": {
"modifiedAttributes": [
"email"
]
},
"_links": {
"self": {
"href": "https://api.pingone.com/v1/environments/1234abc1-a123-1234-ab12-1ab123a1234a/activities/1234abc1-a123-1234-ab12-1ab123a1234a"
}
},
"action": {
"description": "User Updated",
"type": "USER.UPDATED"
},
"actors": {
"client": {
"id": "adminui",
"name": "adminui",
"type": "CLIENT"
},
"user": {
"environment": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"href": "https://api.pingone.com/v1/environments/1234abc1-a123-1234-ab12-1ab123a1234a/users/1234abc1-a123-1234-ab12-1ab123a1234a",
"id": "1234abc1-a123-1234-ab12-1ab123a1234a",
"name": "jdoe@acme.co",
"population": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"type": "USER"
}
},
"correlationId": "1234abc1-a123-1234-ab12-1ab123a1234a",
"createdAt": "2024-04-11T21:27:55.355Z",
"id": "1234abc1-a123-1234-ab12-1ab123a1234a",
"internalCorrelation": {
"sessionId": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"recordedAt": "2024-04-11T21:27:55.327Z",
"resources": [
{
"environment": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"href": "https://api.pingone.com/v1/environments/1234abc1-a123-1234-ab12-1ab123a1234a/users/1234abc1-a123-1234-ab12-1ab123a1234a",
"id": "1234abc1-a123-1234-ab12-1ab123a1234a",
"name": "bob",
"population": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"type": "USER"
}
],
"result": {
"description": "Updated email for User bob",
"status": "SUCCESS"
},
"source": {
"ipAddress": "2001:4860:4860::8888",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36"
}
}
Removes or deletes a user.
Removes or deletes a user.
{
"_links": {
"self": {
"href": "https://api.pingone.com/v1/environments/1234abc1-a123-1234-ab12-1ab123a1234a/activities/1234abc1-a123-1234-ab12-1ab123a1234a"
}
},
"action": {
"description": "User Deleted",
"type": "USER.DELETED"
},
"actors": {
"client": {
"id": "adminui",
"name": "adminui",
"type": "CLIENT"
},
"user": {
"environment": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"href": "https://api.pingone.com/v1/environments/1234abc1-a123-1234-ab12-1ab123a1234a/users/1234abc1-a123-1234-ab12-1ab123a1234a",
"id": "1234abc1-a123-1234-ab12-1ab123a1234a",
"name": "jdoe@acme.co",
"population": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"type": "USER"
}
},
"correlationId": "1234abc1-a123-1234-ab12-1ab123a1234a",
"createdAt": "2024-04-16T20:31:37.779Z",
"id": "1234abc1-a123-1234-ab12-1ab123a1234a",
"internalCorrelation": {
"sessionId": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"recordedAt": "2024-04-16T20:31:37.745Z",
"resources": [
{
"environment": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"href": "https://api.pingone.com/v1/environments/1234abc1-a123-1234-ab12-1ab123a1234a/users/1234abc1-a123-1234-ab12-1ab123a1234a",
"id": "1234abc1-a123-1234-ab12-1ab123a1234a",
"name": "bob",
"population": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"type": "USER"
}
],
"result": {
"description": "Deleted User bob",
"status": "SUCCESS"
},
"source": {
"ipAddress": "2001:4860:4860::8888",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36"
}
}
Creates a logical group.
Creates a logical group.
{
"_links": {
"self": {
"href": "https://api.pingone.com/v1/environments/1234abc1-a123-1234-ab12-1ab123a1234a/activities/1234abc1-a123-1234-ab12-1ab123a1234a"
}
},
"action": {
"description": "Group Created",
"type": "GROUP.CREATED"
},
"actors": {
"client": {
"id": "adminui",
"name": "adminui",
"type": "CLIENT"
},
"user": {
"environment": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"href": "https://api.pingone.com/v1/environments/1234abc1-a123-1234-ab12-1ab123a1234a/users/1234abc1-a123-1234-ab12-1ab123a1234a",
"id": "1234abc1-a123-1234-ab12-1ab123a1234a",
"name": "jdoe@acme.co",
"population": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"type": "USER"
}
},
"correlationId": "1234abc1-a123-1234-ab12-1ab123a1234a",
"createdAt": "2024-04-16T20:32:29.453Z",
"id": "1234abc1-a123-1234-ab12-1ab123a1234a",
"internalCorrelation": {
"sessionId": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"recordedAt": "2024-04-16T20:32:29.433Z",
"resources": [
{
"environment": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"href": "https://api.pingone.com/v1/environments/1234abc1-a123-1234-ab12-1ab123a1234a/groups/1234abc1-a123-1234-ab12-1ab123a1234a",
"id": "1234abc1-a123-1234-ab12-1ab123a1234a",
"name": "newgrp",
"type": "GROUP"
}
],
"result": {
"description": "Created Group newgrp",
"status": "SUCCESS"
},
"source": {
"ipAddress": "2001:4860:4860::8888",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36"
}
}
Reads a group.
Reads a group.
Updates a group.
Updates a group.
Removes or deletes a group.
Removes or deletes a group.
{
"_links": {
"self": {
"href": "https://api.pingone.com/v1/environments/1234abc1-a123-1234-ab12-1ab123a1234a/activities/1234abc1-a123-1234-ab12-1ab123a1234a"
}
},
"action": {
"description": "Group Deleted",
"type": "GROUP.DELETED"
},
"actors": {
"client": {
"id": "adminui",
"name": "adminui",
"type": "CLIENT"
},
"user": {
"environment": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"href": "https://api.pingone.com/v1/environments/1234abc1-a123-1234-ab12-1ab123a1234a/users/1234abc1-a123-1234-ab12-1ab123a1234a",
"id": "1234abc1-a123-1234-ab12-1ab123a1234a",
"name": "jdoe@acme.co",
"population": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"type": "USER"
}
},
"correlationId": "1234abc1-a123-1234-ab12-1ab123a1234a",
"createdAt": "2024-04-16T20:33:07.019Z",
"id": "1234abc1-a123-1234-ab12-1ab123a1234a",
"internalCorrelation": {
"sessionId": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"recordedAt": "2024-04-16T20:33:07.000Z",
"resources": [
{
"environment": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"href": "https://api.pingone.com/v1/environments/1234abc1-a123-1234-ab12-1ab123a1234a/groups/1234abc1-a123-1234-ab12-1ab123a1234a",
"id": "1234abc1-a123-1234-ab12-1ab123a1234a",
"name": "testgrup",
"type": "GROUP"
}
],
"result": {
"description": "Deleted Group testgrup",
"status": "SUCCESS"
},
"source": {
"ipAddress": "2001:4860:4860::8888",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36"
}
}
Adds a service, user or account to a group.
Adds a service, user or account to a group.
{
"_links": {
"self": {
"href": "https://api.pingone.com/v1/environments/1234abc1-a123-1234-ab12-1ab123a1234a/activities/1234abc1-a123-1234-ab12-1ab123a1234a"
}
},
"action": {
"description": "Member Of Group Created",
"type": "MEMBER_OF_GROUP.CREATED"
},
"actors": {
"client": {
"id": "adminui",
"name": "adminui",
"type": "CLIENT"
},
"user": {
"environment": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"href": "https://api.pingone.com/v1/environments/1234abc1-a123-1234-ab12-1ab123a1234a/users/1234abc1-a123-1234-ab12-1ab123a1234a",
"id": "1234abc1-a123-1234-ab12-1ab123a1234a",
"name": "jdoe@acme.co",
"population": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"type": "USER"
}
},
"correlationId": "1234abc1-a123-1234-ab12-1ab123a1234a",
"createdAt": "2024-04-16T20:33:15.542Z",
"id": "1234abc1-a123-1234-ab12-1ab123a1234a",
"internalCorrelation": {
"sessionId": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"recordedAt": "2024-04-16T20:33:15.525Z",
"resources": [
{
"environment": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"href": "https://api.pingone.com/v1/environments/1234abc1-a123-1234-ab12-1ab123a1234a/users/1234abc1-a123-1234-ab12-1ab123a1234a/memberOfGroups/1234abc1-a123-1234-ab12-1ab123a1234a",
"id": "1234abc1-a123-1234-ab12-1ab123a1234a",
"name": "example_group",
"type": "MEMBER_OF_GROUP"
}
],
"result": {
"description": "Created Member Of Group example_group",
"status": "SUCCESS"
},
"source": {
"ipAddress": "2001:4860:4860::8888",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36"
}
}
Removes a service, user or account from a group.
Removes a service, user or account from a group.
{
"_links": {
"self": {
"href": "https://api.pingone.com/v1/environments/1234abc1-a123-1234-ab12-1ab123a1234a/activities/1234abc1-a123-1234-ab12-1ab123a1234a"
}
},
"action": {
"description": "Member Of Group Deleted",
"type": "MEMBER_OF_GROUP.DELETED"
},
"actors": {
"client": {
"id": "adminui",
"name": "adminui",
"type": "CLIENT"
},
"user": {
"environment": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"href": "https://api.pingone.com/v1/environments/1234abc1-a123-1234-ab12-1ab123a1234a/users/1234abc1-a123-1234-ab12-1ab123a1234a",
"id": "1234abc1-a123-1234-ab12-1ab123a1234a",
"name": "jdoe@acme.co",
"population": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"type": "USER"
}
},
"correlationId": "1234abc1-a123-1234-ab12-1ab123a1234a",
"createdAt": "2024-04-16T20:37:01.802Z",
"id": "1234abc1-a123-1234-ab12-1ab123a1234a",
"internalCorrelation": {
"sessionId": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"recordedAt": "2024-04-16T20:37:01.783Z",
"resources": [
{
"environment": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"href": "https://api.pingone.com/v1/environments/1234abc1-a123-1234-ab12-1ab123a1234a/users/1234abc1-a123-1234-ab12-1ab123a1234a/memberOfGroups/1234abc1-a123-1234-ab12-1ab123a1234a",
"id": "1234abc1-a123-1234-ab12-1ab123a1234a",
"name": "example_group",
"type": "MEMBER_OF_GROUP"
}
],
"result": {
"description": "Deleted Member Of Group example_group",
"status": "SUCCESS"
},
"source": {
"ipAddress": "2001:4860:4860::8888",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36"
}
}
Creates a new role.
Creates a new role.
Reads a role.
Reads a role.
Updates a role.
Updates a role.
Removes or deletes a role.
Removes or deletes a role.
Adds a permission to a resource.
Adds a permission to a resource.
{
"_links": {
"self": {
"href": "https://api.pingone.com/v1/environments/1234abc1-a123-1234-ab12-1ab123a1234a/activities/1234abc1-a123-1234-ab12-1ab123a1234a"
}
},
"action": {
"description": "Role Assignment Created",
"type": "ROLE_ASSIGNMENT.CREATED"
},
"actors": {
"client": {
"id": "adminui",
"name": "adminui",
"type": "CLIENT"
},
"user": {
"environment": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"href": "https://api.pingone.com/v1/environments/1234abc1-a123-1234-ab12-1ab123a1234a/users/1234abc1-a123-1234-ab12-1ab123a1234a",
"id": "1234abc1-a123-1234-ab12-1ab123a1234a",
"name": "jdoe@acme.co",
"population": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"type": "USER"
}
},
"correlationId": "1234abc1-a123-1234-ab12-1ab123a1234a",
"createdAt": "2024-04-16T21:09:05.649Z",
"id": "1234abc1-a123-1234-ab12-1ab123a1234a",
"internalCorrelation": {
"sessionId": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"recordedAt": "2024-04-16T21:09:05.593Z",
"resources": [
{
"environment": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"href": "https://api.pingone.com/v1/environments/1234abc1-a123-1234-ab12-1ab123a1234a/users/1234abc1-a123-1234-ab12-1ab123a1234a/roleAssignments/1234abc1-a123-1234-ab12-1ab123a1234a",
"id": "1234abc1-a123-1234-ab12-1ab123a1234a",
"name": "pbunyan@acme.co",
"population": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"type": "USER"
}
],
"result": {
"description": "Created role assignment '1234abc1-a123-1234-ab12-1ab123a1234a' for role '1234abc1-a123-1234-ab12-1ab123a1234a' scoped for ORGANIZATION '1234abc1-a123-1234-ab12-1ab123a1234a'",
"status": "SUCCESS"
},
"source": {
"ipAddress": "2001:4860:4860::8888",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36"
},
"tags": [
"adminIdentityEvent"
]
}
Removes a permission from a resource.
Removes a permission from a resource.
{
"_links": {
"self": {
"href": "https://api.pingone.com/v1/environments/1234abc1-a123-1234-ab12-1ab123a1234a/activities/1234abc1-a123-1234-ab12-1ab123a1234a"
}
},
"action": {
"description": "Role Assignment Deleted",
"type": "ROLE_ASSIGNMENT.DELETED"
},
"actors": {
"client": {
"id": "adminui",
"name": "adminui",
"type": "CLIENT"
},
"user": {
"environment": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"href": "https://api.pingone.com/v1/environments/1234abc1-a123-1234-ab12-1ab123a1234a/users/1234abc1-a123-1234-ab12-1ab123a1234a",
"id": "1234abc1-a123-1234-ab12-1ab123a1234a",
"name": "jdoe@acme.co",
"population": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"type": "USER"
}
},
"correlationId": "1234abc1-a123-1234-ab12-1ab123a1234a",
"createdAt": "2024-04-16T21:34:54.970Z",
"id": "1234abc1-a123-1234-ab12-1ab123a1234a",
"internalCorrelation": {
"sessionId": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"recordedAt": "2024-04-16T21:34:54.934Z",
"resources": [
{
"environment": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"href": "https://api.pingone.com/v1/environments/1234abc1-a123-1234-ab12-1ab123a1234a/users/1234abc1-a123-1234-ab12-1ab123a1234a/roleAssignments/1234abc1-a123-1234-ab12-1ab123a1234a",
"id": "1234abc1-a123-1234-ab12-1ab123a1234a",
"name": "pbunyan@acme.co",
"population": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"type": "USER"
}
],
"result": {
"description": "Deleted role assignment '1234abc1-a123-1234-ab12-1ab123a1234a' scoped for ORGANIZATION '1234abc1-a123-1234-ab12-1ab123a1234a'",
"status": "SUCCESS"
},
"source": {
"ipAddress": "2001:4860:4860::8888",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36"
},
"tags": [
"adminIdentityEvent"
]
}
A MFA enrollment was added to an account.
A MFA enrollment was added to an account.
{
"_embedded": {
"modifiedAttributes": [
"mfaEnabled"
]
},
"_links": {
"self": {
"href": "https://api.pingone.com/v1/environments/1234abc1-a123-1234-ab12-1ab123a1234a/activities/1234abc1-a123-1234-ab12-1ab123a1234a"
}
},
"action": {
"description": "User Updated",
"type": "USER.UPDATED"
},
"actors": {
"client": {
"id": "adminui",
"name": "adminui",
"type": "CLIENT"
},
"user": {
"environment": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"href": "https://api.pingone.com/v1/environments/1234abc1-a123-1234-ab12-1ab123a1234a/users/1234abc1-a123-1234-ab12-1ab123a1234a",
"id": "1234abc1-a123-1234-ab12-1ab123a1234a",
"name": "jdoe@acme.co",
"population": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"type": "USER"
}
},
"correlationId": "1234abc1-a123-1234-ab12-1ab123a1234a",
"createdAt": "2024-04-09T21:33:19.946Z",
"id": "1234abc1-a123-1234-ab12-1ab123a1234a",
"internalCorrelation": {
"sessionId": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"recordedAt": "2024-04-09T21:33:19.932Z",
"resources": [
{
"environment": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"href": "https://api.pingone.com/v1/environments/1234abc1-a123-1234-ab12-1ab123a1234a/users/1234abc1-a123-1234-ab12-1ab123a1234a",
"id": "1234abc1-a123-1234-ab12-1ab123a1234a",
"name": "jdoe@acme.co",
"population": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"type": "USER"
}
],
"result": {
"description": "MFA enabled for User jdoe@acme.co",
"status": "SUCCESS"
},
"source": {
"ipAddress": "2001:4860:4860::8888",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36"
}
}
A MFA enrollment was removed from an account.
A MFA enrollment was removed from an account.
{
"_embedded": {
"modifiedAttributes": [
"mfaEnabled"
]
},
"_links": {
"self": {
"href": "https://api.pingone.com/v1/environments/1234abc1-a123-1234-ab12-1ab123a1234a/activities/1234abc1-a123-1234-ab12-1ab123a1234a"
}
},
"action": {
"description": "User Updated",
"type": "USER.UPDATED"
},
"actors": {
"client": {
"id": "adminui",
"name": "adminui",
"type": "CLIENT"
},
"user": {
"environment": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"href": "https://api.pingone.com/v1/environments/1234abc1-a123-1234-ab12-1ab123a1234a/users/1234abc1-a123-1234-ab12-1ab123a1234a",
"id": "1234abc1-a123-1234-ab12-1ab123a1234a",
"name": "jdoe@acme.co",
"population": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"type": "USER"
}
},
"correlationId": "1234abc1-a123-1234-ab12-1ab123a1234a",
"createdAt": "2024-04-09T21:17:42.793Z",
"id": "1234abc1-a123-1234-ab12-1ab123a1234a",
"internalCorrelation": {
"sessionId": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"recordedAt": "2024-04-09T21:17:42.779Z",
"resources": [
{
"environment": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"href": "https://api.pingone.com/v1/environments/1234abc1-a123-1234-ab12-1ab123a1234a/users/1234abc1-a123-1234-ab12-1ab123a1234a",
"id": "1234abc1-a123-1234-ab12-1ab123a1234a",
"name": "example_user",
"population": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"type": "USER"
}
],
"result": {
"description": "MFA disabled for User example_user",
"status": "SUCCESS"
},
"source": {
"ipAddress": "2001:4860:4860::8888",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36"
}
}
Events (8)
Creates a security configuration policy or enables settings.
Creates a security configuration policy or enables settings.
{
"_links": {
"self": {
"href": "https://api.pingone.com/v1/environments/1234abc1-a123-1234-ab12-1ab123a1234a/activities/1234abc1-a123-1234-ab12-1ab123a1234a"
}
},
"action": {
"description": "Identity Provider Created",
"type": "IDENTITY_PROVIDER.CREATED"
},
"actors": {
"client": {
"id": "adminui",
"name": "adminui",
"type": "CLIENT"
},
"user": {
"environment": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"href": "https://api.pingone.com/v1/environments/1234abc1-a123-1234-ab12-1ab123a1234a/users/1234abc1-a123-1234-ab12-1ab123a1234a",
"id": "1234abc1-a123-1234-ab12-1ab123a1234a",
"name": "jdoe@acme.co",
"population": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"type": "USER"
}
},
"correlationId": "1234abc1-a123-1234-ab12-1ab123a1234a",
"createdAt": "2024-04-11T20:39:30.201Z",
"id": "1234abc1-a123-1234-ab12-1ab123a1234a",
"internalCorrelation": {
"sessionId": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"recordedAt": "2024-04-11T20:39:30.186Z",
"resources": [
{
"environment": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"href": "https://api.pingone.com/v1/environments/1234abc1-a123-1234-ab12-1ab123a1234a/identityProviders/1234abc1-a123-1234-ab12-1ab123a1234a",
"id": "1234abc1-a123-1234-ab12-1ab123a1234a",
"name": "example_idp",
"type": "IDENTITY_PROVIDER"
}
],
"result": {
"description": "Created Identity Provider example_idp of type 'YAHOO'.",
"status": "SUCCESS"
},
"source": {
"ipAddress": "2001:4860:4860::8888",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36"
}
}
Reads a security configuration policy or settings.
Reads a security configuration policy or settings.
Updates a security configuration policy or settings.
Updates a security configuration policy or settings.
{
"_links": {
"self": {
"href": "https://api.pingone.com/v1/environments/1234abc1-a123-1234-ab12-1ab123a1234a/activities/1234abc1-a123-1234-ab12-1ab123a1234a"
}
},
"action": {
"description": "Identity Provider Updated",
"type": "IDENTITY_PROVIDER.UPDATED"
},
"actors": {
"client": {
"id": "adminui",
"name": "adminui",
"type": "CLIENT"
},
"user": {
"environment": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"href": "https://api.pingone.com/v1/environments/1234abc1-a123-1234-ab12-1ab123a1234a/users/1234abc1-a123-1234-ab12-1ab123a1234a",
"id": "1234abc1-a123-1234-ab12-1ab123a1234a",
"name": "jdoe@acme.co",
"population": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"type": "USER"
}
},
"correlationId": "1234abc1-a123-1234-ab12-1ab123a1234a",
"createdAt": "2024-04-11T20:39:40.622Z",
"id": "1234abc1-a123-1234-ab12-1ab123a1234a",
"internalCorrelation": {
"sessionId": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"recordedAt": "2024-04-11T20:39:40.609Z",
"resources": [
{
"environment": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"href": "https://api.pingone.com/v1/environments/1234abc1-a123-1234-ab12-1ab123a1234a/identityProviders/1234abc1-a123-1234-ab12-1ab123a1234a",
"id": "1234abc1-a123-1234-ab12-1ab123a1234a",
"name": "example_idp",
"type": "IDENTITY_PROVIDER"
}
],
"result": {
"description": "Updated Identity Provider f of type 'YAHOO'.",
"status": "SUCCESS"
},
"source": {
"ipAddress": "2001:4860:4860::8888",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36"
}
}
Removes or deletes a security configuration policy or setting.
Removes or deletes a security configuration policy or setting.
{
"_links": {
"self": {
"href": "https://api.pingone.com/v1/environments/1234abc1-a123-1234-ab12-1ab123a1234a/activities/1234abc1-a123-1234-ab12-1ab123a1234a"
}
},
"action": {
"description": "Identity Provider Deleted",
"type": "IDENTITY_PROVIDER.DELETED"
},
"actors": {
"client": {
"id": "adminui",
"name": "adminui",
"type": "CLIENT"
},
"user": {
"environment": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"href": "https://api.pingone.com/v1/environments/1234abc1-a123-1234-ab12-1ab123a1234a/users/1234abc1-a123-1234-ab12-1ab123a1234a",
"id": "1234abc1-a123-1234-ab12-1ab123a1234a",
"name": "jdoe@acme.co",
"population": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"type": "USER"
}
},
"correlationId": "1234abc1-a123-1234-ab12-1ab123a1234a",
"createdAt": "2024-04-11T20:39:43.177Z",
"id": "1234abc1-a123-1234-ab12-1ab123a1234a",
"internalCorrelation": {
"sessionId": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"recordedAt": "2024-04-11T20:39:43.186Z",
"resources": [
{
"environment": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"href": "https://api.pingone.com/v1/environments/1234abc1-a123-1234-ab12-1ab123a1234a/identityProviders/1234abc1-a123-1234-ab12-1ab123a1234a",
"id": "1234abc1-a123-1234-ab12-1ab123a1234a",
"name": "example_idp",
"type": "IDENTITY_PROVIDER"
}
],
"result": {
"description": "Deleted Identity Provider f of type 'YAHOO'.",
"status": "SUCCESS"
},
"source": {
"ipAddress": "2001:4860:4860::8888",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36"
}
}
Creates a new integration.
Creates a new integration.
{
"_links": {
"self": {
"href": "https://api.pingone.com/v1/environments/1234abc1-a123-1234-ab12-1ab123a1234a/activities/1234abc1-a123-1234-ab12-1ab123a1234a"
}
},
"action": {
"description": "Application Created",
"type": "APPLICATION.CREATED"
},
"actors": {
"client": {
"id": "adminui",
"name": "adminui",
"type": "CLIENT"
},
"user": {
"environment": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"href": "https://api.pingone.com/v1/environments/1234abc1-a123-1234-ab12-1ab123a1234a/users/1234abc1-a123-1234-ab12-1ab123a1234a",
"id": "1234abc1-a123-1234-ab12-1ab123a1234a",
"name": "jdoe@acme.co",
"population": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"type": "USER"
}
},
"correlationId": "1234abc1-a123-1234-ab12-1ab123a1234a",
"createdAt": "2024-04-10T21:57:51.445Z",
"id": "1234abc1-a123-1234-ab12-1ab123a1234a",
"internalCorrelation": {
"sessionId": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"recordedAt": "2024-04-10T21:57:51.431Z",
"resources": [
{
"environment": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"href": "https://api.pingone.com/v1/environments/1234abc1-a123-1234-ab12-1ab123a1234a/applications/1234abc1-a123-1234-ab12-1ab123a1234a",
"id": "1234abc1-a123-1234-ab12-1ab123a1234a",
"name": "Smartsheet",
"type": "APPLICATION"
}
],
"result": {
"description": "Created Application Smartsheet using 'SAML' protocol of type 'TEMPLATE_APP' with enabled state",
"status": "SUCCESS"
},
"source": {
"ipAddress": "2001:4860:4860::8888",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36"
}
}
Reads an existing integration.
Reads an existing integration.
Updates an existing integration.
Updates an existing integration.
{
"_links": {
"self": {
"href": "https://api.pingone.com/v1/environments/1234abc1-a123-1234-ab12-1ab123a1234a/activities/1234abc1-a123-1234-ab12-1ab123a1234a"
}
},
"action": {
"description": "Application Updated",
"type": "APPLICATION.UPDATED"
},
"actors": {
"client": {
"id": "adminui",
"name": "adminui",
"type": "CLIENT"
},
"user": {
"environment": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"href": "https://api.pingone.com/v1/environments/1234abc1-a123-1234-ab12-1ab123a1234a/users/1234abc1-a123-1234-ab12-1ab123a1234a",
"id": "1234abc1-a123-1234-ab12-1ab123a1234a",
"name": "jdoe@acme.co",
"population": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"type": "USER"
}
},
"correlationId": "1234abc1-a123-1234-ab12-1ab123a1234a",
"createdAt": "2024-04-16T22:21:05.839Z",
"id": "1234abc1-a123-1234-ab12-1ab123a1234a",
"internalCorrelation": {
"sessionId": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"recordedAt": "2024-04-16T22:21:05.813Z",
"resources": [
{
"environment": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"href": "https://api.pingone.com/v1/environments/1234abc1-a123-1234-ab12-1ab123a1234a/applications/1234abc1-a123-1234-ab12-1ab123a1234a",
"id": "1234abc1-a123-1234-ab12-1ab123a1234a",
"name": "Smartsheet",
"type": "APPLICATION"
}
],
"result": {
"description": "Updated Application Smartsheet using 'SAML' protocol of type 'TEMPLATE_APP' with enabled state",
"status": "SUCCESS"
},
"source": {
"ipAddress": "2001:4860:4860::8888",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36"
}
}
Removes or deletes an existing integration.
Removes or deletes an existing integration.
{
"_links": {
"self": {
"href": "https://api.pingone.com/v1/environments/1234abc1-a123-1234-ab12-1ab123a1234a/activities/1234abc1-a123-1234-ab12-1ab123a1234a"
}
},
"action": {
"description": "Application Deleted",
"type": "APPLICATION.DELETED"
},
"actors": {
"client": {
"id": "adminui",
"name": "adminui",
"type": "CLIENT"
},
"user": {
"environment": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"href": "https://api.pingone.com/v1/environments/1234abc1-a123-1234-ab12-1ab123a1234a/users/1234abc1-a123-1234-ab12-1ab123a1234a",
"id": "1234abc1-a123-1234-ab12-1ab123a1234a",
"name": "jdoe@acme.co",
"population": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"type": "USER"
}
},
"correlationId": "1234abc1-a123-1234-ab12-1ab123a1234a",
"createdAt": "2024-04-16T22:29:48.767Z",
"id": "1234abc1-a123-1234-ab12-1ab123a1234a",
"internalCorrelation": {
"sessionId": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"recordedAt": "2024-04-16T22:29:48.749Z",
"resources": [
{
"environment": {
"id": "1234abc1-a123-1234-ab12-1ab123a1234a"
},
"href": "https://api.pingone.com/v1/environments/1234abc1-a123-1234-ab12-1ab123a1234a/applications/1234abc1-a123-1234-ab12-1ab123a1234a",
"id": "1234abc1-a123-1234-ab12-1ab123a1234a",
"name": "Smartsheet",
"type": "APPLICATION"
}
],
"result": {
"description": "Deleted Application Smartsheet using 'SAML' protocol of type 'TEMPLATE_APP' with enabled state",
"status": "SUCCESS"
},
"source": {
"ipAddress": "2001:4860:4860::8888",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36"
}
}
Events (5)
A resource was created.
A resource was created.
A resource was read.
A resource was read.
A resource was updated.
A resource was updated.
A resource was removed or deleted.
A resource was removed or deleted.
A resource was downloaded.
A resource was downloaded.
The PingOne Read User Activities API provides near real-time, read-only access to an organization's audit activity events.
Storage Duration: Unknown
N/A
Duration: Near real-time
N/A
PingOne is a cloud-based identity as a service (IDaaS) framework for secure identity access management that uses an organization-based model to define tenant accounts and their related entities within the PingOne platform. PingOne Audit Activities record logs related to an organization, such as user logins, password changes, and application access. The events can be used to understand platform and user activity, troubleshoot problems, and investigate security incidents. The PingOne Read User Activities API allows an organization to programmatically access the PingOne audit activity event logs. The API provides a way to retrieve, filter, and export events.
The PingOne Read User Activities API provides near real-time, read-only access to an organization's audit activity events.
Events (3)
An account attempted to login to a system.
An account attempted to login to a system.
An account attempted to logout of a system.
An account attempted to logout of a system.
Enter or acknowledge an MFA factor which indicates success or failure.
Enter or acknowledge an MFA factor which indicates success or failure.
Events (18)
Creates a user.
Creates a user.
Reads information about a user.
Reads information about a user.
Updates information about a user.
Updates information about a user.
Removes or deletes a user.
Removes or deletes a user.
Creates a logical group.
Creates a logical group.
Reads a group.
Reads a group.
Updates a group.
Updates a group.
Removes or deletes a group.
Removes or deletes a group.
Adds a service, user or account to a group.
Adds a service, user or account to a group.
Removes a service, user or account from a group.
Removes a service, user or account from a group.
Creates a new role.
Creates a new role.
Reads a role.
Reads a role.
Updates a role.
Updates a role.
Removes or deletes a role.
Removes or deletes a role.
Adds a permission to a resource.
Adds a permission to a resource.
Removes a permission from a resource.
Removes a permission from a resource.
A MFA enrollment was added to an account.
A MFA enrollment was added to an account.
A MFA enrollment was removed from an account.
A MFA enrollment was removed from an account.
Events (8)
Creates a security configuration policy or enables settings.
Creates a security configuration policy or enables settings.
Reads a security configuration policy or settings.
Reads a security configuration policy or settings.
Updates a security configuration policy or settings.
Updates a security configuration policy or settings.
Removes or deletes a security configuration policy or setting.
Removes or deletes a security configuration policy or setting.
Creates a new integration.
Creates a new integration.
Reads an existing integration.
Reads an existing integration.
Updates an existing integration.
Updates an existing integration.
Removes or deletes an existing integration.
Removes or deletes an existing integration.
Events (5)
A resource was created.
A resource was created.
A resource was read.
A resource was read.
{
"CLIENT_IP": "198.51.100.1",
"CPU_TIME": "13",
"EVENT_TYPE": "ApexCallout",
"LOGIN_KEY": "9870000000012300",
"METHOD": "GET",
"ORGANIZATION_ID": "000ABC000000123",
"REQUEST_ID": "1230000000000000000-12",
"REQUEST_SIZE": "-1",
"RESPONSE_SIZE": "40407",
"RUN_TIME": "279",
"SESSION_KEY": "9870000000012300",
"SUCCESS": "1",
"TIME": "246",
"TIMESTAMP": "20230321171017.871",
"TIMESTAMP_DERIVED": "2023-03-21T17:10:17.871Z",
"TYPE": "REST",
"URI": "CALLOUT-LOG",
"URI_ID_DERIVED": "",
"URL": "https://prod-api.example.com/api/v1/",
"USER_ID": "000000000000123",
"USER_ID_DERIVED": "000000000000123AbC"
}
A resource was updated.
A resource was updated.
A resource was removed or deleted.
A resource was removed or deleted.
A resource was downloaded.
A resource was downloaded.
Provides details about callouts (external requests) during Apex code execution.
Storage Duration: 30 Days
N/A
Duration: 3 Hours
N/A
Events (3)
An account attempted to login to a system.
An account attempted to login to a system.
An account attempted to logout of a system.
An account attempted to logout of a system.
Enter or acknowledge an MFA factor which indicates success or failure.
Enter or acknowledge an MFA factor which indicates success or failure.
Events (18)
Creates a user.
Creates a user.
Reads information about a user.
Reads information about a user.
Updates information about a user.
Updates information about a user.
Removes or deletes a user.
Removes or deletes a user.
Creates a logical group.
Creates a logical group.
Reads a group.
Reads a group.
Updates a group.
Updates a group.
Removes or deletes a group.
Removes or deletes a group.
Adds a service, user or account to a group.
Adds a service, user or account to a group.
Removes a service, user or account from a group.
Removes a service, user or account from a group.
Creates a new role.
Creates a new role.
Reads a role.
Reads a role.
Updates a role.
Updates a role.
Removes or deletes a role.
Removes or deletes a role.
Adds a permission to a resource.
Adds a permission to a resource.
Removes a permission from a resource.
Removes a permission from a resource.
A MFA enrollment was added to an account.
A MFA enrollment was added to an account.
A MFA enrollment was removed from an account.
A MFA enrollment was removed from an account.
Events (8)
Creates a security configuration policy or enables settings.
Creates a security configuration policy or enables settings.
Reads a security configuration policy or settings.
Reads a security configuration policy or settings.
Updates a security configuration policy or settings.
Updates a security configuration policy or settings.
Removes or deletes a security configuration policy or setting.
Removes or deletes a security configuration policy or setting.
Creates a new integration.
Creates a new integration.
Reads an existing integration.
Reads an existing integration.
Updates an existing integration.
Updates an existing integration.
Removes or deletes an existing integration.
Removes or deletes an existing integration.
Events (5)
A resource was created.
A resource was created.
{
"ACTION_MESSAGE": "1$aura://RecordUiController/ACTION$createRecord=1616",
"CLIENT_IP": "198.51.100.1",
"CPU_TIME": "1184",
"DB_TOTAL_TIME": "384466656",
"EVENT_TYPE": "AuraRequest",
"LOGIN_KEY": "9870000000012300",
"ORGANIZATION_ID": "000ABC000000123",
"REQUEST_ID": "1230000000000000000-12",
"REQUEST_METHOD": "POST",
"REQUEST_STATUS": "",
"RUN_TIME": "1651",
"SESSION_KEY": "9870000000012300",
"TIMESTAMP": "20230317160937.079",
"TIMESTAMP_DERIVED": "2023-03-17T16:09:37.079Z",
"URI": "/aura",
"URI_ID_DERIVED": "",
"USER_AGENT": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/198.51.100.2 Safari/537.36",
"USER_ID": "000000000000123",
"USER_ID_DERIVED": "000000000000123AbC",
"USER_TYPE": "Standard"
}
A resource was read.
A resource was read.
{
"ACTION_MESSAGE": "1$aura://RecordUiController/ACTION$getObjectInfo=4",
"CLIENT_IP": "198.51.100.1",
"CPU_TIME": "17",
"DB_TOTAL_TIME": "1112793",
"EVENT_TYPE": "AuraRequest",
"LOGIN_KEY": "9870000000012300",
"ORGANIZATION_ID": "000ABC000000123",
"REQUEST_ID": "1230000000000000000-12",
"REQUEST_METHOD": "POST",
"REQUEST_STATUS": "",
"RUN_TIME": "20",
"SESSION_KEY": "9870000000012300",
"TIMESTAMP": "20230317172646.960",
"TIMESTAMP_DERIVED": "2023-03-17T17:26:46.960Z",
"URI": "/aura",
"URI_ID_DERIVED": "",
"USER_AGENT": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/198.51.100.2 Safari/537.36",
"USER_ID": "000000000000123",
"USER_ID_DERIVED": "000000000000123AbC",
"USER_TYPE": "Standard"
}
A resource was updated.
A resource was updated.
{
"ACTION_MESSAGE": "1$aura://RecordUiController/ACTION$updateRecord=574",
"CLIENT_IP": "198.51.100.1",
"CPU_TIME": "426",
"DB_TOTAL_TIME": "175309327",
"EVENT_TYPE": "AuraRequest",
"LOGIN_KEY": "9870000000012300",
"ORGANIZATION_ID": "000ABC000000123",
"REQUEST_ID": "1230000000000000000-12",
"REQUEST_METHOD": "POST",
"REQUEST_STATUS": "",
"RUN_TIME": "614",
"SESSION_KEY": "9870000000012300",
"TIMESTAMP": "20230317165202.419",
"TIMESTAMP_DERIVED": "2023-03-17T16:52:02.419Z",
"URI": "/aura",
"URI_ID_DERIVED": "",
"USER_AGENT": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/198.51.100.2 Safari/537.36",
"USER_ID": "000000000000123",
"USER_ID_DERIVED": "000000000000123AbC",
"USER_TYPE": "Standard"
}
A resource was removed or deleted.
A resource was removed or deleted.
{
"ACTION_MESSAGE": "1$apex://EmailMessageService/ACTION$deleteEmailDrafts=21",
"CLIENT_IP": "198.51.100.1",
"CPU_TIME": "40",
"DB_TOTAL_TIME": "7612998",
"EVENT_TYPE": "AuraRequest",
"LOGIN_KEY": "9870000000012300",
"ORGANIZATION_ID": "000ABC000000123",
"REQUEST_ID": "1230000000000000000-12",
"REQUEST_METHOD": "POST",
"REQUEST_STATUS": "",
"RUN_TIME": "49",
"SESSION_KEY": "9870000000012300",
"TIMESTAMP": "20230317141457.834",
"TIMESTAMP_DERIVED": "2023-03-17T14:14:57.834Z",
"URI": "/aura",
"URI_ID_DERIVED": "",
"USER_AGENT": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/198.51.100.2 Safari/537.36",
"USER_ID": "000000000000123",
"USER_ID_DERIVED": "000000000000123AbC",
"USER_TYPE": "Standard"
}
A resource was downloaded.
A resource was downloaded.
Provides details of requests to Apex methods from Aura and Lightning web components.
Storage Duration: 30 Days
N/A
Duration: 3 Hours
N/A
Events (3)
An account attempted to login to a system.
An account attempted to login to a system.
{
"API_TYPE": "",
"API_VERSION": "9998.0",
"AUTHENTICATION_METHOD_REFERENCE": "",
"BROWSER_TYPE": "python-requests/2.28.2",
"CIPHER_SUITE": "ECDHE-RSA-AES256-GCM-SHA384",
"CLIENT_IP": "Salesforce.com IP",
"CPU_TIME": "31",
"DB_TOTAL_TIME": "72839779",
"EVENT_TYPE": "Login",
"LOGIN_KEY": "9870000000012300",
"LOGIN_STATUS": "LOGIN_OAUTH_NO_CONSUMER",
"LOGIN_SUB_TYPE": "",
"LOGIN_TYPE": "i",
"ORGANIZATION_ID": "000ABC000000123",
"REQUEST_ID": "1230000000000000000-12",
"REQUEST_STATUS": "",
"RUN_TIME": "213",
"SESSION_KEY": "",
"SOURCE_IP": "198.51.100.1",
"TIMESTAMP": "20230315013819.200",
"TIMESTAMP_DERIVED": "2023-03-15T01:38:19.151Z",
"TLS_PROTOCOL": "TLSv1.2",
"URI": "/services/oauth2/token",
"URI_ID_DERIVED": "",
"USER_ID": "000000000000123",
"USER_ID_DERIVED": "000000000000123AbC",
"USER_NAME": "john@example.com",
"USER_TYPE": "Standard"
}
An account attempted to logout of a system.
An account attempted to logout of a system.
Enter or acknowledge an MFA factor which indicates success or failure.
Enter or acknowledge an MFA factor which indicates success or failure.
Events (18)
Creates a user.
Creates a user.
Reads information about a user.
Reads information about a user.
Updates information about a user.
Updates information about a user.
Removes or deletes a user.
Removes or deletes a user.
Creates a logical group.
Creates a logical group.
Reads a group.
Reads a group.
Updates a group.
Updates a group.
Removes or deletes a group.
Removes or deletes a group.
Adds a service, user or account to a group.
Adds a service, user or account to a group.
Removes a service, user or account from a group.
Removes a service, user or account from a group.
Creates a new role.
Creates a new role.
Reads a role.
Reads a role.
Updates a role.
Updates a role.
Removes or deletes a role.
Removes or deletes a role.
Adds a permission to a resource.
Adds a permission to a resource.
Removes a permission from a resource.
Removes a permission from a resource.
A MFA enrollment was added to an account.
A MFA enrollment was added to an account.
A MFA enrollment was removed from an account.
A MFA enrollment was removed from an account.
Events (8)
Creates a security configuration policy or enables settings.
Creates a security configuration policy or enables settings.
Reads a security configuration policy or settings.
Reads a security configuration policy or settings.
Updates a security configuration policy or settings.
Updates a security configuration policy or settings.
Removes or deletes a security configuration policy or setting.
Removes or deletes a security configuration policy or setting.
Creates a new integration.
Creates a new integration.
Reads an existing integration.
Reads an existing integration.
Updates an existing integration.
Updates an existing integration.
Removes or deletes an existing integration.
Removes or deletes an existing integration.
Events (5)
A resource was created.
A resource was created.
A resource was read.
A resource was read.
A resource was updated.
A resource was updated.
A resource was removed or deleted.
A resource was removed or deleted.
A resource was downloaded.
A resource was downloaded.
This event source is to track login events in Salesforce.
Storage Duration: 1 Day
Available for free with 1 day retention, otherwise requires an add-on subscription for 30 day retention.
Duration: 3 Hours
Available for free with 1 day retention, otherwise requires an add-on subscription for 30 day retention.
Events (3)
An account attempted to login to a system.
An account attempted to login to a system.
An account attempted to logout of a system.
An account attempted to logout of a system.
{
"API_TYPE": "",
"API_VERSION,USER_INITIATED_LOGOUT": "1",
"APP_TYPE": "1000",
"BROWSER_TYPE": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/198.51.100.1 Safari/537.36",
"CLIENT_IP": "198.51.100.2",
"CLIENT_VERSION": "9998.0",
"EVENT_TYPE": "Logout",
"LOGIN_KEY": "9870000000012300",
"ORGANIZATION_ID": "000ABC000000123",
"PLATFORM_TYPE": "2003",
"REQUEST_ID": "1230000000000000000-12",
"RESOLUTION_TYPE": "9999",
"SESSION_KEY": "9870000000012300",
"SESSION_LEVEL": "HIGH_ASSURANCE(db=10,api=HIGH_ASSURANCE)",
"SESSION_TYPE": "UI",
"TIMESTAMP": "20230316210747.600",
"TIMESTAMP_DERIVED": "2023-03-16T21:07:47.645Z",
"USER_ID": "000000000000123",
"USER_ID_DERIVED": "000000000000123AbC",
"USER_TYPE": "Standard(db=S,api=Standard)"
}
Enter or acknowledge an MFA factor which indicates success or failure.
Enter or acknowledge an MFA factor which indicates success or failure.
Events (18)
Creates a user.
Creates a user.
Reads information about a user.
Reads information about a user.
Updates information about a user.
Updates information about a user.
Removes or deletes a user.
Removes or deletes a user.
Creates a logical group.
Creates a logical group.
Reads a group.
Reads a group.
Updates a group.
Updates a group.
Removes or deletes a group.
Removes or deletes a group.
Adds a service, user or account to a group.
Adds a service, user or account to a group.
Removes a service, user or account from a group.
Removes a service, user or account from a group.
Creates a new role.
Creates a new role.
Reads a role.
Reads a role.
Updates a role.
Updates a role.
Removes or deletes a role.
Removes or deletes a role.
Adds a permission to a resource.
Adds a permission to a resource.
Removes a permission from a resource.
Removes a permission from a resource.
A MFA enrollment was added to an account.
A MFA enrollment was added to an account.
A MFA enrollment was removed from an account.
A MFA enrollment was removed from an account.
Events (8)
Creates a security configuration policy or enables settings.
Creates a security configuration policy or enables settings.
Reads a security configuration policy or settings.
Reads a security configuration policy or settings.
Updates a security configuration policy or settings.
Updates a security configuration policy or settings.
Removes or deletes a security configuration policy or setting.
Removes or deletes a security configuration policy or setting.
Creates a new integration.
Creates a new integration.
Reads an existing integration.
Reads an existing integration.
Updates an existing integration.
Updates an existing integration.
Removes or deletes an existing integration.
Removes or deletes an existing integration.
Events (5)
A resource was created.
A resource was created.
A resource was read.
A resource was read.
A resource was updated.
A resource was updated.
A resource was removed or deleted.
A resource was removed or deleted.
A resource was downloaded.
A resource was downloaded.
This event source is to track logout events in Salesforce.
Storage Duration: 1 Day
Available for free with 1 day retention, otherwise requires an add-on subscription for 30 day retention.
Duration: 3 Hours
Available for free with 1 day retention, otherwise requires an add-on subscription for 30 day retention.
Events (3)
An account attempted to login to a system.
An account attempted to login to a system.
An account attempted to logout of a system.
An account attempted to logout of a system.
Enter or acknowledge an MFA factor which indicates success or failure.
Enter or acknowledge an MFA factor which indicates success or failure.
Events (18)
Creates a user.
Creates a user.
Reads information about a user.
Reads information about a user.
Updates information about a user.
Updates information about a user.
Removes or deletes a user.
Removes or deletes a user.
Creates a logical group.
Creates a logical group.
Reads a group.
Reads a group.
Updates a group.
Updates a group.
Removes or deletes a group.
Removes or deletes a group.
Adds a service, user or account to a group.
Adds a service, user or account to a group.
Removes a service, user or account from a group.
Removes a service, user or account from a group.
Creates a new role.
Creates a new role.
Reads a role.
Reads a role.
Updates a role.
Updates a role.
Removes or deletes a role.
Removes or deletes a role.
Adds a permission to a resource.
Adds a permission to a resource.
Removes a permission from a resource.
Removes a permission from a resource.
A MFA enrollment was added to an account.
A MFA enrollment was added to an account.
A MFA enrollment was removed from an account.
A MFA enrollment was removed from an account.
Events (8)
Creates a security configuration policy or enables settings.
Creates a security configuration policy or enables settings.
Reads a security configuration policy or settings.
Reads a security configuration policy or settings.
Updates a security configuration policy or settings.
Updates a security configuration policy or settings.
Removes or deletes a security configuration policy or setting.
Removes or deletes a security configuration policy or setting.
Creates a new integration.
Creates a new integration.
Reads an existing integration.
Reads an existing integration.
Updates an existing integration.
Updates an existing integration.
Removes or deletes an existing integration.
Removes or deletes an existing integration.
Events (5)
A resource was created.
A resource was created.
{
"API_TYPE": "P",
"API_VERSION": "39.0",
"CLIENT_IP": "198.51.100.1",
"CLIENT_NAME": "vendor/integration_app",
"CPU_TIME": "1100",
"DB_BLOCKS": "19693",
"DB_CPU_TIME": "480",
"DB_TOTAL_TIME": "741700210",
"ENTITY_NAME": "Customer_Account__c",
"EVENT_TYPE": "API",
"EXCEPTION_MESSAGE": "",
"LOGIN_KEY": "9870000000012300",
"METHOD_NAME": "insert",
"ORGANIZATION_ID": "000ABC000000123",
"REQUEST_ID": "1230000000000000000-12",
"REQUEST_SIZE": "35084",
"REQUEST_STATUS": "",
"RESPONSE_SIZE": "2406",
"ROWS_PROCESSED": "36",
"RUN_TIME": "1948",
"SESSION_KEY": "9870000000012300",
"TIMESTAMP": "20230320145944.655",
"TIMESTAMP_DERIVED": "2023-03-20T14:59:44.655Z",
"URI": "Api",
"URI_ID_DERIVED": "",
"USER_ID": "000000000000123",
"USER_ID_DERIVED": "000000000000123AbC",
"USER_TYPE": "Standard"
}
A resource was read.
A resource was read.
{
"API_TYPE": "P",
"API_VERSION": "54.0",
"CLIENT_IP": "198.51.100.1",
"CLIENT_NAME": "vendor/integration_app",
"CPU_TIME": "48",
"DB_BLOCKS": "5251",
"DB_CPU_TIME": "20",
"DB_TOTAL_TIME": "46672557",
"ENTITY_NAME": "Customer_Account__c",
"EVENT_TYPE": "API",
"EXCEPTION_MESSAGE": "",
"LOGIN_KEY": "9870000000012300",
"METHOD_NAME": "query",
"ORGANIZATION_ID": "000ABC000000123",
"REQUEST_ID": "1230000000000000000-12",
"REQUEST_SIZE": "1382",
"REQUEST_STATUS": "",
"RESPONSE_SIZE": "38019",
"ROWS_PROCESSED": "27",
"RUN_TIME": "97",
"SESSION_KEY": "9870000000012300",
"TIMESTAMP": "20230320145933.958",
"TIMESTAMP_DERIVED": "2023-03-20T14:59:33.958Z",
"URI": "Api",
"URI_ID_DERIVED": "",
"USER_ID": "000000000000123",
"USER_ID_DERIVED": "000000000000123AbC",
"USER_TYPE": "Standard"
}
A resource was updated.
A resource was updated.
{
"API_TYPE": "P",
"API_VERSION": "45.0",
"CLIENT_IP": "198.51.100.1",
"CLIENT_NAME": "vendor/integration_app",
"CPU_TIME": "737",
"DB_BLOCKS": "3524",
"DB_CPU_TIME": "130",
"DB_TOTAL_TIME": "252705921",
"ENTITY_NAME": "Customer_Account__c",
"EVENT_TYPE": "API",
"EXCEPTION_MESSAGE": "",
"LOGIN_KEY": "9870000000012300",
"METHOD_NAME": "update",
"ORGANIZATION_ID": "000ABC000000123",
"REQUEST_ID": "1230000000000000000-12",
"REQUEST_SIZE": "1409",
"REQUEST_STATUS": "",
"RESPONSE_SIZE": "462",
"ROWS_PROCESSED": "0",
"RUN_TIME": "1035",
"SESSION_KEY": "9870000000012300",
"TIMESTAMP": "20230320145959.965",
"TIMESTAMP_DERIVED": "2023-03-20T14:59:59.965Z",
"URI": "Api",
"URI_ID_DERIVED": "",
"USER_ID": "000000000000123",
"USER_ID_DERIVED": "000000000000123AbC",
"USER_TYPE": "Standard"
}
A resource was removed or deleted.
A resource was removed or deleted.
{
"API_TYPE": "E",
"API_VERSION": "54.0",
"CLIENT_IP": "198.51.100.1",
"CLIENT_NAME": "vendor/integration_app",
"CPU_TIME": "253",
"DB_BLOCKS": "5356",
"DB_CPU_TIME": "140",
"DB_TOTAL_TIME": "228432560",
"ENTITY_NAME": "Customer_Account__c",
"EVENT_TYPE": "API",
"EXCEPTION_MESSAGE": "",
"LOGIN_KEY": "9870000000012300",
"METHOD_NAME": "delete",
"ORGANIZATION_ID": "000ABC000000123",
"REQUEST_ID": "1230000000000000000-12",
"REQUEST_SIZE": "690",
"REQUEST_STATUS": "",
"RESPONSE_SIZE": "464",
"ROWS_PROCESSED": "0",
"RUN_TIME": "498",
"SESSION_KEY": "9870000000012300",
"TIMESTAMP": "20230320051932.701",
"TIMESTAMP_DERIVED": "2023-03-20T05:19:32.701Z",
"URI": "Api",
"URI_ID_DERIVED": "",
"USER_ID": "000000000000123",
"USER_ID_DERIVED": "000000000000123AbC",
"USER_TYPE": "Standard"
}
A resource was downloaded.
A resource was downloaded.
{
"API_TYPE": "P",
"API_VERSION": "54.0",
"CLIENT_IP": "198.51.100.1",
"CLIENT_NAME": "vendor/integration_app",
"CPU_TIME": "335",
"DB_BLOCKS": "11565",
"DB_CPU_TIME": "30",
"DB_TOTAL_TIME": "26718766",
"ENTITY_NAME": "Customer_Account__c",
"EVENT_TYPE": "API",
"EXCEPTION_MESSAGE": "",
"LOGIN_KEY": "9870000000012300",
"METHOD_NAME": "query_all",
"ORGANIZATION_ID": "000ABC000000123",
"REQUEST_ID": "1230000000000000000-12",
"REQUEST_SIZE": "818",
"REQUEST_STATUS": "",
"RESPONSE_SIZE": "296630",
"ROWS_PROCESSED": "100000",
"RUN_TIME": "672",
"SESSION_KEY": "9870000000012300",
"TIMESTAMP": "20230317180424.293",
"TIMESTAMP_DERIVED": "2023-03-17T18:04:24.293Z",
"URI": "Api",
"URI_ID_DERIVED": "",
"USER_ID": "000000000000123",
"USER_ID_DERIVED": "000000000000123AbC",
"USER_TYPE": "Standard"
}
Provides details about a Salesforce org's SOAP API request activity.
Storage Duration: 30 Days
N/A
Duration: 3 Hours
N/A
Events (3)
An account attempted to login to a system.
An account attempted to login to a system.
An account attempted to logout of a system.
An account attempted to logout of a system.
Enter or acknowledge an MFA factor which indicates success or failure.
Enter or acknowledge an MFA factor which indicates success or failure.
Events (18)
Creates a user.
Creates a user.
Reads information about a user.
Reads information about a user.
Updates information about a user.
Updates information about a user.
Removes or deletes a user.
Removes or deletes a user.
Creates a logical group.
Creates a logical group.
Reads a group.
Reads a group.
Updates a group.
Updates a group.
Removes or deletes a group.
Removes or deletes a group.
Adds a service, user or account to a group.
Adds a service, user or account to a group.
Removes a service, user or account from a group.
Removes a service, user or account from a group.
Creates a new role.
Creates a new role.
Reads a role.
Reads a role.
Updates a role.
Updates a role.
Removes or deletes a role.
Removes or deletes a role.
Adds a permission to a resource.
Adds a permission to a resource.
Removes a permission from a resource.
Removes a permission from a resource.
A MFA enrollment was added to an account.
A MFA enrollment was added to an account.
A MFA enrollment was removed from an account.
A MFA enrollment was removed from an account.
Events (8)
Creates a security configuration policy or enables settings.
Creates a security configuration policy or enables settings.
Reads a security configuration policy or settings.
Reads a security configuration policy or settings.
Updates a security configuration policy or settings.
Updates a security configuration policy or settings.
Removes or deletes a security configuration policy or setting.
Removes or deletes a security configuration policy or setting.
Creates a new integration.
Creates a new integration.
Reads an existing integration.
Reads an existing integration.
Updates an existing integration.
Updates an existing integration.
Removes or deletes an existing integration.
Removes or deletes an existing integration.
Events (5)
A resource was created.
A resource was created.
A resource was read.
A resource was read.
{
"channel": "/event/ApiEventStream",
"data":
{
"event":
{
"replayId": ""
},
"payload":
{
"AdditionalInfo": "{}",
"ApiType": "REST",
"ApiVersion": 51.0,
"Application": "N/A",
"Client": null,
"ConnectedAppId": "567000000abc0004",
"CreatedDate": "2023-03-21T19:42:15.033+0000",
"ElapsedTime": 79,
"EvaluationTime": 0.0,
"EventDate": "2023-03-21T19:42:13.264+0000",
"EventIdentifier": "abcdefgh-1234-0000-0000-000000000001",
"LoginHistoryId": "000123000abc0004",
"LoginKey": "9870000000012300",
"Operation": "Query",
"Platform": "Unknown",
"PolicyId": null,
"PolicyOutcome": null,
"QueriedEntities": "Customer_Account__c",
"Query": "Select name, record, status__c, from Account where LastModifiedDate >= 2023-01-01T12:00:00Z ORDER BY LastModifiedDate ASC",
"Records": "{\"totalSize\":1000,\"done\":false,\"records\":[{\"attributes\":{\"type\":\"Account\"},\"Id\":\"0000G000000000123\",\"Name\":\"Sample Account 1\"},{\"attributes\":{\"type\":\"Account\"},\"Id\":\"0000G000000000124\",\"Name\":\"Sample Account 2\"}]}",
"RelatedEventIdentifier": null,
"RowsProcessed": 0.0,
"SessionKey": "9870000000012300",
"SessionLevel": "STANDARD",
"SourceIp": "198.51.100.1",
"UserAgent": "Python-httplib2/0.19.0 (gzip)",
"UserId": "000000000000123AbC",
"Username": "john@example.com",
"attributes":
{
"type": "ApiEvent",
"url": "/services/data/v55.0/sobjects/ApiEvent/000000000000000AAA"
}
},
"schema": "AppOmni"
}
}
A resource was updated.
A resource was updated.
A resource was removed or deleted.
A resource was removed or deleted.
A resource was downloaded.
A resource was downloaded.
{
"channel": "/event/ApiEventStream",
"data":
{
"event":
{
"replayId": ""
},
"payload":
{
"AdditionalInfo": "{}",
"ApiType": "REST",
"ApiVersion": 50.0,
"Application": "N/A",
"Client": null,
"ConnectedAppId": null,
"CreatedDate": "2023-03-21T10:04:45.101+0000",
"ElapsedTime": 430,
"EvaluationTime": 0.0,
"EventDate": "2023-03-21T10:04:39.747+0000",
"EventIdentifier": "abcdefgh-1234-0000-0000-000000000001",
"LoginHistoryId": "000123000abc0004",
"LoginKey": "9870000000012300",
"Operation": "QueryMore",
"Platform": "Unknown",
"PolicyId": null,
"PolicyOutcome": null,
"QueriedEntities": "Customer_Account__c",
"Query": "Select name, record, status__c, from Account where LastModifiedDate >= 2023-01-01T12:00:00Z ORDER BY LastModifiedDate ASC",
"Records": "{\"totalSize\":1000,\"done\":false,\"records\":[{\"attributes\":{\"type\":\"Account\"},\"Id\":\"0000G000000000123\",\"Name\":\"Sample Account 1\"},{\"attributes\":{\"type\":\"Account\"},\"Id\":\"0000G000000000124\",\"Name\":\"Sample Account 2\"}]}",
"RelatedEventIdentifier": null,
"RowsProcessed": 1000364.0,
"SessionKey": "9870000000012300",
"SessionLevel": "STANDARD",
"SourceIp": "198.51.100.1",
"UserAgent": "python-requests/2.28.2",
"UserId": "000000000000123AbC",
"Username": "john@example.com",
"attributes":
{
"type": "ApiEvent",
"url": "/services/data/v55.0/sobjects/ApiEvent/000000000000000AAA"
}
},
"schema": "AppOmni"
}
}
Tracks the user-initiated read-only API calls "query()", "queryMore()", and "count()". Captures API requests through SOAP API and Bulk API.
Storage Duration: 6 Months
N/A
Duration: Real-Time
N/A
Events (3)
An account attempted to login to a system.
An account attempted to login to a system.
An account attempted to logout of a system.
An account attempted to logout of a system.
Enter or acknowledge an MFA factor which indicates success or failure.
Enter or acknowledge an MFA factor which indicates success or failure.
Events (18)
Creates a user.
Creates a user.
Reads information about a user.
Reads information about a user.
Updates information about a user.
Updates information about a user.
Removes or deletes a user.
Removes or deletes a user.
Creates a logical group.
Creates a logical group.
Reads a group.
Reads a group.
Updates a group.
Updates a group.
Removes or deletes a group.
Removes or deletes a group.
Adds a service, user or account to a group.
Adds a service, user or account to a group.
Removes a service, user or account from a group.
Removes a service, user or account from a group.
Creates a new role.
Creates a new role.
Reads a role.
Reads a role.
Updates a role.
Updates a role.
Removes or deletes a role.
Removes or deletes a role.
Adds a permission to a resource.
Adds a permission to a resource.
Removes a permission from a resource.
Removes a permission from a resource.
A MFA enrollment was added to an account.
A MFA enrollment was added to an account.
A MFA enrollment was removed from an account.
A MFA enrollment was removed from an account.
Events (8)
Creates a security configuration policy or enables settings.
Creates a security configuration policy or enables settings.
Reads a security configuration policy or settings.
Reads a security configuration policy or settings.
Updates a security configuration policy or settings.
Updates a security configuration policy or settings.
Removes or deletes a security configuration policy or setting.
Removes or deletes a security configuration policy or setting.
Creates a new integration.
Creates a new integration.
Reads an existing integration.
Reads an existing integration.
Updates an existing integration.
Updates an existing integration.
Removes or deletes an existing integration.
Removes or deletes an existing integration.
Events (5)
A resource was created.
A resource was created.
{
"channel": "/event/BulkApiResultEvent",
"data":
{
"event":
{
"replayId": ""
},
"payload":
{
"CreatedDate": "2023-03-22T15:07:23.864+0000",
"EvaluationTime": 0.0,
"EventDate": "2023-03-22T15:07:16.240+0000",
"EventIdentifier": "abcdefgh-1234-0000-0000-000000000001",
"Id": "000000000000000AAA",
"LoginHistoryId": "000123000abc0004",
"LoginKey": "9870000000012300",
"PolicyId": null,
"PolicyOutcome": null,
"Query": "Select name, record, status__c, from Account where LastModifiedDate >= 2023-01-01T12:00:00Z ORDER BY LastModifiedDate ASC",
"RelatedEventIdentifier": null,
"SessionKey": "9870000000012300",
"SessionLevel": "STANDARD",
"SourceIp": "198.51.100.1",
"UserId": "000000000000123AbC",
"Username": "john@example.com",
"attributes":
{
"type": "BulkApiResultEventStore",
"url": "/services/data/v55.0/sobjects/BulkApiResultEventStore/000000000000000AAA"
}
},
"schema": "AppOmni"
}
}
A resource was read.
A resource was read.
A resource was updated.
A resource was updated.
A resource was removed or deleted.
A resource was removed or deleted.
A resource was downloaded.
A resource was downloaded.
Tracks when a user downloads the results of a Bulk API request.
Storage Duration: 6 Months
N/A
Duration: Real-Time
N/A
Events (3)
An account attempted to login to a system.
An account attempted to login to a system.
An account attempted to logout of a system.
An account attempted to logout of a system.
Enter or acknowledge an MFA factor which indicates success or failure.
Enter or acknowledge an MFA factor which indicates success or failure.
{
"channel": "/event/IdentityVerificationEvent",
"data":
{
"event":
{
"replayId": ""
},
"payload":
{
"Activity": "Login",
"City": "San Francisco",
"Country": "United States",
"CountryIso": "US",
"CreatedDate": "2023-03-08T16:50:51.554+0000",
"EventDate": "2023-03-08T16:50:46.153+0000",
"EventGroup": "000000033",
"EventIdentifier": "abcdefgh-1234-0000-0000-000000000001",
"Id": "000000000000000AAA",
"Latitude": 38.1111,
"LoginHistoryId": "000000000000123AbC",
"LoginKey": "9870000000012300",
"Longitude": 38.1111,
"Policy": "TwoFactorAuthentication",
"PostalCode": "94107",
"Remarks": null,
"ResourceId": null,
"SessionKey": "9870000000012300",
"SessionLevel": "STANDARD",
"SourceIp": "2001db8fffffffffffffffffffffffa",
"Status": "Succeeded",
"Subdivision": "New York",
"UserId": "000000000000123AbC",
"Username": "john@example.com",
"VerificationMethod": "Totp",
"attributes":
{
"type": "IdentityVerificationEvent",
"url": "/services/data/v55.0/sobjects/IdentityVerificationEvent/000000000000000AAA"
}
},
"schema": "AppOmni"
}
}
Events (18)
Creates a user.
Creates a user.
Reads information about a user.
Reads information about a user.
Updates information about a user.
Updates information about a user.
Removes or deletes a user.
Removes or deletes a user.
Creates a logical group.
Creates a logical group.
Reads a group.
Reads a group.
Updates a group.
Updates a group.
Removes or deletes a group.
Removes or deletes a group.
Adds a service, user or account to a group.
Adds a service, user or account to a group.
Removes a service, user or account from a group.
Removes a service, user or account from a group.
Creates a new role.
Creates a new role.
Reads a role.
Reads a role.
Updates a role.
Updates a role.
Removes or deletes a role.
Removes or deletes a role.
Adds a permission to a resource.
Adds a permission to a resource.
Removes a permission from a resource.
Removes a permission from a resource.
A MFA enrollment was added to an account.
A MFA enrollment was added to an account.
A MFA enrollment was removed from an account.
A MFA enrollment was removed from an account.
Events (8)
Creates a security configuration policy or enables settings.
Creates a security configuration policy or enables settings.
Reads a security configuration policy or settings.
Reads a security configuration policy or settings.
Updates a security configuration policy or settings.
Updates a security configuration policy or settings.
Removes or deletes a security configuration policy or setting.
Removes or deletes a security configuration policy or setting.
Creates a new integration.
Creates a new integration.
Reads an existing integration.
Reads an existing integration.
Updates an existing integration.
Updates an existing integration.
Removes or deletes an existing integration.
Removes or deletes an existing integration.
Events (5)
A resource was created.
A resource was created.
A resource was read.
A resource was read.
A resource was updated.
A resource was updated.
A resource was removed or deleted.
A resource was removed or deleted.
A resource was downloaded.
A resource was downloaded.
Tracks user identity verification events in a Salesforce org.
Storage Duration: 10 Years
N/A
Duration: Real-Time
N/A
Events (3)
An account attempted to login to a system.
An account attempted to login to a system.
An account attempted to logout of a system.
An account attempted to logout of a system.
Enter or acknowledge an MFA factor which indicates success or failure.
Enter or acknowledge an MFA factor which indicates success or failure.
Events (18)
Creates a user.
Creates a user.
Reads information about a user.
Reads information about a user.
Updates information about a user.
Updates information about a user.
Removes or deletes a user.
Removes or deletes a user.
Creates a logical group.
Creates a logical group.
Reads a group.
Reads a group.
Updates a group.
Updates a group.
Removes or deletes a group.
Removes or deletes a group.
Adds a service, user or account to a group.
Adds a service, user or account to a group.
Removes a service, user or account from a group.
Removes a service, user or account from a group.
Creates a new role.
Creates a new role.
Reads a role.
Reads a role.
Updates a role.
Updates a role.
Removes or deletes a role.
Removes or deletes a role.
Adds a permission to a resource.
Adds a permission to a resource.
Removes a permission from a resource.
Removes a permission from a resource.
A MFA enrollment was added to an account.
A MFA enrollment was added to an account.
A MFA enrollment was removed from an account.
A MFA enrollment was removed from an account.
Events (8)
Creates a security configuration policy or enables settings.
Creates a security configuration policy or enables settings.
Reads a security configuration policy or settings.
Reads a security configuration policy or settings.
Updates a security configuration policy or settings.
Updates a security configuration policy or settings.
Removes or deletes a security configuration policy or setting.
Removes or deletes a security configuration policy or setting.
Creates a new integration.
Creates a new integration.
Reads an existing integration.
Reads an existing integration.
Updates an existing integration.
Updates an existing integration.
Removes or deletes an existing integration.
Removes or deletes an existing integration.
Events (5)
A resource was created.
A resource was created.
{
"channel": "/event/LightningUriEventStream",
"data":
{
"event":
{
"replayId": ""
},
"payload":
{
"AppName": "one:one",
"ConnectionType": null,
"CreatedDate": "2023-03-21T22:33:26.221+0000",
"DeviceId": null,
"DeviceModel": null,
"DevicePlatform": "SFX:BROWSER:DESKTOP",
"DeviceSessionId": "0000000000000000000000000000000000000001",
"Duration": 0.0,
"EffectivePageTime": 0.0,
"EventDate": "2023-03-21T22:33:21.481+0000",
"EventIdentifier": "abcdefgh-1234-0000-0000-000000000001",
"LoginKey": "987abc0000012400",
"Operation": "Create",
"OsName": "WINDOWS",
"OsVersion": "10",
"PageStartTime": "2023-03-21T22:11:37.378+0000",
"PageUrl": "/lightning/o/Case/new?count=1",
"PreviousPageAppName": null,
"PreviousPageEntityId": null,
"PreviousPageEntityType": null,
"PreviousPageUrl": null,
"QueriedEntities": "Customer_Account__c",
"RecordId": "120000033000123AbC",
"RelatedEventIdentifier": null,
"SdkAppType": null,
"SdkAppVersion": null,
"SdkVersion": null,
"SessionKey": "987abc0000012400",
"SessionLevel": "STANDARD",
"SourceIp": "198.51.100.1",
"UserId": "000000000000123AbC",
"UserType": "Standard",
"Username": "john@example.com",
"attributes":
{
"type": "LightningUriEvent",
"url": "/services/data/v55.0/sobjects/LightningUriEvent/000000000000000AAA"
}
},
"schema": "AppOmni"
}
}
A resource was read.
A resource was read.
{
"channel": "/event/LightningUriEventStream",
"data":
{
"event":
{
"replayId": ""
},
"payload":
{
"AppName": "one:one",
"ConnectionType": null,
"CreatedDate": "2023-03-21T20:59:37.010+0000",
"DeviceId": null,
"DeviceModel": null,
"DevicePlatform": "SFX:BROWSER:DESKTOP",
"DeviceSessionId": "0000000000000000000000000000000000000001",
"Duration": 7029.0,
"EffectivePageTime": 0.0,
"EventDate": "2023-03-21T20:59:33.069+0000",
"EventIdentifier": "abcdefgh-1234-0000-0000-000000000001",
"LoginKey": "9870000000012300",
"Operation": "Read",
"OsName": "OSX",
"OsVersion": "10.15.7",
"PageStartTime": "2023-03-21T20:57:39.770+0000",
"PageUrl": "/lightning/o/Case/new?count=1",
"PreviousPageAppName": "LightningSales",
"PreviousPageEntityId": "345000000mnp0004",
"PreviousPageEntityType": "Account",
"PreviousPageUrl": "/lightning/r/Account/001300000000000000/view",
"QueriedEntities": "Customer_Account__c",
"RecordId": "000000000000123AbC",
"RelatedEventIdentifier": null,
"SdkAppType": null,
"SdkAppVersion": null,
"SdkVersion": null,
"SessionKey": "9870000000012300",
"SessionLevel": "STANDARD",
"SourceIp": "198.51.100.1",
"UserId": "000000000000123AbC",
"UserType": "Standard",
"Username": "john@example.com",
"attributes":
{
"type": "LightningUriEvent",
"url": "/services/data/v55.0/sobjects/LightningUriEvent/000000000000000AAA"
}
},
"schema": "AppOmni"
}
}
A resource was updated.
A resource was updated.
{
"channel": "/event/LightningUriEventStream",
"data":
{
"event":
{
"replayId": ""
},
"payload":
{
"AppName": "one:one",
"ConnectionType": null,
"CreatedDate": "2023-03-21T16:53:47.889+0000",
"DeviceId": null,
"DeviceModel": null,
"DevicePlatform": "SFX:BROWSER:DESKTOP",
"DeviceSessionId": "0000000000000000000000000000000000000001",
"Duration": 0.0,
"EffectivePageTime": 0.0,
"EventDate": "2023-03-21T16:53:40.730+0000",
"EventIdentifier": "abcdefgh-1234-0000-0000-000000000001",
"LoginKey": "9870000000012300",
"Operation": "Update",
"OsName": "OSX",
"OsVersion": "10.15.7",
"PageStartTime": "2023-03-21T16:52:46.442+0000",
"PageUrl": "/lightning/o/Case/new?count=1",
"PreviousPageAppName": null,
"PreviousPageEntityId": null,
"PreviousPageEntityType": null,
"PreviousPageUrl": null,
"QueriedEntities": "Customer_Account__c",
"RecordId": "000000000000123AbC",
"RelatedEventIdentifier": null,
"SdkAppType": null,
"SdkAppVersion": null,
"SdkVersion": null,
"SessionKey": "9870000000012300",
"SessionLevel": "STANDARD",
"SourceIp": "198.51.100.1",
"UserId": "000000000000123AbC",
"UserType": "Standard",
"Username": "john@example.com",
"attributes":
{
"type": "LightningUriEvent",
"url": "/services/data/v55.0/sobjects/LightningUriEvent/000000000000000AAA"
}
},
"schema": "AppOmni"
}
}
A resource was removed or deleted.
A resource was removed or deleted.
{
"channel": "/event/LightningUriEventStream",
"data":
{
"event":
{
"replayId": ""
},
"payload":
{
"AppName": "one:one",
"ConnectionType": null,
"CreatedDate": "2023-03-21T19:30:14.117+0000",
"DeviceId": null,
"DeviceModel": null,
"DevicePlatform": "SFX:BROWSER:DESKTOP",
"DeviceSessionId": "0000000000000000000000000000000000000001",
"Duration": 0.0,
"EffectivePageTime": 0.0,
"EventDate": "2023-03-21T19:30:05.644+0000",
"EventIdentifier": "abcdefgh-1234-0000-0000-000000000001",
"LoginKey": "9870000000012300",
"Operation": "Delete",
"OsName": "WINDOWS",
"OsVersion": "10",
"PageStartTime": "2023-03-21T19:17:24.981+0000",
"PageUrl": "/lightning/o/Case/new?count=1",
"PreviousPageAppName": null,
"PreviousPageEntityId": null,
"PreviousPageEntityType": null,
"PreviousPageUrl": null,
"QueriedEntities": "Customer_Account__c",
"RecordId": "000000000000123AbC",
"RelatedEventIdentifier": null,
"SdkAppType": null,
"SdkAppVersion": null,
"SdkVersion": null,
"SessionKey": "9870000000012300",
"SessionLevel": "HIGH_ASSURANCE",
"SourceIp": "198.51.100.1",
"UserId": "000000000000123AbC",
"UserType": "Standard",
"Username": "john@example.com",
"attributes":
{
"type": "LightningUriEvent",
"url": "/services/data/v55.0/sobjects/LightningUriEvent/000000000000000AAA"
}
},
"schema": "AppOmni"
}
}
A resource was downloaded.
A resource was downloaded.
Detects when a user creates, accesses, updates, or deletes a record in Lightning Experience only.
Storage Duration: 6 Months
N/A
Duration: Real-Time
N/A
Events (3)
An account attempted to login to a system.
An account attempted to login to a system.
An account attempted to logout of a system.
An account attempted to logout of a system.
Enter or acknowledge an MFA factor which indicates success or failure.
Enter or acknowledge an MFA factor which indicates success or failure.
Events (18)
Creates a user.
Creates a user.
Reads information about a user.
Reads information about a user.
Updates information about a user.
Updates information about a user.
Removes or deletes a user.
Removes or deletes a user.
Creates a logical group.
Creates a logical group.
Reads a group.
Reads a group.
Updates a group.
Updates a group.
Removes or deletes a group.
Removes or deletes a group.
Adds a service, user or account to a group.
Adds a service, user or account to a group.
Removes a service, user or account from a group.
Removes a service, user or account from a group.
Creates a new role.
Creates a new role.
Reads a role.
Reads a role.
Updates a role.
Updates a role.
Removes or deletes a role.
Removes or deletes a role.
Adds a permission to a resource.
Adds a permission to a resource.
Removes a permission from a resource.
Removes a permission from a resource.
A MFA enrollment was added to an account.
A MFA enrollment was added to an account.
A MFA enrollment was removed from an account.
A MFA enrollment was removed from an account.
Events (8)
Creates a security configuration policy or enables settings.
Creates a security configuration policy or enables settings.
Reads a security configuration policy or settings.
Reads a security configuration policy or settings.
Updates a security configuration policy or settings.
Updates a security configuration policy or settings.
Removes or deletes a security configuration policy or setting.
Removes or deletes a security configuration policy or setting.
Creates a new integration.
Creates a new integration.
Reads an existing integration.
Reads an existing integration.
Updates an existing integration.
Updates an existing integration.
Removes or deletes an existing integration.
Removes or deletes an existing integration.
Events (5)
A resource was created.
A resource was created.
A resource was read.
A resource was read.
{
"channel": "/event/ListViewEventStream",
"data":
{
"event":
{
"replayId": ""
},
"payload":
{
"AppName": null,
"ColumnHeaders": "Name,Sales_Strategy_Name__c,Customer__c.Name,Sales___c,Status__c",
"CreatedDate": "2023-03-20T16:26:00.349+0000",
"DeveloperName": "All_Sales_Strategy_Plans",
"EvaluationTime": 0.0,
"EventDate": "2023-03-20T16:25:52.850+0000",
"EventIdentifier": "abcdefgh-1234-0000-0000-000000000001",
"EventSource": "Classic",
"ExecutionIdentifier": "abcdefgh-1234-5678-0000-000000000001",
"FilterCriteria": "{\"whereCondition\":{\"type\":\"soqlCondition\",\"field\":\"RecordTypeId\",\"operator\":\"equals\",\"values\":[\"'0128000000000000\"]}}",
"ListViewId": "00B440000000000000",
"LoginHistoryId": "000123000abc0004",
"LoginKey": "9870000000012300",
"Name": "All Sales Call Plans",
"NumberOfColumns": 7,
"OrderBy": "[CreatedBy.Name ASC NULLS FIRST, Id ASC NULLS FIRST]",
"OwnerId": "000000000000000MAC",
"PolicyId": null,
"PolicyOutcome": null,
"QueriedEntities": "Customer_Account__c",
"Records": "{\"totalSize\":1000,\"done\":false,\"records\":[{\"attributes\":{\"type\":\"Account\"},\"Id\":\"0000G000000000123\",\"Name\":\"Sample Account 1\"},{\"attributes\":{\"type\":\"Account\"},\"Id\":\"0000G000000000124\",\"Name\":\"Sample Account 2\"}]}",
"RelatedEventIdentifier": null,
"RowsProcessed": 1000.0,
"Scope": "everything",
"Sequence": 4,
"SessionKey": "9870000000012300",
"SessionLevel": "HIGH_ASSURANCE",
"SourceIp": "198.51.100.1",
"UserId": "000000000000123AbC",
"Username": "john@example.com",
"attributes":
{
"type": "ListViewEvent",
"url": "/services/data/v55.0/sobjects/ListViewEvent/000000000000000AAA"
}
},
"schema": "AppOmni"
}
}
A resource was updated.
A resource was updated.
A resource was removed or deleted.
A resource was removed or deleted.
A resource was downloaded.
A resource was downloaded.
Tracks actions related to list views in Lightning Experience, Salesforce Classic, or the API. For example, the event captures when a user runs or exports a list view.
Storage Duration: 6 Months
N/A
Duration: Real-Time
N/A
Events (3)
An account attempted to login to a system.
An account attempted to login to a system.
{
"channel": "/event/LoginEventStream",
"data":
{
"event":
{
"replayId": ""
},
"payload":
{
"AdditionalInfo": "{}",
"ApiType": "N/A",
"ApiVersion": "N/A",
"Application": "Browser",
"AuthServiceId": "000000000000123AbC",
"Browser": "Chrome 110",
"CipherSuite": "ECDHE-RSA-AES256-GCM-SHA384",
"City": "San Francisco",
"ClientVersion": "N/A",
"Country": "United States",
"CountryIso": "US",
"CreatedDate": "2023-03-08T18:16:15.886+0000",
"EvaluationTime": 0.0,
"EventDate": "2023-03-08T18:16:11.493+0000",
"EventIdentifier": "abcdefgh-1234-0000-0000-000000000001",
"HttpMethod": "POST",
"LoginGeoId": "000000000000123AbC",
"LoginHistoryId": "000000000000123AbC",
"LoginKey": "987abc0000012400",
"LoginLatitude": 38.1111,
"LoginLongitude": 38.1111,
"LoginType": "SAML Sfdc Initiated SSO",
"LoginUrl": "my.login.salesforce.com",
"Platform": "Windows 10",
"PolicyId": null,
"PolicyOutcome": null,
"PostalCode": "94107",
"RelatedEventIdentifier": null,
"SessionKey": null,
"SessionLevel": "STANDARD",
"SourceIp": "198.51.100.1",
"Status": "Success",
"Subdivision": "Ohio",
"TlsProtocol": "TLS 1.2",
"UserId": "000000000000123AbC",
"UserType": "Standard",
"Username": "john@example.com",
"attributes":
{
"type": "LoginEvent",
"url": "/services/data/v55.0/sobjects/LoginEvent/000000000000000AAA"
}
},
"schema": "AppOmni"
}
}
An account attempted to logout of a system.
An account attempted to logout of a system.
Enter or acknowledge an MFA factor which indicates success or failure.
Enter or acknowledge an MFA factor which indicates success or failure.
Events (18)
Creates a user.
Creates a user.
Reads information about a user.
Reads information about a user.
Updates information about a user.
Updates information about a user.
Removes or deletes a user.
Removes or deletes a user.
Creates a logical group.
Creates a logical group.
Reads a group.
Reads a group.
Updates a group.
Updates a group.
Removes or deletes a group.
Removes or deletes a group.
Adds a service, user or account to a group.
Adds a service, user or account to a group.
Removes a service, user or account from a group.
Removes a service, user or account from a group.
Creates a new role.
Creates a new role.
Reads a role.
Reads a role.
Updates a role.
Updates a role.
Removes or deletes a role.
Removes or deletes a role.
Adds a permission to a resource.
Adds a permission to a resource.
Removes a permission from a resource.
Removes a permission from a resource.
A MFA enrollment was added to an account.
A MFA enrollment was added to an account.
A MFA enrollment was removed from an account.
A MFA enrollment was removed from an account.
Events (8)
Creates a security configuration policy or enables settings.
Creates a security configuration policy or enables settings.
Reads a security configuration policy or settings.
Reads a security configuration policy or settings.
Updates a security configuration policy or settings.
Updates a security configuration policy or settings.
Removes or deletes a security configuration policy or setting.
Removes or deletes a security configuration policy or setting.
Creates a new integration.
Creates a new integration.
Reads an existing integration.
Reads an existing integration.
Updates an existing integration.
Updates an existing integration.
Removes or deletes an existing integration.
Removes or deletes an existing integration.
Events (5)
A resource was created.
A resource was created.
A resource was read.
A resource was read.
A resource was updated.
A resource was updated.
A resource was removed or deleted.
A resource was removed or deleted.
A resource was downloaded.
A resource was downloaded.
Tracks login activity of users who log in to Salesforce.
Storage Duration: 10 Years
N/A
Duration: Real-Time
N/A
Events (3)
An account attempted to login to a system.
An account attempted to login to a system.
An account attempted to logout of a system.
An account attempted to logout of a system.
{
"channel": "/event/LogoutEventStream",
"data":
{
"event":
{
"replayId": ""
},
"payload":
{
"CreatedDate": "2023-03-01T19:33:54.885+0000",
"EventDate": "2023-03-01T19:33:50.037+0000",
"EventIdentifier": "abcdefgh-1234-0000-0000-000000000001",
"LoginKey": "9870000000012300",
"SessionKey": "9870000000012300",
"SessionLevel": "HIGH_ASSURANCE",
"SourceIp": "198.51.100.1",
"UserId": "000000000000123AbC",
"Username": "john@example.com",
"attributes":
{
"type": "LogoutEvent",
"url": "/services/data/v55.0/sobjects/LogoutEvent/000000000000000AAA"
}
},
"schema": "AppOmni"
}
}
Enter or acknowledge an MFA factor which indicates success or failure.
Enter or acknowledge an MFA factor which indicates success or failure.
Events (18)
Creates a user.
Creates a user.
Reads information about a user.
Reads information about a user.
Updates information about a user.
Updates information about a user.
Removes or deletes a user.
Removes or deletes a user.
Creates a logical group.
Creates a logical group.
Reads a group.
Reads a group.
Updates a group.
Updates a group.
Removes or deletes a group.
Removes or deletes a group.
Adds a service, user or account to a group.
Adds a service, user or account to a group.
Removes a service, user or account from a group.
Removes a service, user or account from a group.
Creates a new role.
Creates a new role.
Reads a role.
Reads a role.
Updates a role.
Updates a role.
Removes or deletes a role.
Removes or deletes a role.
Adds a permission to a resource.
Adds a permission to a resource.
Removes a permission from a resource.
Removes a permission from a resource.
A MFA enrollment was added to an account.
A MFA enrollment was added to an account.
A MFA enrollment was removed from an account.
A MFA enrollment was removed from an account.
Events (8)
Creates a security configuration policy or enables settings.
Creates a security configuration policy or enables settings.
Reads a security configuration policy or settings.
Reads a security configuration policy or settings.
Updates a security configuration policy or settings.
Updates a security configuration policy or settings.
Removes or deletes a security configuration policy or setting.
Removes or deletes a security configuration policy or setting.
Creates a new integration.
Creates a new integration.
Reads an existing integration.
Reads an existing integration.
Updates an existing integration.
Updates an existing integration.
Removes or deletes an existing integration.
Removes or deletes an existing integration.
Events (5)
A resource was created.
A resource was created.
A resource was read.
A resource was read.
A resource was updated.
A resource was updated.
A resource was removed or deleted.
A resource was removed or deleted.
A resource was downloaded.
A resource was downloaded.
A logout event records a successful user logout from the Salesforce user interface.
Storage Duration: 6 Months
N/A
Duration: Real-Time
N/A
Events (3)
An account attempted to login to a system.
An account attempted to login to a system.
An account attempted to logout of a system.
An account attempted to logout of a system.
Enter or acknowledge an MFA factor which indicates success or failure.
Enter or acknowledge an MFA factor which indicates success or failure.
Events (18)
Creates a user.
Creates a user.
Reads information about a user.
Reads information about a user.
Updates information about a user.
Updates information about a user.
Removes or deletes a user.
Removes or deletes a user.
Creates a logical group.
Creates a logical group.
Reads a group.
Reads a group.
Updates a group.
Updates a group.
Removes or deletes a group.
Removes or deletes a group.
Adds a service, user or account to a group.
Adds a service, user or account to a group.
Removes a service, user or account from a group.
Removes a service, user or account from a group.
Creates a new role.
Creates a new role.
Reads a role.
Reads a role.
Updates a role.
Updates a role.
Removes or deletes a role.
Removes or deletes a role.
Adds a permission to a resource.
Adds a permission to a resource.
Removes a permission from a resource.
Removes a permission from a resource.
A MFA enrollment was added to an account.
A MFA enrollment was added to an account.
A MFA enrollment was removed from an account.
A MFA enrollment was removed from an account.
Events (8)
Creates a security configuration policy or enables settings.
Creates a security configuration policy or enables settings.
Reads a security configuration policy or settings.
Reads a security configuration policy or settings.
Updates a security configuration policy or settings.
Updates a security configuration policy or settings.
Removes or deletes a security configuration policy or setting.
Removes or deletes a security configuration policy or setting.
Creates a new integration.
Creates a new integration.
Reads an existing integration.
Reads an existing integration.
Updates an existing integration.
Updates an existing integration.
Removes or deletes an existing integration.
Removes or deletes an existing integration.
Events (5)
A resource was created.
A resource was created.
A resource was read.
A resource was read.
{
"channel": "/event/ReportEventStream",
"data":
{
"event":
{
"replayId": ""
},
"payload":
{
"ColumnHeaders": "Name,Sales_Strategy_Name__c,Customer__c.Name,Sales___c,Status__c",
"CreatedDate": "2023-03-22T11:59:19.149+0000",
"DashboardId": null,
"DashboardName": null,
"Description": null,
"EvaluationTime": 0.0,
"EventDate": "2023-03-22T11:59:17.340+0000",
"EventIdentifier": "abcdefgh-1234-0000-0000-000000000001",
"EventSource": "Lightning",
"ExecutionIdentifier": "abcdefgh-1234-0000-stuv-000000000001",
"ExportFileFormat": null,
"Format": "Summary",
"IsScheduled": false,
"LoginHistoryId": "000123000abc0004",
"LoginKey": "9870000000012300",
"Name": "Financial Reports",
"NumberOfColumns": 7,
"Operation": "ReportRunFromLightning",
"OwnerId": "000000000000000AA2",
"PolicyId": null,
"PolicyOutcome": null,
"QueriedEntities": "Customer_Account__c",
"Records": "{\"totalSize\":1000,\"done\":false,\"records\":[{\"attributes\":{\"type\":\"Account\"},\"Id\":\"0000G000000000123\",\"Name\":\"Sample Account 1\"},{\"attributes\":{\"type\":\"Account\"},\"Id\":\"0000G000000000124\",\"Name\":\"Sample Account 2\"}]}",
"RelatedEventIdentifier": null,
"ReportId": "987000000abc0004Q",
"RowsProcessed": 1050.0,
"Scope": "organization",
"Sequence": 1,
"SessionKey": "9870000000012300",
"SessionLevel": "STANDARD",
"SourceIp": "198.51.100.1",
"UserId": "000000000000123AbC",
"Username": "john@example.com",
"attributes":
{
"type": "ReportEvent",
"url": "/services/data/v55.0/sobjects/ReportEvent/000000000000000AAA"
}
},
"schema": "AppOmni"
}
}
A resource was updated.
A resource was updated.
A resource was removed or deleted.
A resource was removed or deleted.
A resource was downloaded.
A resource was downloaded.
{
"channel": "/event/ReportEventStream",
"data":
{
"event":
{
"replayId": ""
},
"payload":
{
"ColumnHeaders": "[CASE_NUMBER, CREATED_DATE, LAST_UPDATE, Case.BusinessUnit__c, Case.ProductMarket__c, Case.Market__c, OWNER, LAST_UPDATE_BY, STATUS, SUBJECT, Case.Brand__c, Case.Code__c]",
"CreatedDate": "2023-03-22T13:18:56.686+0000",
"DashboardId": null,
"DashboardName": null,
"Description": null,
"EvaluationTime": 0.0,
"EventDate": "2023-03-22T13:18:46.826+0000",
"EventIdentifier": "abcdefgh-1234-0000-0000-000000000001",
"EventSource": "Lightning",
"ExecutionIdentifier": "8f831c68-3d87-4518-bb5b-c0550a2284d7",
"ExportFileFormat": null,
"Format": "Tabular",
"IsScheduled": false,
"LoginHistoryId": "000123000abc0004",
"LoginKey": "9870000000012300",
"Name": "Identify cases assigned to inactive user",
"NumberOfColumns": 12,
"Operation": "ReportExported",
"OwnerId": "0054J000004rPTUQA2",
"PolicyId": null,
"PolicyOutcome": null,
"QueriedEntities": "Customer_Account__c",
"Records": "{\"totalSize\":1000,\"done\":false,\"records\":[{\"attributes\":{\"type\":\"Account\"},\"Id\":\"0000G000000000123\",\"Name\":\"Sample Account 1\"},{\"attributes\":{\"type\":\"Account\"},\"Id\":\"0000G000000000124\",\"Name\":\"Sample Account 2\"}]}",
"RelatedEventIdentifier": null,
"ReportId": "987000000abc0004A",
"RowsProcessed": 20680.0,
"Scope": "organization",
"Sequence": 51,
"SessionKey": "9870000000012300",
"SessionLevel": "STANDARD",
"SourceIp": "198.51.100.1",
"UserId": "000000000000123AbC",
"Username": "john@example.com",
"attributes":
{
"type": "ReportEvent",
"url": "/services/data/v55.0/sobjects/ReportEvent/000000000000000AAA"
}
},
"schema": "AppOmni"
}
}
Tracks report-related actions, such as when a user runs or exports a report.
Storage Duration: 6 Months
N/A
Duration: Real-Time
N/A
Events (3)
An account attempted to login to a system.
An account attempted to login to a system.
An account attempted to logout of a system.
An account attempted to logout of a system.
Enter or acknowledge an MFA factor which indicates success or failure.
Enter or acknowledge an MFA factor which indicates success or failure.
Events (18)
Creates a user.
Creates a user.
Reads information about a user.
Reads information about a user.
Updates information about a user.
Updates information about a user.
Removes or deletes a user.
Removes or deletes a user.
Creates a logical group.
Creates a logical group.
Reads a group.
Reads a group.
Updates a group.
Updates a group.
Removes or deletes a group.
Removes or deletes a group.
Adds a service, user or account to a group.
Adds a service, user or account to a group.
Removes a service, user or account from a group.
Removes a service, user or account from a group.
Creates a new role.
Creates a new role.
Reads a role.
Reads a role.
Updates a role.
Updates a role.
Removes or deletes a role.
Removes or deletes a role.
Adds a permission to a resource.
Adds a permission to a resource.
Removes a permission from a resource.
Removes a permission from a resource.
A MFA enrollment was added to an account.
A MFA enrollment was added to an account.
A MFA enrollment was removed from an account.
A MFA enrollment was removed from an account.
Events (8)
Creates a security configuration policy or enables settings.
Creates a security configuration policy or enables settings.
Reads a security configuration policy or settings.
Reads a security configuration policy or settings.
Updates a security configuration policy or settings.
Updates a security configuration policy or settings.
Removes or deletes a security configuration policy or setting.
Removes or deletes a security configuration policy or setting.
Creates a new integration.
Creates a new integration.
Reads an existing integration.
Reads an existing integration.
Updates an existing integration.
Updates an existing integration.
Removes or deletes an existing integration.
Removes or deletes an existing integration.
Events (5)
A resource was created.
A resource was created.
{
"channel": "/event/UriEventStream",
"data":
{
"event":
{
"replayId": ""
},
"payload":
{
"CreatedDate": "2023-03-21T22:18:04.147+0000",
"EventDate": "2023-03-21T22:17:55.090+0000",
"EventIdentifier": "abcdefgh-1234-0000-0000-000000000001",
"LoginKey": "9870000000012300",
"Message": null,
"Name": null,
"Operation": "Create",
"OperationStatus": "Success",
"QueriedEntities": "Customer_Account__c",
"RecordId": "000000000000123AbC",
"RelatedEventIdentifier": "abcdefgh-1234-0000-0000-000000000001",
"SessionKey": "9870000000012300",
"SessionLevel": "HIGH_ASSURANCE",
"SourceIp": "198.51.100.1",
"UserId": "000000000000123AbC",
"UserType": "Standard",
"Username": "john@example.com",
"attributes":
{
"type": "UriEvent",
"url": "/services/data/v55.0/sobjects/UriEvent/000000000000000AAA"
}
},
"schema": "AppOmni"
}
}
A resource was read.
A resource was read.
{
"channel": "/event/UriEventStream",
"data":
{
"event":
{
"replayId": ""
},
"payload":
{
"CreatedDate": "2023-03-21T21:59:46.600+0000",
"EventDate": "2023-03-21T21:59:44.159+0000",
"EventIdentifier": "abcdefgh-1234-0000-0000-000000000001",
"LoginKey": "9870000000012300",
"Message": null,
"Name": "2023 Customer Account Name",
"Operation": "Read",
"OperationStatus": "Success",
"QueriedEntities": "Customer_Account__c",
"RecordId": "000000000000123AbC",
"RelatedEventIdentifier": null,
"SessionKey": "9870000000012300",
"SessionLevel": "HIGH_ASSURANCE",
"SourceIp": "198.51.100.1",
"UserId": "000000000000123AbC",
"UserType": "Standard",
"Username": "john@example.com",
"attributes":
{
"type": "UriEvent",
"url": "/services/data/v55.0/sobjects/UriEvent/000000000000000AAA"
}
},
"schema": "AppOmni"
}
}
A resource was updated.
A resource was updated.
{
"channel": "/event/UriEventStream",
"data":
{
"event":
{
"replayId": ""
},
"payload":
{
"CreatedDate": "2023-03-21T22:51:46.037+0000",
"EventDate": "2023-03-21T22:51:43.042+0000",
"EventIdentifier": "abcdefgh-1234-0000-0000-000000000001",
"LoginKey": "9870000000012300",
"Message": null,
"Name": "Customer Account Name",
"Operation": "Update",
"OperationStatus": "Initiated",
"QueriedEntities": "Customer_Account__c",
"RecordId": "000000000000123AbC",
"RelatedEventIdentifier": null,
"SessionKey": "9870000000012300",
"SessionLevel": "HIGH_ASSURANCE",
"SourceIp": "198.51.100.1",
"UserId": "000000000000123AbC",
"UserType": "Standard",
"Username": "john@example.com",
"attributes":
{
"type": "UriEvent",
"url": "/services/data/v55.0/sobjects/UriEvent/000000000000000AAA"
}
},
"schema": "AppOmni"
}
}
A resource was removed or deleted.
A resource was removed or deleted.
{
"channel": "/event/UriEventStream",
"data":
{
"event":
{
"replayId": ""
},
"payload":
{
"CreatedDate": "2023-03-21T16:48:59.154+0000",
"EventDate": "2023-03-21T16:48:57.548+0000",
"EventIdentifier": "abcdefgh-1234-0000-0000-000000000001",
"LoginKey": "9870000000012300",
"Message": null,
"Name": "AppName-92601",
"Operation": "Delete",
"OperationStatus": "Initiated",
"QueriedEntities": "Customer_Account__c",
"RecordId": "000000000000123AbC",
"RelatedEventIdentifier": null,
"SessionKey": "9870000000012300",
"SessionLevel": "STANDARD",
"SourceIp": "198.51.100.1",
"UserId": "000000000000123AbC",
"UserType": "Standard",
"Username": "john@example.com",
"attributes":
{
"type": "UriEvent",
"url": "/services/data/v55.0/sobjects/UriEvent/000000000000000AAA"
}
},
"schema": "AppOmni"
}
}
A resource was downloaded.
A resource was downloaded.
Detects when a user creates, accesses, updates, or deletes a record in Salesforce Classic only.
Storage Duration: 6 Months
N/A
Duration: Real-Time
N/A
Events (3)
An account attempted to login to a system.
An account attempted to login to a system.
An account attempted to logout of a system.
An account attempted to logout of a system.
Enter or acknowledge an MFA factor which indicates success or failure.
Enter or acknowledge an MFA factor which indicates success or failure.
Events (18)
Creates a user.
Creates a user.
{
"action": "createduser",
"delegate_user": null,
"display": "Created new user Bob Example",
"record_id": "000000000000123AbC",
"section": "Manage Users",
"sfdc_created_by_id": "000000000000123AbC",
"sfdc_created_by_name": "John Doe",
"sfdc_created_by_username": "john@example.com",
"sfdc_created_date": "2023-03-09T16:51:17+00:00"
}
Reads information about a user.
Reads information about a user.
Updates information about a user.
Updates information about a user.
{
"action": "changedemail",
"delegate_user": null,
"display": "Changed email for user Sally Example (UserID: [00500000000000A]) from john@example.com to alice@example.com",
"record_id": "000000000000123AbC",
"section": "Manage Users",
"sfdc_created_by_id": "000000000000123AbC",
"sfdc_created_by_name": "John Doe",
"sfdc_created_by_username": "bob@example.com",
"sfdc_created_date": "2023-03-09T17:41:59+00:00"
}
Removes or deletes a user.
Removes or deletes a user.
Creates a logical group.
Creates a logical group.
{
"action": "createdgroup",
"delegate_user": null,
"display": "Created Public Group Finance",
"record_id": "000000000000123AbC",
"section": "Groups",
"sfdc_created_by_id": "000000000000123AbC",
"sfdc_created_by_name": "John Doe",
"sfdc_created_by_username": "john@example.com",
"sfdc_created_date": "2023-03-09T18:14:43+00:00"
}
Reads a group.
Reads a group.
Updates a group.
Updates a group.
{
"action": "updatedgroup",
"delegate_user": "john@example.com",
"display": "Updated Public Group API Group: Changed DoesIncludeBosses from 1 to 0",
"record_id": "000000000000123AbC",
"section": "Groups",
"sfdc_created_by_id": "000000000000123AbC",
"sfdc_created_by_name": "John Doe",
"sfdc_created_by_username": "alice@example.com",
"sfdc_created_date": "2023-03-07T13:18:30+00:00"
}
Removes or deletes a group.
Removes or deletes a group.
{
"action": "deletedgroup",
"delegate_user": null,
"display": "Deleted Public Group Human_Resources",
"record_id": "000000000000123AbC",
"section": "Groups",
"sfdc_created_by_id": "000000000000123AbC",
"sfdc_created_by_name": "John Doe",
"sfdc_created_by_username": "john@example.com",
"sfdc_created_date": "2023-03-09T18:17:00+00:00"
}
Adds a service, user or account to a group.
Adds a service, user or account to a group.
{
"action": "groupMembership",
"delegate_user": null,
"display": "Changed membership of Group All Company Internal Users ",
"record_id": "000000000000123AbC",
"section": "Groups",
"sfdc_created_by_id": "000000000000123AbC",
"sfdc_created_by_name": "John Doe",
"sfdc_created_by_username": "john@example.com",
"sfdc_created_date": "2023-03-09T19:15:35+00:00"
}
Removes a service, user or account from a group.
Removes a service, user or account from a group.
{
"action": "groupMembership",
"delegate_user": null,
"display": "Changed membership of Group All Company Internal Users ",
"record_id": "000000000000123AbC",
"section": "Groups",
"sfdc_created_by_id": "000000000000123AbC",
"sfdc_created_by_name": "John Doe",
"sfdc_created_by_username": "john@example.com",
"sfdc_created_date": "2023-03-09T19:15:35+00:00"
}
Creates a new role.
Creates a new role.
{
"action": "profileClonedStandard",
"delegate_user": null,
"display": "Created profile cloned_system_admin: Cloned from profile System Administrator",
"record_id": "000000000000123AbC",
"section": "Manage Users",
"sfdc_created_by_id": "000000000000123AbC",
"sfdc_created_by_name": "John Doe",
"sfdc_created_by_username": "john@example.com",
"sfdc_created_date": "2023-03-09T21:16:28+00:00"
}
Reads a role.
Reads a role.
Updates a role.
Updates a role.
{
"action": "SetupEntityAccessAudit_Profile_ConnectedApplication_EnabledStandard",
"delegate_user": null,
"display": "Changed profile System Administrator: SEAM connected app is enabled",
"record_id": "000000000000123AbC",
"section": "Manage Users",
"sfdc_created_by_id": "000000000000123AbC",
"sfdc_created_by_name": "John Doe",
"sfdc_created_by_username": "john@example.com",
"sfdc_created_date": "2023-03-09T18:56:52+00:00"
}
Removes or deletes a role.
Removes or deletes a role.
Adds a permission to a resource.
Adds a permission to a resource.
{
"action": "PermSetEnableUserPerm",
"delegate_user": null,
"display": "Changed permission set App_Service_User: View All Users permission was changed from disabled to enabled",
"record_id": "000000000000123AbC",
"section": "Manage Users",
"sfdc_created_by_id": "000000000000123AbC",
"sfdc_created_by_name": "John Doe",
"sfdc_created_by_username": "bob@example.com",
"sfdc_created_date": "2023-03-08T18:43:00+00:00"
}
Removes a permission from a resource.
Removes a permission from a resource.
{
"action": "PermSetDisableUserPerm",
"delegate_user": null,
"display": "Changed permission set Management: View All Data permission was changed from enabled to disabled",
"record_id": "000000000000123AbC",
"section": "Manage Users",
"sfdc_created_by_id": "000000000000123AbC",
"sfdc_created_by_name": "John Doe",
"sfdc_created_by_username": "alice@example.com",
"sfdc_created_date": "2023-03-09T08:59:49+00:00"
}
A MFA enrollment was added to an account.
A MFA enrollment was added to an account.
{
"action": "insertAuthenticatorPairing",
"delegate_user": null,
"display": "Salesforce Authenticator pairing \"Salesforce Authenticator Pairing\" added for john@example.com",
"record_id": "000000000000123AbC",
"section": "Manage Users",
"sfdc_created_by_id": "000000000000123AbC",
"sfdc_created_by_name": "John Doe",
"sfdc_created_by_username": "john@example.com",
"sfdc_created_date": "2023-03-10T14:04:29+00:00"
}
A MFA enrollment was removed from an account.
A MFA enrollment was removed from an account.
{
"action": "deleteTwoFactorInfo2",
"delegate_user": null,
"display": "Time-Based Token removed for john@example.com",
"record_id": "000000000000123AbC",
"section": "Manage Users",
"sfdc_created_by_id": "000000000000123AbC",
"sfdc_created_by_name": "John Doe",
"sfdc_created_by_username": "john@example.com",
"sfdc_created_date": "2023-03-10T13:35:40+00:00"
}
Events (8)
Creates a security configuration policy or enables settings.
Creates a security configuration policy or enables settings.
{
"action": "tenantSecretCreated",
"delegate_user": null,
"display": "Generated tenant secret: Key version 1",
"record_id": "000000000000123AbC",
"section": "Platform Encryption",
"sfdc_created_by_id": "000000000000123AbC",
"sfdc_created_by_name": "John Doe",
"sfdc_created_by_username": "john@example.com",
"sfdc_created_date": "2023-03-15T07:14:10+00:00"
}
Reads a security configuration policy or settings.
Reads a security configuration policy or settings.
Updates a security configuration policy or settings.
Updates a security configuration policy or settings.
{
"action": "passwordexpiry",
"delegate_user": null,
"display": "Changed password expiry policy from 90 days to 180 days",
"record_id": "000000000000123AbC",
"section": "Password Policies",
"sfdc_created_by_id": "000000000000123AbC",
"sfdc_created_by_name": "John Doe",
"sfdc_created_by_username": "john@example.com",
"sfdc_created_date": "2023-03-15T13:11:50+00:00"
}
Removes or deletes a security configuration policy or setting.
Removes or deletes a security configuration policy or setting.
{
"action": "deletedLoginIpRange_withProfile",
"delegate_user": null,
"display": "Deleted Login Ip Range to Read-Only HR User from 198.51.100.1 to 198.51.100.2",
"record_id": "000000000000123AbC",
"section": null,
"sfdc_created_by_id": "000000000000123AbC",
"sfdc_created_by_name": "John Doe",
"sfdc_created_by_username": "john@example.com",
"sfdc_created_date": "2023-03-15T09:50:12+00:00"
}
Creates a new integration.
Creates a new integration.
{
"action": "installedpackagingapp",
"delegate_user": null,
"display": "Installed AppExchange package: AppName",
"record_id": "000000000000123AbC",
"section": "Custom Apps",
"sfdc_created_by_id": "000000000000123AbC",
"sfdc_created_by_name": "John Doe",
"sfdc_created_by_username": "john@example.com",
"sfdc_created_date": "2023-03-15T03:55:58+00:00"
}
Reads an existing integration.
Reads an existing integration.
Updates an existing integration.
Updates an existing integration.
{
"action": "upgradedpackagingapp",
"delegate_user": null,
"display": "Upgraded AppExchange package: Vendor_App",
"record_id": "000000000000123AbC",
"section": "Custom Apps",
"sfdc_created_by_id": "000000000000123AbC",
"sfdc_created_by_name": "John Doe",
"sfdc_created_by_username": "john@example.com",
"sfdc_created_date": "2023-03-15T13:17:28+00:00"
}
Removes or deletes an existing integration.
Removes or deletes an existing integration.
{
"action": "uninstalledpackagingapp",
"delegate_user": null,
"display": "Uninstalled AppExchange package: Sales_App_Name",
"record_id": "000000000000123AbC",
"section": "Custom Apps",
"sfdc_created_by_id": "000000000000123AbC",
"sfdc_created_by_name": "John Doe",
"sfdc_created_by_username": "john@example.com",
"sfdc_created_date": "2023-03-14T14:50:28+00:00"
}
Events (5)
A resource was created.
A resource was created.
A resource was read.
A resource was read.
A resource was updated.
A resource was updated.
A resource was removed or deleted.
A resource was removed or deleted.
A resource was downloaded.
A resource was downloaded.
The SetupAuditTrail object provides an audit trail of changes to user profiles, permission sets, security settings, custom objects, and other settings.
Storage Duration: 180 Days
N/A
Duration: Real-Time
N/A
Salesforce is a cloud-based customer relationship management (CRM) platform. It is designed to help organizations manage their customer relationships, sales processes, marketing activities, and more. Salesforce audit logs are collected via objects, namely the SetupAuditTrail object, EventLogFile object, or Real-Time Event Monitoring objects. These objects are accessible via the Salesforce API. Salesforce supports a wide range of APIs, however with regards to audit logs, the primary APIs include the REST API, SOAP API, or Streaming API.
A REST interface that can be used to access Salesforce data without using the Salesforce user interface
An interface that can be used to access Salesforce data using the SOAP protocol
An API that provides a subscription mechanism for receiving events in near real-time
Events (3)
An account attempted to login to a system.
An account attempted to login to a system.
An account attempted to logout of a system.
An account attempted to logout of a system.
Enter or acknowledge an MFA factor which indicates success or failure.
Enter or acknowledge an MFA factor which indicates success or failure.
Events (18)
Creates a user.
Creates a user.
Reads information about a user.
Reads information about a user.
Updates information about a user.
Updates information about a user.
Removes or deletes a user.
Removes or deletes a user.
Creates a logical group.
Creates a logical group.
Reads a group.
Reads a group.
Updates a group.
Updates a group.
Removes or deletes a group.
Removes or deletes a group.
Adds a service, user or account to a group.
Adds a service, user or account to a group.
Removes a service, user or account from a group.
Removes a service, user or account from a group.
Creates a new role.
Creates a new role.
Reads a role.
Reads a role.
Updates a role.
Updates a role.
Removes or deletes a role.
Removes or deletes a role.
Adds a permission to a resource.
Adds a permission to a resource.
Removes a permission from a resource.
Removes a permission from a resource.
A MFA enrollment was added to an account.
A MFA enrollment was added to an account.
A MFA enrollment was removed from an account.
A MFA enrollment was removed from an account.
Events (8)
Creates a security configuration policy or enables settings.
Creates a security configuration policy or enables settings.
Reads a security configuration policy or settings.
Reads a security configuration policy or settings.
Updates a security configuration policy or settings.
Updates a security configuration policy or settings.
Removes or deletes a security configuration policy or setting.
Removes or deletes a security configuration policy or setting.
Creates a new integration.
Creates a new integration.
Reads an existing integration.
Reads an existing integration.
Updates an existing integration.
Updates an existing integration.
Removes or deletes an existing integration.
Removes or deletes an existing integration.
Events (5)
A resource was created.
A resource was created.
A resource was read.
A resource was read.
A resource was updated.
A resource was updated.
{
"documentkey": "34abc1234abc1234abc1234abc1234ab",
"fieldname": "u_date_last_risk_updated",
"newvalue": "2024-04-22 13:45:41",
"oldvalue": "2024-04-22 13:04:27",
"reason": null,
"sys_created_by": "system",
"sys_created_on": "2024-04-22 13:45:41",
"sys_id": "abc1234abc1234abc1234abc1234abc1",
"tablename": "demo_table",
"user": "system"
}
A resource was removed or deleted.
A resource was removed or deleted.
{
"documentkey": "34abc1234abc1234abc1234abc1234ab",
"fieldname": "DELETED",
"newvalue": "DELETED",
"oldvalue": "DELETED",
"reason": null,
"sys_created_by": "system",
"sys_created_on": "2024-04-22 14:21:25",
"sys_id": "abc1234abc1234abc1234abc1234abc1",
"tablename": "demo_table",
"user": "system"
}
A resource was downloaded.
A resource was downloaded.
ServiceNow audit events track changes to records in audited tables.
Storage Duration: Infinite
Can be changed by an instance admin.
Duration: Near Real-Time
Can be changed by an instance admin.
Events (3)
An account attempted to login to a system.
An account attempted to login to a system.
An account attempted to logout of a system.
An account attempted to logout of a system.
Enter or acknowledge an MFA factor which indicates success or failure.
Enter or acknowledge an MFA factor which indicates success or failure.
Events (18)
Creates a user.
Creates a user.
Reads information about a user.
Reads information about a user.
Updates information about a user.
Updates information about a user.
Removes or deletes a user.
Removes or deletes a user.
Creates a logical group.
Creates a logical group.
Reads a group.
Reads a group.
Updates a group.
Updates a group.
Removes or deletes a group.
Removes or deletes a group.
Adds a service, user or account to a group.
Adds a service, user or account to a group.
Removes a service, user or account from a group.
Removes a service, user or account from a group.
Creates a new role.
Creates a new role.
Reads a role.
Reads a role.
Updates a role.
Updates a role.
Removes or deletes a role.
Removes or deletes a role.
Adds a permission to a resource.
Adds a permission to a resource.
Removes a permission from a resource.
Removes a permission from a resource.
A MFA enrollment was added to an account.
A MFA enrollment was added to an account.
A MFA enrollment was removed from an account.
A MFA enrollment was removed from an account.
Events (8)
Creates a security configuration policy or enables settings.
Creates a security configuration policy or enables settings.
Reads a security configuration policy or settings.
Reads a security configuration policy or settings.
Updates a security configuration policy or settings.
Updates a security configuration policy or settings.
Removes or deletes a security configuration policy or setting.
Removes or deletes a security configuration policy or setting.
Creates a new integration.
Creates a new integration.
Reads an existing integration.
Reads an existing integration.
Updates an existing integration.
Updates an existing integration.
Removes or deletes an existing integration.
Removes or deletes an existing integration.
Events (5)
A resource was created.
A resource was created.
A resource was read.
A resource was read.
A resource was updated.
A resource was updated.
A resource was removed or deleted.
A resource was removed or deleted.
A resource was downloaded.
A resource was downloaded.
{
"classification": null,
"event": "34abc1234abc1234abc1234abc1234ab",
"records": "28",
"size": "7019",
"sys_class_name": "isc_export_event",
"sys_created_on": "2024-04-16 17:06:11",
"sys_id": "abc1234abc1234abc1234abc1234abc1",
"table": "task",
"user": "234abc1234abc1234abc1234abc1234a",
"user_name": "admin"
}
ServiceNow Instance Security Center export events track UI exports of record data.
Storage Duration: Infinite
Can be changed by an instance admin.
Duration: Near Real-Time
Can be changed by an instance admin.
Events (3)
An account attempted to login to a system.
An account attempted to login to a system.
An account attempted to logout of a system.
An account attempted to logout of a system.
Enter or acknowledge an MFA factor which indicates success or failure.
Enter or acknowledge an MFA factor which indicates success or failure.
Events (18)
Creates a user.
Creates a user.
Reads information about a user.
Reads information about a user.
Updates information about a user.
Updates information about a user.
Removes or deletes a user.
Removes or deletes a user.
Creates a logical group.
Creates a logical group.
Reads a group.
Reads a group.
Updates a group.
Updates a group.
Removes or deletes a group.
Removes or deletes a group.
Adds a service, user or account to a group.
Adds a service, user or account to a group.
Removes a service, user or account from a group.
Removes a service, user or account from a group.
Creates a new role.
Creates a new role.
Reads a role.
Reads a role.
Updates a role.
Updates a role.
Removes or deletes a role.
Removes or deletes a role.
Adds a permission to a resource.
Adds a permission to a resource.
{
"changed_by": "c706140d1b6379909f22e2eb234bcbed",
"changed_by.name": null,
"granted_by_group": "befe683c13fe07001e9ef107d144b022",
"granted_by_group.name": null,
"operation": "Added",
"role": "12e63637b7cb001004aae3fdde11a9bd",
"role.name": null,
"sys_created_on": "2024-04-19 18:30:54",
"sys_id": "abc1234abc1234abc1234abc1234abc1",
"user": "234abc1234abc1234abc1234abc1234a",
"user.name": null
}
Removes a permission from a resource.
Removes a permission from a resource.
{
"changed_by": "9afadc375b33120088236ede91f91a5b",
"changed_by.name": null,
"granted_by_group": null,
"granted_by_group.name": null,
"operation": "Removed",
"role": "417b3f710b03120025666f3ef6673a98",
"role.name": null,
"sys_created_on": "2024-04-17 17:54:47",
"sys_id": "abc1234abc1234abc1234abc1234abc1",
"user": "234abc1234abc1234abc1234abc1234a",
"user.name": null
}
A MFA enrollment was added to an account.
A MFA enrollment was added to an account.
A MFA enrollment was removed from an account.
A MFA enrollment was removed from an account.
Events (8)
Creates a security configuration policy or enables settings.
Creates a security configuration policy or enables settings.
Reads a security configuration policy or settings.
Reads a security configuration policy or settings.
Updates a security configuration policy or settings.
Updates a security configuration policy or settings.
Removes or deletes a security configuration policy or setting.
Removes or deletes a security configuration policy or setting.
Creates a new integration.
Creates a new integration.
Reads an existing integration.
Reads an existing integration.
Updates an existing integration.
Updates an existing integration.
Removes or deletes an existing integration.
Removes or deletes an existing integration.
Events (5)
A resource was created.
A resource was created.
A resource was read.
A resource was read.
A resource was updated.
A resource was updated.
A resource was removed or deleted.
A resource was removed or deleted.
A resource was downloaded.
A resource was downloaded.
The ServiceNow role audit table contains user role assignments.
Storage Duration: Infinite
Can be changed by an instance admin.
Duration: Near Real-Time
Can be changed by an instance admin.
Events (3)
An account attempted to login to a system.
An account attempted to login to a system.
{
"instance": "1234abc1234abc1234abc1234abc1234",
"name": "login",
"parm1": "admin",
"parm2": "198.51.100.1",
"sys_created_by": "admin",
"sys_created_on": "2024-04-15 15:20:07",
"sys_id": "abc1234abc1234abc1234abc1234abc1",
"sys_updated_by": "system",
"sys_updated_on": "2024-04-15 15:20:17",
"table": "",
"user_id": "34abc1234abc1234abc1234abc1234ab",
"user_name": "admin"
}
An account attempted to logout of a system.
An account attempted to logout of a system.
{
"instance": "1234abc1234abc1234abc1234abc1234",
"name": "logout",
"parm1": "admin",
"parm2": "198.51.100.1",
"sys_created_by": "guest",
"sys_created_on": "2024-04-15 16:01:53",
"sys_id": "abc1234abc1234abc1234abc1234abc1",
"sys_updated_by": "system",
"sys_updated_on": "2024-04-15 16:02:04",
"table": "",
"user_id": "34abc1234abc1234abc1234abc1234ab",
"user_name": "guest"
}
Enter or acknowledge an MFA factor which indicates success or failure.
Enter or acknowledge an MFA factor which indicates success or failure.
Events (18)
Creates a user.
Creates a user.
{
"instance": null,
"name": "sys_user.insert",
"parm1": "5d7e55b69721021096f8ba6de053aff1",
"parm2": null,
"sys_created_by": "admin",
"sys_created_on": "2024-04-17 13:58:12",
"sys_id": "abc1234abc1234abc1234abc1234abc1",
"sys_updated_by": "system",
"sys_updated_on": "2024-04-17 13:58:23",
"table": "",
"user_id": "34abc1234abc1234abc1234abc1234ab",
"user_name": "admin"
}
Reads information about a user.
Reads information about a user.
{
"instance": "1234abc1234abc1234abc1234abc1234",
"name": "user.view",
"parm1": null,
"parm2": null,
"sys_created_by": "admin",
"sys_created_on": "2024-04-15 15:52:58",
"sys_id": "abc1234abc1234abc1234abc1234abc1",
"sys_updated_by": "system",
"sys_updated_on": "2024-04-15 15:53:01",
"table": "sys_properties",
"user_id": "34abc1234abc1234abc1234abc1234ab",
"user_name": "admin"
}
Updates information about a user.
Updates information about a user.
Removes or deletes a user.
Removes or deletes a user.
{
"instance": null,
"name": "sys_user.delete",
"parm1": "71826bf03710200044e0bfc8bcbe5d3b",
"parm2": null,
"sys_created_by": "admin",
"sys_created_on": "2024-04-17 13:57:47",
"sys_id": "abc1234abc1234abc1234abc1234abc1",
"sys_updated_by": "system",
"sys_updated_on": "2024-04-17 13:57:51",
"table": "",
"user_id": "34abc1234abc1234abc1234abc1234ab",
"user_name": "admin"
}
Creates a logical group.
Creates a logical group.
Reads a group.
Reads a group.
Updates a group.
Updates a group.
{
"instance": null,
"name": "cmdb.group.modified",
"parm1": "32f097e7934d4a109a3afea47aba10a5",
"parm2": "update",
"sys_created_by": "admin",
"sys_created_on": "2024-03-26 09:50:23",
"sys_id": "abc1234abc1234abc1234abc1234abc1",
"sys_updated_by": "system",
"sys_updated_on": "2024-03-26 09:50:53",
"table": "",
"user_id": "34abc1234abc1234abc1234abc1234ab",
"user_name": "admin"
}
Removes or deletes a group.
Removes or deletes a group.
{
"instance": null,
"name": "cmdb.group.modified",
"parm1": "32f097e7934d4a109a3afea47aba10a5",
"parm2": "update",
"sys_created_by": "admin",
"sys_created_on": "2024-03-26 09:50:23",
"sys_id": "abc1234abc1234abc1234abc1234abc1",
"sys_updated_by": "system",
"sys_updated_on": "2024-03-26 09:50:53",
"table": "",
"user_id": "34abc1234abc1234abc1234abc1234ab",
"user_name": "admin"
}
Adds a service, user or account to a group.
Adds a service, user or account to a group.
{
"instance": null,
"name": "sn_change_cab.group_member.added",
"parm1": "5408091a3b100300e81d47b334efc452",
"parm2": "d5fe9df69721021096f8ba6de053af69",
"sys_created_by": "admin",
"sys_created_on": "2024-04-17 14:01:27",
"sys_id": "abc1234abc1234abc1234abc1234abc1",
"sys_updated_by": "system",
"sys_updated_on": "2024-04-17 14:01:32",
"table": "",
"user_id": "34abc1234abc1234abc1234abc1234ab",
"user_name": "admin"
}
Removes a service, user or account from a group.
Removes a service, user or account from a group.
{
"instance": null,
"name": "sn_change_cab.group_member.removed",
"parm1": "5408091a3b100300e81d47b334efc452",
"parm2": "d5fe9df69721021096f8ba6de053af69",
"sys_created_by": "admin",
"sys_created_on": "2024-04-17 14:02:06",
"sys_id": "abc1234abc1234abc1234abc1234abc1",
"sys_updated_by": "system",
"sys_updated_on": "2024-04-17 14:02:14",
"table": "",
"user_id": "34abc1234abc1234abc1234abc1234ab",
"user_name": "admin"
}
Creates a new role.
Creates a new role.
Reads a role.
Reads a role.
Updates a role.
Updates a role.
{
"instance": null,
"name": "security.elevated_role.enabled",
"parm1": "A509500",
"parm2": "security_admin",
"sys_created_by": "A509500",
"sys_created_on": "2024-04-13 05:14:33",
"sys_id": "abc1234abc1234abc1234abc1234abc1",
"sys_updated_by": "system",
"sys_updated_on": "2024-04-13 05:14:46",
"table": "",
"user_id": "34abc1234abc1234abc1234abc1234ab",
"user_name": "A509500"
}
Removes or deletes a role.
Removes or deletes a role.
Adds a permission to a resource.
Adds a permission to a resource.
Removes a permission from a resource.
Removes a permission from a resource.
A MFA enrollment was added to an account.
A MFA enrollment was added to an account.
A MFA enrollment was removed from an account.
A MFA enrollment was removed from an account.
Events (8)
Creates a security configuration policy or enables settings.
Creates a security configuration policy or enables settings.
Reads a security configuration policy or settings.
Reads a security configuration policy or settings.
Updates a security configuration policy or settings.
Updates a security configuration policy or settings.
Removes or deletes a security configuration policy or setting.
Removes or deletes a security configuration policy or setting.
Creates a new integration.
Creates a new integration.
Reads an existing integration.
Reads an existing integration.
Updates an existing integration.
Updates an existing integration.
Removes or deletes an existing integration.
Removes or deletes an existing integration.
Events (5)
A resource was created.
A resource was created.
{
"instance": "1234abc1234abc1234abc1234abc1234",
"name": "sn_itsm_va.incident.comments.added",
"parm1": "INC012029997",
"parm2": "0123401234",
"sys_created_by": "0123401234",
"sys_created_on": "2024-04-22 15:33:41",
"sys_id": "abc1234abc1234abc1234abc1234abc1",
"sys_updated_by": "system",
"sys_updated_on": "2024-04-22 15:33:47",
"table": "incident",
"user_id": "34abc1234abc1234abc1234abc1234ab",
"user_name": "0123401234"
}
A resource was read.
A resource was read.
{
"instance": "1234abc1234abc1234abc1234abc1234",
"name": "report.view",
"parm1": "682",
"parm2": "9de87927dbdd32041436feb5ae961917",
"sys_created_by": "0123401234",
"sys_created_on": "2024-04-16 17:34:21",
"sys_id": "abc1234abc1234abc1234abc1234abc1",
"sys_updated_by": "system",
"sys_updated_on": "2024-04-16 17:34:22",
"table": "sys_report",
"user_id": "34abc1234abc1234abc1234abc1234ab",
"user_name": "0123401234"
}
A resource was updated.
A resource was updated.
{
"instance": "1234abc1234abc1234abc1234abc1234",
"name": "live_feed.update",
"parm1": "[work_notes, business_duration, calendar_duration]",
"parm2": "9",
"sys_created_by": "servicenow_sync",
"sys_created_on": "2024-04-16 14:03:45",
"sys_id": "abc1234abc1234abc1234abc1234abc1",
"sys_updated_by": "system",
"sys_updated_on": "2024-04-16 14:03:50",
"table": "incident",
"user_id": "34abc1234abc1234abc1234abc1234ab",
"user_name": "servicenow_sync"
}
A resource was removed or deleted.
A resource was removed or deleted.
{
"instance": "1234abc1234abc1234abc1234abc1234",
"name": "attachment.deleted",
"parm1": "sys_attachment",
"parm2": "93125c9a87254ad0aeb2dc273cbb35ea",
"sys_created_by": "012340123",
"sys_created_on": "2024-04-19 16:54:11",
"sys_id": "abc1234abc1234abc1234abc1234abc1",
"sys_updated_by": "system",
"sys_updated_on": "2024-04-19 16:54:20",
"table": "",
"user_id": "34abc1234abc1234abc1234abc1234ab",
"user_name": "012340123"
}
A resource was downloaded.
A resource was downloaded.
{
"instance": null,
"name": "snc.subscription.download.completed",
"parm1": null,
"parm2": null,
"sys_created_by": "system",
"sys_created_on": "2024-04-21 07:09:16",
"sys_id": "abc1234abc1234abc1234abc1234abc1",
"sys_updated_by": "system",
"sys_updated_on": "2024-04-21 07:09:31",
"table": "",
"user_id": "system",
"user_name": "system"
}
ServiceNow system events are generated by pre-defined scripted triggers when users perform actions in the system.
Storage Duration: Infinite
Can be changed by an instance admin.
Duration: Near Real-Time
Can be changed by an instance admin.
ServiceNow is a cloud-based platform that provides IT service management (ITSM) software solutions. It offers a range of services including incident management, problem management, change management, and asset management.
ServiceNow audit events track changes to records in audited tables.
The ServiceNow role audit table contains user role assignments.
ServiceNow system events are generated by pre-defined scripted triggers when users perform actions in the system.
ServiceNow Instance Security Center export events track UI exports of record data.
Events (3)
An account attempted to login to a system.
An account attempted to login to a system.
{
"action": "user_login",
"actor":
{
"type": "user",
"user":
{
"email": "alice@example.com",
"id": "U0123456ABC",
"name": "Alice Brown",
"team": "01CDEFGHI"
}
},
"context":
{
"ip_address": "198.51.100.2",
"location":
{
"domain": "acme",
"id": "ETFABCDEF",
"name": "Acme",
"type": "workspace"
},
"session_id": 5267511593910,
"ua": "Mozilla/5.0 (Macintosh; Intel Mac OS X 13_5_0) AppleWebKit/537.36 (KHTML, like Gecko) Slack/4.33.84 Chrome/114.0.5735.134 Electron/25.2.0 Safari/537.36 AppleSilicon Sonic Slack_SSB/4.33.84"
},
"date_create": 1692033908,
"details": null,
"entity":
{
"type": "user",
"user":
{
"email": "alice@example.com",
"id": "U0123456ABC",
"name": "Alice Brown",
"team": "01CDEFGHI"
}
},
"id": "44a8993d-0000-abcd-1e2f-9e7accba9876"
}
{
"action": "user_login_failed",
"actor":
{
"type": "user",
"user":
{
"email": "john@example.com",
"id": "U0123456ABC",
"name": "John Doe",
"team": "01CDEFGHI"
}
},
"context":
{
"ip_address": "198.51.100.1",
"location":
{
"domain": "acme",
"id": "ETFABCDEF",
"name": "Acme",
"type": "enterprise"
},
"session_id": null,
"ua": "Mozilla/5.0 (X11; CrOS x86_64 14541.0.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36"
},
"date_create": 1692033735,
"details": null,
"entity":
{
"type": "user",
"user":
{
"email": "john@example.com",
"id": "U0123456ABC",
"name": "John Doe",
"team": "01CDEFGHI"
}
},
"id": "44a8993d-0000-abcd-1e2f-9e7accba9876"
}
An account attempted to logout of a system.
An account attempted to logout of a system.
{
"action": "user_logout",
"actor":
{
"type": "user",
"user":
{
"email": "bob@example.com",
"id": "U0123456ABC",
"name": "Bob Smith",
"team": "01CDEFGHI"
}
},
"context":
{
"ip_address": "198.51.100.3",
"location":
{
"domain": "acme",
"id": "ETFABCDEF",
"name": "Acme",
"type": "workspace"
},
"session_id": null,
"ua": "Mozilla/5.0 (iPhone; CPU iPhone OS 16_6 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.6 Mobile/15E148 Safari/604.1"
},
"date_create": 1692033072,
"details": null,
"entity":
{
"type": "user",
"user":
{
"email": "bob@example.com",
"id": "U0123456ABC",
"name": "Bob Smith",
"team": "01CDEFGHI"
}
},
"id": "44a8993d-0000-abcd-1e2f-9e7accba9876"
}
Enter or acknowledge an MFA factor which indicates success or failure.
Enter or acknowledge an MFA factor which indicates success or failure.
Events (18)
Creates a user.
Creates a user.
{
"action": "user_created",
"actor":
{
"type": "user",
"user":
{
"email": "jane@example.com",
"id": "U1A1AABCD",
"name": "Jane Miller",
"team": "T00111AA2"
}
},
"context":
{
"ip_address": "198.51.100.5",
"location":
{
"domain": "acme",
"id": "T00111AA2",
"name": "Acme",
"type": "workspace"
},
"session_id": 5750000001234,
"ua": "Mozilla/5.0 (Macintosh; Intel Mac OS X 13_5_0) AppleWebKit/537.36 (KHTML, like Gecko) Slack/4.33.84 Chrome/114.0.5735.134 Electron/25.2.0 Safari/537.36 AppleSilicon Sonic Slack_SSB/4.33.84"
},
"date_create": 1691752039,
"details": null,
"entity":
{
"type": "user",
"user":
{
"email": "bob@example.com",
"id": "U01AA2B2CAA",
"name": "Bob Smith",
"team": "T00111AA2"
}
},
"id": "18ab534a-0000-4100-a123-aa12bb32ff35"
}
{
"action": "guest_created",
"actor":
{
"type": "user",
"user":
{
"email": "jane@example.com",
"id": "U1A1AABCD",
"name": "Jane Miller",
"team": "T02511RD4"
}
},
"context":
{
"ip_address": "198.51.100.5",
"location":
{
"domain": "acme",
"id": "T00111AA2",
"name": "Acme",
"type": "workspace"
},
"session_id": 5750000001234,
"ua": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36"
},
"date_create": 1691777609,
"details": null,
"entity":
{
"type": "user",
"user":
{
"email": "alice@ext.example.com",
"id": "U01AA2B1CAA",
"name": "Alice Brown",
"team": "T00111AA2"
}
},
"id": "18ab534a-0000-4100-a123-aa12bb32ff35"
}
Reads information about a user.
Reads information about a user.
Updates information about a user.
Updates information about a user.
{
"action": "user_profile_updated",
"actor":
{
"type": "user",
"user":
{
"email": "jane@example.com",
"id": "U7A1SSBCD",
"name": "Jane Miller",
"team": "T00111AA2"
}
},
"context":
{
"app":
{
"creator": "U1A2ABCDE",
"id": "A1A4ABCDE5",
"name": "Okta",
"scopes":
[],
"scopes_bot":
[],
"team": "T00111AA2"
},
"ip_address": "198.51.100.5",
"location":
{
"domain": "acme",
"id": "T00111AA2",
"name": "Acme",
"type": "workspace"
},
"session_id": 5750000001234,
"ua": "OKTA Slack Integration"
},
"date_create": 1692023286,
"details":
{
"new_profile":
{
"first_name": "Janet",
"real_name": "Janet Miller"
},
"previous_profile":
{
"first_name": "Jane",
"real_name": "Jane Miller"
}
},
"entity":
{
"type": "user",
"user":
{
"email": "jane@example.com",
"id": "U7A1SSBCD",
"name": "Jane Miller",
"team": "T00111AA2"
}
},
"id": "18ab534a-0000-4100-a123-aa12bb32ff35"
}
Removes or deletes a user.
Removes or deletes a user.
{
"action": "user_deactivated",
"actor":
{
"type": "user",
"user":
{
"email": "jane@example.com",
"id": "U7A1SSBCD",
"name": "Jane Miller",
"team": "T00111AA2"
}
},
"context":
{
"ip_address": "198.51.100.5",
"location":
{
"domain": "acme",
"id": "T00111AA2",
"name": "Acme",
"type": "workspace"
},
"session_id": 5750000001234,
"ua": "OKTA Slack Integration"
},
"date_create": 1691800883,
"details": null,
"entity":
{
"type": "user",
"user":
{
"email": "bob@example.com",
"id": "U05MA2B2CAA",
"name": "Bob Smith",
"team": "T00111AA2"
}
},
"id": "18ab534a-0000-4100-a123-aa12bb32ff35"
}
Creates a logical group.
Creates a logical group.
Reads a group.
Reads a group.
Updates a group.
Updates a group.
Removes or deletes a group.
Removes or deletes a group.
Adds a service, user or account to a group.
Adds a service, user or account to a group.
{
"action": "user_added_to_usergroup",
"actor":
{
"type": "user",
"user":
{
"email": "john@example.com",
"id": "U03EABCDE0A",
"name": "John Doe",
"team": "A01111TD4"
}
},
"context":
{
"ip_address": "198.51.100.1",
"location":
{
"domain": "acme",
"id": "A01111TD4",
"name": "Acme",
"type": "workspace"
},
"session_id": 5690023232312,
"ua": "Mozilla/5.0 (Macintosh; Intel Mac OS X 13_5_0) AppleWebKit/537.36 (KHTML, like Gecko) Slack/4.33.84 Chrome/114.0.5735.134 Electron/25.2.0 Safari/537.36"
},
"date_create": 1691766194,
"details":
{
"inviter":
{
"type": "user",
"user":
{
"email": "mallory@example.com",
"id": "A01AAB1A5",
"name": "Mallory Jones",
"team": "A01111TD4"
}
},
"type": "INVITED"
},
"entity":
{
"type": "usergroup",
"usergroup":
{
"id": "S02ABABCDA3",
"name": "Developers"
}
},
"id": "1c0c1a15-5a11-4ac1-97a9-123fafa3f000"
}
Removes a service, user or account from a group.
Removes a service, user or account from a group.
{
"action": "user_removed_from_usergroup",
"actor":
{
"type": "user",
"user":
{
"email": "jane@example.com",
"id": "U01AB2C34EA",
"name": "Jane Miller",
"team": "A01111TD4"
}
},
"context":
{
"ip_address": "198.51.100.2",
"location":
{
"domain": "acme",
"id": "A01111TD4",
"name": "Acme",
"type": "workspace"
},
"session_id": 1231123412345,
"ua": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36"
},
"date_create": 1692042606,
"details":
{
"kicker":
{
"type": "user",
"user":
{
"email": "bob@example.com",
"id": "U0AA1BBC2AB",
"name": "Bob Smith",
"team": "A01111TD4"
}
},
"type": "KICKED"
},
"entity":
{
"type": "usergroup",
"usergroup":
{
"id": "S01ABABCDA3",
"name": "Developers"
}
},
"id": "fde9d000-a1b2-3cc4-0000-aed1e3123f10"
}
Creates a new role.
Creates a new role.
Reads a role.
Reads a role.
Updates a role.
Updates a role.
Removes or deletes a role.
Removes or deletes a role.
Adds a permission to a resource.
Adds a permission to a resource.
{
"action": "role_assigned",
"actor":
{
"type": "user",
"user":
{
"email": "Mallory@example.com",
"id": "A012ABCDEFG",
"name": "Mallory Jones",
"team": "A01111TD4"
}
},
"context":
{
"ip_address": "198.51.100.5",
"location":
{
"domain": "acme",
"id": "A01111TD4",
"name": "Acme",
"type": "enterprise"
},
"session_id": 5000189189123,
"ua": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36"
},
"date_create": 1691650836,
"details":
{
"target_entity": "A01111TD4",
"target_user": "A01B56012"
},
"entity":
{
"role":
{
"id": "Rl0E",
"name": "Message Activity Manager",
"type": "0"
},
"type": "role"
},
"id": "00dba123-63a1-4564-bb11-000dd2140ae0"
}
{
"action": "role_change_to_admin",
"actor":
{
"type": "user",
"user":
{
"email": "alice@example.com",
"id": "A012BCDDAB",
"name": "Alice Brown",
"team": "A01111TD4"
}
},
"context":
{
"ip_address": "198.51.100.4",
"location":
{
"domain": "acme",
"id": "A01111TD4",
"name": "Acme",
"type": "workspace"
},
"session_id": 5000109189123,
"ua": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36"
},
"date_create": 1692081890,
"details": null,
"entity":
{
"type": "user",
"user":
{
"email": "john@example.com",
"id": "U01AAAB33QT",
"name": "John Doe",
"team": "A01111TD4"
}
},
"id": "a940a000-a0d0-00df-a123-b8b899ca6e31"
}
Removes a permission from a resource.
Removes a permission from a resource.
{
"action": "permissions_removed",
"actor":
{
"type": "user",
"user":
{
"email": "jane@example.com",
"id": "U01A2ABCDAB",
"name": "Jane Miller",
"team": "A01111TD4"
}
},
"context":
{
"ip_address": "198.51.100.5",
"location":
{
"domain": "acme",
"id": "A01111TD4",
"name": "Acme",
"type": "workspace"
},
"session_id": 5750000001234,
"ua": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36"
},
"date_create": 1692096526,
"details":
{
"changed_permissions":
[
"CREATE_PRIVATE_CHANNEL"
],
"target_entity_id": "A01111TD4"
},
"entity":
{
"account_type_role":
{
"id": 1003,
"name": "MULTI_CHANNEL_GUEST"
},
"type": "account_type_role"
},
"id": "036ccefd-0000-abcd-bb11-000dd2140ae0"
}
A MFA enrollment was added to an account.
A MFA enrollment was added to an account.
{
"action": "pref.two_factor_auth_changed",
"actor":
{
"type": "user",
"user":
{
"email": "john@example.com",
"id": "U01A2ABCDNG",
"name": "John Doe",
"team": "A01111TD4"
}
},
"context":
{
"ip_address": "198.51.100.2",
"location":
{
"domain": "acme",
"id": "A01111TD4",
"name": "Acme",
"type": "workspace"
},
"session_id": 1233443505954,
"ua": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/198.51.100.1 Safari/537.36"
},
"date_create": 1657550802,
"details":
{
"new_value": "TWO_FACTOR_ENABLED",
"previous_value": "TWO_FACTOR_DISABLED"
},
"entity":
{
"type": "workspace",
"workspace":
{
"domain": "acme",
"id": "A01111TD4",
"name": "Acme"
}
},
"id": "1234f70-0fb0-00b1-00eb-95ab9a123d12"
}
A MFA enrollment was removed from an account.
A MFA enrollment was removed from an account.
{
"action": "pref.two_factor_auth_changed",
"actor":
{
"type": "user",
"user":
{
"email": "john@example.com",
"id": "U01A2ABCDNG",
"name": "John Doe",
"team": "A01111TD4"
}
},
"context":
{
"ip_address": "198.51.100.2",
"location":
{
"domain": "acme",
"id": "A01111TD4",
"name": "Acme",
"type": "workspace"
},
"session_id": 1234443505912,
"ua": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/198.51.100.1 Safari/537.36"
},
"date_create": 1657550802,
"details":
{
"new_value": "TWO_FACTOR_DISABLED",
"previous_value": "TWO_FACTOR_ENABLED"
},
"entity":
{
"type": "workspace",
"workspace":
{
"domain": "acme",
"id": "A01111TD4",
"name": "Acme"
}
},
"id": "1234f70-0fb0-00b1-00eb-95ab9a123d12"
}
Events (8)
Creates a security configuration policy or enables settings.
Creates a security configuration policy or enables settings.
{
"action": "team_authorized_ip_range_set",
"actor":
{
"type": "user",
"user":
{
"email": "mallory@example.com",
"id": "U01ABCA1AAD",
"name": "Mallory Jones",
"team": "E0123DTABCDE"
}
},
"context":
{
"ip_address": "198.51.100.4",
"location":
{
"domain": "acme",
"id": "E0123DTABCDE",
"name": "Acme",
"type": "enterprise"
},
"session_id": 1005842004704,
"ua": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36"
},
"date_create": 1693253017,
"details":
{
"ip_ranges":
[
"1.2.3.4/32"
]
},
"entity":
{
"enterprise":
{
"domain": "acme",
"id": "E0123DTABCDE",
"name": "Acme"
},
"type": "enterprise"
},
"id": "be00a00b-3200-4400-8ab0-000de3868a03"
}
Reads a security configuration policy or settings.
Reads a security configuration policy or settings.
Updates a security configuration policy or settings.
Updates a security configuration policy or settings.
{
"action": "pref.sso_setting_changed",
"actor":
{
"type": "user",
"user":
{
"email": "john@example.com",
"id": "U01ABCA1AAA",
"name": "John Doe",
"team": "E0123DTABCDE"
}
},
"context":
{
"ip_address": "198.51.100.1",
"location":
{
"domain": "acme",
"id": "E0123DTABCDE",
"name": "Acme",
"type": "enterprise"
},
"session_id": 1005842004700,
"ua": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36"
},
"date_create": 1693253139,
"details":
{
"new_value": "SSO_REQUIRED",
"previous_value": "SSO_REQUIRED_EXCEPT_GUESTS"
},
"entity":
{
"enterprise":
{
"domain": "acme",
"id": "E0123DTABCDE",
"name": "Acme"
},
"type": "enterprise"
},
"id": "be00a00b-3200-4400-8ab0-000de3868a00"
}
{
"action": "pref.block_file_download_for_unapproved_ip",
"actor":
{
"type": "user",
"user":
{
"email": "alice@example.com",
"id": "U01ABCA1AAB",
"name": "Alice Brown",
"team": "E0123DTABCDE"
}
},
"context":
{
"ip_address": "198.51.100.2",
"location":
{
"domain": "acme",
"id": "E0123DTABCDE",
"name": "Acme",
"type": "enterprise"
},
"session_id": 1005842004701,
"ua": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36"
},
"date_create": 1693253017,
"details":
{
"new_value": true,
"previous_value": false
},
"entity":
{
"enterprise":
{
"domain": "acme",
"id": "E0123DTABCDE",
"name": "Acme"
},
"type": "enterprise"
},
"id": "be00a00b-3200-4400-8ab0-000de3868a001"
}
Removes or deletes a security configuration policy or setting.
Removes or deletes a security configuration policy or setting.
{
"action": "team_authorized_ip_range_set",
"actor":
{
"type": "user",
"user":
{
"email": "bob@example.com",
"id": "U01ABCA1AAC",
"name": "Bob Smith",
"team": "E0123DTABCDE"
}
},
"context":
{
"ip_address": "198.51.100.3",
"location":
{
"domain": "acme",
"id": "E0123DTABCDE",
"name": "Acme",
"type": "enterprise"
},
"session_id": 1005842004702,
"ua": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36"
},
"date_create": 1693253039,
"details":
{
"ip_ranges":
[]
},
"entity":
{
"enterprise":
{
"domain": "acme",
"id": "E0123DTABCDE",
"name": "Acme"
},
"type": "enterprise"
},
"id": "be00a00b-3200-4400-8ab0-000de3868a02"
}
Creates a new integration.
Creates a new integration.
{
"action": "app_installed",
"actor":
{
"type": "user",
"user":
{
"email": "mallory@example.com",
"id": "U05ABC123EF",
"name": "Mallory Jones",
"team": "T01234AB5"
}
},
"context":
{
"ip_address": "198.51.100.3",
"location":
{
"domain": "acme",
"id": "T01234AB5",
"name": "Acme",
"type": "workspace"
},
"session_id": 5123453809333,
"ua": "java-http/10.2.10"
},
"date_create": 1692199107,
"details":
{
"is_internal_integration": false,
"is_token_rotation_enabled_app": false
},
"entity":
{
"app":
{
"id": "A01234567AB",
"is_directory_approved": true,
"is_distributed": true,
"is_workflow_app": false,
"name": "Sample App",
"scopes":
[
"channels:read",
"groups:read",
"links:read",
"links:write"
]
},
"type": "app"
},
"id": "51d1abc1-0000-Ae1B-c2d3-65b5b0000a12"
}
Reads an existing integration.
Reads an existing integration.
Updates an existing integration.
Updates an existing integration.
{
"action": "app_scopes_expanded",
"actor":
{
"type": "user",
"user":
{
"email": "mallory@example.com",
"id": "U05ABC123EF",
"name": "Mallory Jones",
"team": "T01234AB5"
}
},
"context":
{
"ip_address": "198.51.100.3",
"location":
{
"domain": "acme",
"id": "T01234AB5",
"name": "Acme",
"type": "enterprise"
},
"session_id": 5123453809333,
"ua": "@slack:web-api/6.8.1 node/18.16.1 linux/5.10.162+"
},
"date_create": 1692192765,
"details":
{
"granular_bot_token": true,
"is_internal_integration": false,
"is_token_rotation_enabled_app": false,
"new_scopes":
[
"app_mentions:read",
"channels:read",
"chat:write",
"chat:write.public",
"commands",
"files:read",
"files:write",
"groups:read",
"im:read",
"im:write",
"links:read",
"links:write",
"mpim:read",
"remote_files:read",
"remote_files:share",
"remote_files:write",
"team:read",
"users:read",
"users:read.email"
],
"previous_scopes":
[
"app_mentions:read",
"channels:read",
"chat:write.public",
"commands",
"files:read",
"files:write",
"groups:read",
"im:read",
"im:write",
"links:read",
"remote_files:read",
"remote_files:share"
]
},
"entity":
{
"app":
{
"id": "A01234567AB",
"is_directory_approved": true,
"is_distributed": true,
"is_workflow_app": false,
"name": "Sample App",
"scopes":
[
"app_mentions:read",
"channels:read",
"chat:write",
"chat:write.public",
"commands",
"files:read",
"files:write",
"groups:read",
"im:read",
"im:write",
"links:read",
"links:write",
"mpim:read",
"remote_files:read",
"remote_files:share",
"remote_files:write",
"team:read",
"users:read",
"users:read.email"
]
},
"type": "app"
},
"id": "51d1abc1-0000-Ae1B-c2d3-65b5b0000a12"
}
Removes or deletes an existing integration.
Removes or deletes an existing integration.
{
"action": "app_uninstalled",
"actor":
{
"type": "user",
"user":
{
"email": "mallory@example.com",
"id": "U05ABC123EF",
"name": "Mallory Jones",
"team": "T01234AB5"
}
},
"context":
{
"ip_address": "198.51.100.3",
"location":
{
"domain": "acme",
"id": "T01234AB5",
"name": "Acme",
"type": "workspace"
},
"session_id": 5123453809333,
"ua": "sample-api (workflow builder)"
},
"date_create": 1692197604,
"details": null,
"entity":
{
"app":
{
"id": "A01234567AB",
"is_directory_approved": false,
"is_distributed": false,
"is_workflow_app": true,
"name": "Sample App",
"scopes":
[
"bot"
]
},
"type": "app"
},
"id": "51d1abc1-0000-Ae1B-c2d3-65b5b0000a12"
}
Events (5)
A resource was created.
A resource was created.
{
"action": "file_uploaded",
"actor":
{
"type": "user",
"user":
{
"email": "alice@example.com",
"id": "U01ABA99AB1",
"name": "Alice Brown",
"team": "ATBSDEF001"
}
},
"context":
{
"ip_address": "198.51.100.1",
"location":
{
"domain": "acme",
"id": "ATBSDEF001",
"name": "Acme",
"type": "enterprise"
},
"session_id": 5700000123450,
"ua": "Mozilla/5.0 (X11; CrOS x86_64 14541.0.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36"
},
"date_create": 1692201912,
"details": null,
"entity":
{
"file":
{
"filetype": "",
"id": "F01N2AAB3CD",
"name": "image.png",
"title": "image.png"
},
"type": "file"
},
"id": "0ab1d7aa-00dc-0ef0-a0b1-0011a55ff12e"
}
A resource was read.
A resource was read.
A resource was updated.
A resource was updated.
{
"action": "public_channel_converted_to_private",
"actor":
{
"type": "user",
"user":
{
"email": "jane@example.com",
"id": "U01ABA99AB1",
"name": "Jane Miller",
"team": "ATBSDEF001"
}
},
"context":
{
"ip_address": "198.51.100.4",
"location":
{
"domain": "acme",
"id": "ATBSDEF001",
"name": "Acme",
"type": "enterprise"
},
"session_id": 5700000123454,
"ua": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36"
},
"date_create": 1693247607,
"details": null,
"entity":
{
"channel":
{
"id": "C01A2AABC00",
"is_org_shared": false,
"is_shared": false,
"name": "test-channel",
"privacy": "private"
},
"type": "channel"
},
"id": "0ab1d7aa-00dc-0ef0-a0b1-0011a55ff121"
}
A resource was removed or deleted.
A resource was removed or deleted.
{
"action": "file_deleted",
"actor":
{
"type": "user",
"user":
{
"email": "bob@example.com",
"id": "U01ABA99AB2",
"name": "Bob Smith",
"team": "ATBSDEF001"
}
},
"context":
{
"ip_address": "198.51.100.2",
"location":
{
"domain": "acme",
"id": "ATBSDEF001",
"name": "Acme",
"type": "enterprise"
},
"session_id": 5700000123451,
"ua": "slack/23.08.20.0.90012549 (Google Pixel 4a; Android 13)"
},
"date_create": 1692202048,
"details": null,
"entity":
{
"file":
{
"filetype": "audio/mp4",
"id": "F01A2AAB3A1",
"name": "audio_clip.m4a",
"title": "Audio Clip.m4a"
},
"type": "file"
},
"id": "0ab1d7aa-00dc-0ef0-a0b1-0011a55ff12a"
}
A resource was downloaded.
A resource was downloaded.
{
"action": "file_downloaded",
"actor":
{
"type": "user",
"user":
{
"email": "mallory@example.com",
"id": "U01ABA99AB3",
"name": "Mallory Jones",
"team": "ATBSDEF001"
}
},
"context":
{
"ip_address": "198.51.100.3",
"location":
{
"domain": "acme",
"id": "ATBSDEF001",
"name": "Acme",
"type": "enterprise"
},
"session_id": 5700000123453,
"ua": "Mozilla/5.0 (Windows NT 10.0.22621; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Slack/4.33.84 Chrome/114.0.5735.134 Safari/537.36"
},
"date_create": 1692202187,
"details":
{
"url_private": "https://files.slack.com/files/ATBSDEF001-F01A2AABCAA/dataset.xlsx"
},
"entity":
{
"file":
{
"filetype": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet",
"id": "F01A2AABCAA",
"name": "dataset.xlsx",
"title": "dataset.xlsx"
},
"type": "file"
},
"id": "0ab1d7aa-00dc-0ef0-a0b1-0011a55ff12b"
}
Slack enterprise audit logs that provide an audit trail of user and system activity.
Storage Duration: Default 90 days
Can be customized
Duration: Near real-time
Can be customized
Slack is a cloud-based collaboration platform that facilitates communication between individuals and groups through channels, direct messaging, file sharing, and integrations with third-party applications. The Slack Audit Logs API allows organizations to access and retrieve audit logs related to user activity and security events within their Slack workspaces.
Documentation on collecting events from the Audit Logs API
Events (3)
An account attempted to login to a system.
An account attempted to login to a system.
{
"CLIENT_IP": "12.3.4.56",
"CONNECTION": null,
"ERROR_CODE": null,
"ERROR_MESSAGE": null,
"EVENT_ID": "53754033158915655",
"EVENT_TIMESTAMP": "1717764280.813000",
"EVENT_TYPE": "LOGIN",
"FIRST_AUTHENTICATION_FACTOR": "PASSWORD",
"IS_SUCCESS": "YES",
"RELATED_EVENT_ID": "0",
"REPORTED_CLIENT_TYPE": "JDBC_DRIVER",
"REPORTED_CLIENT_VERSION": "3.14.1",
"SECOND_AUTHENTICATION_FACTOR": null,
"USER_NAME": "bruce-wayne"
}
An account attempted to logout of a system.
An account attempted to logout of a system.
Enter or acknowledge an MFA factor which indicates success or failure.
Enter or acknowledge an MFA factor which indicates success or failure.
{
"CLIENT_IP": "12.3.4.56",
"CONNECTION": null,
"ERROR_CODE": null,
"ERROR_MESSAGE": null,
"EVENT_ID": "12042414114134585",
"EVENT_TIMESTAMP": "1717633886.401000",
"EVENT_TYPE": "LOGIN",
"FIRST_AUTHENTICATION_FACTOR": "SAML2_ASSERTION",
"IS_SUCCESS": "YES",
"RELATED_EVENT_ID": "0",
"REPORTED_CLIENT_TYPE": "SNOWFLAKE_UI",
"REPORTED_CLIENT_VERSION": "20240605173119",
"SECOND_AUTHENTICATION_FACTOR": "DUO_PASSCODE",
"USER_NAME": "bruce-wayne"
}
Events (18)
Creates a user.
Creates a user.
Reads information about a user.
Reads information about a user.
Updates information about a user.
Updates information about a user.
Removes or deletes a user.
Removes or deletes a user.
Creates a logical group.
Creates a logical group.
Reads a group.
Reads a group.
Updates a group.
Updates a group.
Removes or deletes a group.
Removes or deletes a group.
Adds a service, user or account to a group.
Adds a service, user or account to a group.
Removes a service, user or account from a group.
Removes a service, user or account from a group.
Creates a new role.
Creates a new role.
Reads a role.
Reads a role.
Updates a role.
Updates a role.
Removes or deletes a role.
Removes or deletes a role.
Adds a permission to a resource.
Adds a permission to a resource.
Removes a permission from a resource.
Removes a permission from a resource.
A MFA enrollment was added to an account.
A MFA enrollment was added to an account.
A MFA enrollment was removed from an account.
A MFA enrollment was removed from an account.
Events (8)
Creates a security configuration policy or enables settings.
Creates a security configuration policy or enables settings.
Reads a security configuration policy or settings.
Reads a security configuration policy or settings.
Updates a security configuration policy or settings.
Updates a security configuration policy or settings.
Removes or deletes a security configuration policy or setting.
Removes or deletes a security configuration policy or setting.
Creates a new integration.
Creates a new integration.
Reads an existing integration.
Reads an existing integration.
Updates an existing integration.
Updates an existing integration.
Removes or deletes an existing integration.
Removes or deletes an existing integration.
Events (5)
A resource was created.
A resource was created.
A resource was read.
A resource was read.
A resource was updated.
A resource was updated.
A resource was removed or deleted.
A resource was removed or deleted.
A resource was downloaded.
A resource was downloaded.
This Account Usage view can be used to query login attempts by Snowflake users within the last 365 days (1 year).
Storage Duration: 365 days
No comments
Duration: up to 120 minutes
No comments
Events (3)
An account attempted to login to a system.
An account attempted to login to a system.
An account attempted to logout of a system.
An account attempted to logout of a system.
Enter or acknowledge an MFA factor which indicates success or failure.
Enter or acknowledge an MFA factor which indicates success or failure.
Events (18)
Creates a user.
Creates a user.
{
"BYTES_DELETED": "0",
"BYTES_READ_FROM_RESULT": "0",
"BYTES_SCANNED": "0",
"BYTES_SENT_OVER_THE_NETWORK": "0",
"BYTES_SPILLED_TO_LOCAL_STORAGE": "0",
"BYTES_SPILLED_TO_REMOTE_STORAGE": "0",
"BYTES_WRITTEN": "0",
"BYTES_WRITTEN_TO_RESULT": "90",
"CHILD_QUERIES_WAIT_TIME": "0",
"CLUSTER_NUMBER": null,
"COMPILATION_TIME": "29",
"CREDITS_USED_CLOUD_SERVICES": "3.9999999999999998e-06",
"DATABASE_ID": null,
"DATABASE_NAME": null,
"END_TIME": "1717698436.337000",
"ERROR_CODE": null,
"ERROR_MESSAGE": null,
"EXECUTION_STATUS": "SUCCESS",
"EXECUTION_TIME": "1",
"EXTERNAL_FUNCTION_TOTAL_INVOCATIONS": "0",
"EXTERNAL_FUNCTION_TOTAL_RECEIVED_BYTES": "0",
"EXTERNAL_FUNCTION_TOTAL_RECEIVED_ROWS": "0",
"EXTERNAL_FUNCTION_TOTAL_SENT_BYTES": "0",
"EXTERNAL_FUNCTION_TOTAL_SENT_ROWS": "0",
"FAULT_HANDLING_TIME": null,
"INBOUND_DATA_TRANSFER_BYTES": "0",
"INBOUND_DATA_TRANSFER_CLOUD": null,
"INBOUND_DATA_TRANSFER_REGION": null,
"IS_CLIENT_GENERATED_STATEMENT": "false",
"LIST_EXTERNAL_FILES_TIME": "0",
"OUTBOUND_DATA_TRANSFER_BYTES": "0",
"OUTBOUND_DATA_TRANSFER_CLOUD": null,
"OUTBOUND_DATA_TRANSFER_REGION": null,
"PARTITIONS_SCANNED": "0",
"PARTITIONS_TOTAL": "0",
"PERCENTAGE_SCANNED_FROM_CACHE": "0",
"QUERY_ACCELERATION_BYTES_SCANNED": "0",
"QUERY_ACCELERATION_PARTITIONS_SCANNED": "0",
"QUERY_ACCELERATION_UPPER_LIMIT_SCALE_FACTOR": "0",
"QUERY_HASH": "15c1fa5cbdce6f6c0cd15c1fac1fac1fa",
"QUERY_HASH_VERSION": "2",
"QUERY_ID": "01b4d553-0000-83bf-0000-151118855e511e",
"QUERY_LOAD_PERCENT": null,
"QUERY_PARAMETERIZED_HASH": "15c1fa5cb15c1fa5cb15c1fa5cb",
"QUERY_PARAMETERIZED_HASH_VERSION": "1",
"QUERY_RETRY_CAUSE": null,
"QUERY_RETRY_TIME": null,
"QUERY_TAG": "",
"QUERY_TEXT": "CREATE USER IF NOT EXISTS bruce-wayne DEFAULT_ROLE \u003d bruce-wayne-role RSA_PUBLIC_KEY <redacted>",
"QUERY_TYPE": "CREATE_USER",
"QUEUED_OVERLOAD_TIME": "0",
"QUEUED_PROVISIONING_TIME": "0",
"QUEUED_REPAIR_TIME": "0",
"RELEASE_VERSION": "8.21.1",
"ROLE_NAME": "BRUCE_WAYNE_ROLE",
"ROLE_TYPE": "ROLE",
"ROWS_DELETED": "0",
"ROWS_INSERTED": "0",
"ROWS_PRODUCED": null,
"ROWS_UNLOADED": "0",
"ROWS_UPDATED": "0",
"ROWS_WRITTEN_TO_RESULT": "1",
"SCHEMA_ID": null,
"SCHEMA_NAME": null,
"SECONDARY_ROLE_STATS": "{\"roleNames\":[],\"roleCount\":0,\"roleIds\":[]}",
"SESSION_ID": "471516516265151",
"START_TIME": "1717698436.307000",
"TOTAL_ELAPSED_TIME": "30",
"TRANSACTION_BLOCKED_TIME": "0",
"TRANSACTION_ID": "0",
"USER_NAME": "ALFRED_ADMIN",
"WAREHOUSE_ID": "5",
"WAREHOUSE_NAME": "BATMAN_WAREHOUSE",
"WAREHOUSE_SIZE": null,
"WAREHOUSE_TYPE": "STANDARD"
}
Reads information about a user.
Reads information about a user.
{
"BYTES_DELETED": "0",
"BYTES_READ_FROM_RESULT": "0",
"BYTES_SCANNED": "0",
"BYTES_SENT_OVER_THE_NETWORK": "0",
"BYTES_SPILLED_TO_LOCAL_STORAGE": "0",
"BYTES_SPILLED_TO_REMOTE_STORAGE": "0",
"BYTES_WRITTEN": "0",
"BYTES_WRITTEN_TO_RESULT": "90",
"CHILD_QUERIES_WAIT_TIME": "0",
"CLUSTER_NUMBER": null,
"COMPILATION_TIME": "29",
"CREDITS_USED_CLOUD_SERVICES": "3.9999999999999998e-06",
"DATABASE_ID": null,
"DATABASE_NAME": null,
"END_TIME": "1717698436.337000",
"ERROR_CODE": null,
"ERROR_MESSAGE": null,
"EXECUTION_STATUS": "SUCCESS",
"EXECUTION_TIME": "1",
"EXTERNAL_FUNCTION_TOTAL_INVOCATIONS": "0",
"EXTERNAL_FUNCTION_TOTAL_RECEIVED_BYTES": "0",
"EXTERNAL_FUNCTION_TOTAL_RECEIVED_ROWS": "0",
"EXTERNAL_FUNCTION_TOTAL_SENT_BYTES": "0",
"EXTERNAL_FUNCTION_TOTAL_SENT_ROWS": "0",
"FAULT_HANDLING_TIME": null,
"INBOUND_DATA_TRANSFER_BYTES": "0",
"INBOUND_DATA_TRANSFER_CLOUD": null,
"INBOUND_DATA_TRANSFER_REGION": null,
"IS_CLIENT_GENERATED_STATEMENT": "false",
"LIST_EXTERNAL_FILES_TIME": "0",
"OUTBOUND_DATA_TRANSFER_BYTES": "0",
"OUTBOUND_DATA_TRANSFER_CLOUD": null,
"OUTBOUND_DATA_TRANSFER_REGION": null,
"PARTITIONS_SCANNED": "0",
"PARTITIONS_TOTAL": "0",
"PERCENTAGE_SCANNED_FROM_CACHE": "0",
"QUERY_ACCELERATION_BYTES_SCANNED": "0",
"QUERY_ACCELERATION_PARTITIONS_SCANNED": "0",
"QUERY_ACCELERATION_UPPER_LIMIT_SCALE_FACTOR": "0",
"QUERY_HASH": "15c1fa5cbdce6f6c0cd15c1fac1fac1fa",
"QUERY_HASH_VERSION": "2",
"QUERY_ID": "01b4d553-0000-83bf-0000-151118855e511e",
"QUERY_LOAD_PERCENT": null,
"QUERY_PARAMETERIZED_HASH": "15c1fa5cb15c1fa5cb15c1fa5cb",
"QUERY_PARAMETERIZED_HASH_VERSION": "1",
"QUERY_RETRY_CAUSE": null,
"QUERY_RETRY_TIME": null,
"QUERY_TAG": "",
"QUERY_TEXT": "SHOW USERS LIKE 'bruce-wayne'",
"QUERY_TYPE": "SHOW",
"QUEUED_OVERLOAD_TIME": "0",
"QUEUED_PROVISIONING_TIME": "0",
"QUEUED_REPAIR_TIME": "0",
"RELEASE_VERSION": "8.21.1",
"ROLE_NAME": "BRUCE_WAYNE_ROLE",
"ROLE_TYPE": "ROLE",
"ROWS_DELETED": "0",
"ROWS_INSERTED": "0",
"ROWS_PRODUCED": null,
"ROWS_UNLOADED": "0",
"ROWS_UPDATED": "0",
"ROWS_WRITTEN_TO_RESULT": "1",
"SCHEMA_ID": null,
"SCHEMA_NAME": null,
"SECONDARY_ROLE_STATS": "{\"roleNames\":[],\"roleCount\":0,\"roleIds\":[]}",
"SESSION_ID": "471516516265151",
"START_TIME": "1717698436.307000",
"TOTAL_ELAPSED_TIME": "30",
"TRANSACTION_BLOCKED_TIME": "0",
"TRANSACTION_ID": "0",
"USER_NAME": "ALFRED_ADMIN",
"WAREHOUSE_ID": "5",
"WAREHOUSE_NAME": "BATMAN_WAREHOUSE",
"WAREHOUSE_SIZE": null,
"WAREHOUSE_TYPE": "STANDARD"
}
Updates information about a user.
Updates information about a user.
{
"BYTES_DELETED": "0",
"BYTES_READ_FROM_RESULT": "0",
"BYTES_SCANNED": "0",
"BYTES_SENT_OVER_THE_NETWORK": "0",
"BYTES_SPILLED_TO_LOCAL_STORAGE": "0",
"BYTES_SPILLED_TO_REMOTE_STORAGE": "0",
"BYTES_WRITTEN": "0",
"BYTES_WRITTEN_TO_RESULT": "36",
"CHILD_QUERIES_WAIT_TIME": "0",
"CLUSTER_NUMBER": null,
"COMPILATION_TIME": "27",
"CREDITS_USED_CLOUD_SERVICES": "1.0000000000000001e-05",
"DATABASE_ID": null,
"DATABASE_NAME": null,
"END_TIME": "1717071413.029000",
"ERROR_CODE": null,
"ERROR_MESSAGE": null,
"EXECUTION_STATUS": "SUCCESS",
"EXECUTION_TIME": "38",
"EXTERNAL_FUNCTION_TOTAL_INVOCATIONS": "0",
"EXTERNAL_FUNCTION_TOTAL_RECEIVED_BYTES": "0",
"EXTERNAL_FUNCTION_TOTAL_RECEIVED_ROWS": "0",
"EXTERNAL_FUNCTION_TOTAL_SENT_BYTES": "0",
"EXTERNAL_FUNCTION_TOTAL_SENT_ROWS": "0",
"FAULT_HANDLING_TIME": null,
"INBOUND_DATA_TRANSFER_BYTES": "0",
"INBOUND_DATA_TRANSFER_CLOUD": null,
"INBOUND_DATA_TRANSFER_REGION": null,
"IS_CLIENT_GENERATED_STATEMENT": "false",
"LIST_EXTERNAL_FILES_TIME": "0",
"OUTBOUND_DATA_TRANSFER_BYTES": "0",
"OUTBOUND_DATA_TRANSFER_CLOUD": null,
"OUTBOUND_DATA_TRANSFER_REGION": null,
"PARTITIONS_SCANNED": "0",
"PARTITIONS_TOTAL": "0",
"PERCENTAGE_SCANNED_FROM_CACHE": "0",
"QUERY_ACCELERATION_BYTES_SCANNED": "0",
"QUERY_ACCELERATION_PARTITIONS_SCANNED": "0",
"QUERY_ACCELERATION_UPPER_LIMIT_SCALE_FACTOR": "0",
"QUERY_HASH": "39eabc39eabc39eabc39eabc39eabc",
"QUERY_HASH_VERSION": "2",
"QUERY_ID": "01b4ac80-0000-83bf-0000-15165sdc5151",
"QUERY_LOAD_PERCENT": null,
"QUERY_PARAMETERIZED_HASH": "39eabc39eabc39eabc39eabc39eabc",
"QUERY_PARAMETERIZED_HASH_VERSION": "1",
"QUERY_RETRY_CAUSE": null,
"QUERY_RETRY_TIME": null,
"QUERY_TAG": "",
"QUERY_TEXT": "ALTER USER bruce-wayne SET RSA_PUBLIC_KEY <redacted>;",
"QUERY_TYPE": "ALTER_USER",
"QUEUED_OVERLOAD_TIME": "0",
"QUEUED_PROVISIONING_TIME": "0",
"QUEUED_REPAIR_TIME": "0",
"RELEASE_VERSION": "8.21.1",
"ROLE_NAME": "BRUCE_WAYNE_ROLE",
"ROLE_TYPE": "ROLE",
"ROWS_DELETED": "0",
"ROWS_INSERTED": "0",
"ROWS_PRODUCED": null,
"ROWS_UNLOADED": "0",
"ROWS_UPDATED": "0",
"ROWS_WRITTEN_TO_RESULT": "1",
"SCHEMA_ID": null,
"SCHEMA_NAME": null,
"SECONDARY_ROLE_STATS": "{\"roleNames\":[],\"roleCount\":0,\"roleIds\":[]}",
"SESSION_ID": "47121871234566",
"START_TIME": "1717071412.964000",
"TOTAL_ELAPSED_TIME": "65",
"TRANSACTION_BLOCKED_TIME": "0",
"TRANSACTION_ID": "0",
"USER_NAME": "ALFRED_ADMIN",
"WAREHOUSE_ID": "10",
"WAREHOUSE_NAME": "BATMAN_WAREHOUSE",
"WAREHOUSE_SIZE": null,
"WAREHOUSE_TYPE": "STANDARD"
}
Removes or deletes a user.
Removes or deletes a user.
{
"BYTES_DELETED": "0",
"BYTES_READ_FROM_RESULT": "0",
"BYTES_SCANNED": "0",
"BYTES_SENT_OVER_THE_NETWORK": "0",
"BYTES_SPILLED_TO_LOCAL_STORAGE": "0",
"BYTES_SPILLED_TO_REMOTE_STORAGE": "0",
"BYTES_WRITTEN": "0",
"BYTES_WRITTEN_TO_RESULT": "36",
"CHILD_QUERIES_WAIT_TIME": "0",
"CLUSTER_NUMBER": null,
"COMPILATION_TIME": "515",
"CREDITS_USED_CLOUD_SERVICES": "8.7999999999999998e-05",
"DATABASE_ID": null,
"DATABASE_NAME": null,
"END_TIME": "1717685383.600000",
"ERROR_CODE": null,
"ERROR_MESSAGE": null,
"EXECUTION_STATUS": "SUCCESS",
"EXECUTION_TIME": "59",
"EXTERNAL_FUNCTION_TOTAL_INVOCATIONS": "0",
"EXTERNAL_FUNCTION_TOTAL_RECEIVED_BYTES": "0",
"EXTERNAL_FUNCTION_TOTAL_RECEIVED_ROWS": "0",
"EXTERNAL_FUNCTION_TOTAL_SENT_BYTES": "0",
"EXTERNAL_FUNCTION_TOTAL_SENT_ROWS": "0",
"FAULT_HANDLING_TIME": null,
"INBOUND_DATA_TRANSFER_BYTES": "0",
"INBOUND_DATA_TRANSFER_CLOUD": null,
"INBOUND_DATA_TRANSFER_REGION": null,
"IS_CLIENT_GENERATED_STATEMENT": "false",
"LIST_EXTERNAL_FILES_TIME": "0",
"OUTBOUND_DATA_TRANSFER_BYTES": "0",
"OUTBOUND_DATA_TRANSFER_CLOUD": null,
"OUTBOUND_DATA_TRANSFER_REGION": null,
"PARTITIONS_SCANNED": "0",
"PARTITIONS_TOTAL": "0",
"PERCENTAGE_SCANNED_FROM_CACHE": "0",
"QUERY_ACCELERATION_BYTES_SCANNED": "0",
"QUERY_ACCELERATION_PARTITIONS_SCANNED": "0",
"QUERY_ACCELERATION_UPPER_LIMIT_SCALE_FACTOR": "0",
"QUERY_HASH": "d55b6367d55b6367d55b6367d55b6367",
"QUERY_HASH_VERSION": "2",
"QUERY_ID": "44ed5de-0002-3f81-0001-44ed5de44ed5dee",
"QUERY_LOAD_PERCENT": null,
"QUERY_PARAMETERIZED_HASH": "d55b6367d55b6367d55b6367d55b6367",
"QUERY_PARAMETERIZED_HASH_VERSION": "1",
"QUERY_RETRY_CAUSE": null,
"QUERY_RETRY_TIME": null,
"QUERY_TAG": "",
"QUERY_TEXT": "DROP USER THE_RIZZLER;",
"QUERY_TYPE": "DROP_USER",
"QUEUED_OVERLOAD_TIME": "0",
"QUEUED_PROVISIONING_TIME": "0",
"QUEUED_REPAIR_TIME": "0",
"RELEASE_VERSION": "8.21.1",
"ROLE_NAME": "BRUCE_WAYNE_ROLE",
"ROLE_TYPE": "ROLE",
"ROWS_DELETED": "0",
"ROWS_INSERTED": "0",
"ROWS_PRODUCED": null,
"ROWS_UNLOADED": "0",
"ROWS_UPDATED": "0",
"ROWS_WRITTEN_TO_RESULT": "1",
"SCHEMA_ID": null,
"SCHEMA_NAME": null,
"SECONDARY_ROLE_STATS": "{\"roleNames\":[],\"roleCount\":0,\"roleIds\":[]}",
"SESSION_ID": "37937453123456",
"START_TIME": "1717685383.026000",
"TOTAL_ELAPSED_TIME": "574",
"TRANSACTION_BLOCKED_TIME": "0",
"TRANSACTION_ID": "0",
"USER_NAME": "ALFRED_ADMIN@wayneenerprises.org",
"WAREHOUSE_ID": null,
"WAREHOUSE_NAME": null,
"WAREHOUSE_SIZE": null,
"WAREHOUSE_TYPE": null
}
Creates a logical group.
Creates a logical group.
Reads a group.
Reads a group.
Updates a group.
Updates a group.
Removes or deletes a group.
Removes or deletes a group.
Adds a service, user or account to a group.
Adds a service, user or account to a group.
Removes a service, user or account from a group.
Removes a service, user or account from a group.
Creates a new role.
Creates a new role.
{
"BYTES_DELETED": "0",
"BYTES_READ_FROM_RESULT": "0",
"BYTES_SCANNED": "0",
"BYTES_SENT_OVER_THE_NETWORK": "0",
"BYTES_SPILLED_TO_LOCAL_STORAGE": "0",
"BYTES_SPILLED_TO_REMOTE_STORAGE": "0",
"BYTES_WRITTEN": "0",
"BYTES_WRITTEN_TO_RESULT": "56",
"CHILD_QUERIES_WAIT_TIME": "0",
"CLUSTER_NUMBER": null,
"COMPILATION_TIME": "44",
"CREDITS_USED_CLOUD_SERVICES": "9.0000000000000002e-06",
"DATABASE_ID": "5",
"DATABASE_NAME": "GOTHAM_VILLAINS",
"END_TIME": "1717774231.234000",
"ERROR_CODE": null,
"ERROR_MESSAGE": null,
"EXECUTION_STATUS": "SUCCESS",
"EXECUTION_TIME": "19",
"EXTERNAL_FUNCTION_TOTAL_INVOCATIONS": "0",
"EXTERNAL_FUNCTION_TOTAL_RECEIVED_BYTES": "0",
"EXTERNAL_FUNCTION_TOTAL_RECEIVED_ROWS": "0",
"EXTERNAL_FUNCTION_TOTAL_SENT_BYTES": "0",
"EXTERNAL_FUNCTION_TOTAL_SENT_ROWS": "0",
"FAULT_HANDLING_TIME": null,
"INBOUND_DATA_TRANSFER_BYTES": "0",
"INBOUND_DATA_TRANSFER_CLOUD": null,
"INBOUND_DATA_TRANSFER_REGION": null,
"IS_CLIENT_GENERATED_STATEMENT": "false",
"LIST_EXTERNAL_FILES_TIME": "0",
"OUTBOUND_DATA_TRANSFER_BYTES": "0",
"OUTBOUND_DATA_TRANSFER_CLOUD": null,
"OUTBOUND_DATA_TRANSFER_REGION": null,
"PARTITIONS_SCANNED": "0",
"PARTITIONS_TOTAL": "0",
"PERCENTAGE_SCANNED_FROM_CACHE": "0",
"QUERY_ACCELERATION_BYTES_SCANNED": "0",
"QUERY_ACCELERATION_PARTITIONS_SCANNED": "0",
"QUERY_ACCELERATION_UPPER_LIMIT_SCALE_FACTOR": "0",
"QUERY_HASH": "2fdac6a14c32fdac6a14c32fdac6a14c3",
"QUERY_HASH_VERSION": "2",
"QUERY_ID": "01b4da42-0509-r73t-0068-2j9d9v97eb",
"QUERY_LOAD_PERCENT": null,
"QUERY_PARAMETERIZED_HASH": "2fdac6a14c32fdac6a14c32fdac6a14c3",
"QUERY_PARAMETERIZED_HASH_VERSION": "1",
"QUERY_RETRY_CAUSE": null,
"QUERY_RETRY_TIME": null,
"QUERY_TAG": "",
"QUERY_TEXT": "CREATE ROLE IF NOT EXISTS GEN1_VILLAINS;",
"QUERY_TYPE": "CREATE_ROLE",
"QUEUED_OVERLOAD_TIME": "0",
"QUEUED_PROVISIONING_TIME": "0",
"QUEUED_REPAIR_TIME": "0",
"RELEASE_VERSION": "8.21.1",
"ROLE_NAME": "BRUCE_WAYNE_ROLE",
"ROLE_TYPE": "ROLE",
"ROWS_DELETED": "0",
"ROWS_INSERTED": "0",
"ROWS_PRODUCED": null,
"ROWS_UNLOADED": "0",
"ROWS_UPDATED": "0",
"ROWS_WRITTEN_TO_RESULT": "1",
"SCHEMA_ID": "21231",
"SCHEMA_NAME": "PUBLIC",
"SECONDARY_ROLE_STATS": "{\"roleNames\":[\"ALL\"],\"roleCount\":5,\"roleIds\":[65165172,66515276,4545415,516511637,16418111122]}",
"SESSION_ID": "29322881123456789",
"START_TIME": "1717774231.171000",
"TOTAL_ELAPSED_TIME": "63",
"TRANSACTION_BLOCKED_TIME": "0",
"TRANSACTION_ID": "0",
"USER_NAME": "ALFRED_ADMIN",
"WAREHOUSE_ID": "350",
"WAREHOUSE_NAME": "GOTHAM_WAREHOUSE",
"WAREHOUSE_SIZE": null,
"WAREHOUSE_TYPE": "STANDARD"
}
Reads a role.
Reads a role.
{
"BYTES_DELETED": "0",
"BYTES_READ_FROM_RESULT": "0",
"BYTES_SCANNED": "0",
"BYTES_SENT_OVER_THE_NETWORK": "0",
"BYTES_SPILLED_TO_LOCAL_STORAGE": "0",
"BYTES_SPILLED_TO_REMOTE_STORAGE": "0",
"BYTES_WRITTEN": "0",
"BYTES_WRITTEN_TO_RESULT": "56",
"CHILD_QUERIES_WAIT_TIME": "0",
"CLUSTER_NUMBER": null,
"COMPILATION_TIME": "44",
"CREDITS_USED_CLOUD_SERVICES": "9.0000000000000002e-06",
"DATABASE_ID": "5",
"DATABASE_NAME": "GOTHAM_VILLAINS",
"END_TIME": "1717774231.234000",
"ERROR_CODE": null,
"ERROR_MESSAGE": null,
"EXECUTION_STATUS": "SUCCESS",
"EXECUTION_TIME": "19",
"EXTERNAL_FUNCTION_TOTAL_INVOCATIONS": "0",
"EXTERNAL_FUNCTION_TOTAL_RECEIVED_BYTES": "0",
"EXTERNAL_FUNCTION_TOTAL_RECEIVED_ROWS": "0",
"EXTERNAL_FUNCTION_TOTAL_SENT_BYTES": "0",
"EXTERNAL_FUNCTION_TOTAL_SENT_ROWS": "0",
"FAULT_HANDLING_TIME": null,
"INBOUND_DATA_TRANSFER_BYTES": "0",
"INBOUND_DATA_TRANSFER_CLOUD": null,
"INBOUND_DATA_TRANSFER_REGION": null,
"IS_CLIENT_GENERATED_STATEMENT": "false",
"LIST_EXTERNAL_FILES_TIME": "0",
"OUTBOUND_DATA_TRANSFER_BYTES": "0",
"OUTBOUND_DATA_TRANSFER_CLOUD": null,
"OUTBOUND_DATA_TRANSFER_REGION": null,
"PARTITIONS_SCANNED": "0",
"PARTITIONS_TOTAL": "0",
"PERCENTAGE_SCANNED_FROM_CACHE": "0",
"QUERY_ACCELERATION_BYTES_SCANNED": "0",
"QUERY_ACCELERATION_PARTITIONS_SCANNED": "0",
"QUERY_ACCELERATION_UPPER_LIMIT_SCALE_FACTOR": "0",
"QUERY_HASH": "2fdac6a14c32fdac6a14c32fdac6a14c3",
"QUERY_HASH_VERSION": "2",
"QUERY_ID": "01b4da42-0509-r73t-0068-2j9d9v97eb",
"QUERY_LOAD_PERCENT": null,
"QUERY_PARAMETERIZED_HASH": "2fdac6a14c32fdac6a14c32fdac6a14c3",
"QUERY_PARAMETERIZED_HASH_VERSION": "1",
"QUERY_RETRY_CAUSE": null,
"QUERY_RETRY_TIME": null,
"QUERY_TAG": "",
"QUERY_TEXT": "SHOW ROLE LIKE 'GEN1_VILLAINS';",
"QUERY_TYPE": "SHOW",
"QUEUED_OVERLOAD_TIME": "0",
"QUEUED_PROVISIONING_TIME": "0",
"QUEUED_REPAIR_TIME": "0",
"RELEASE_VERSION": "8.21.1",
"ROLE_NAME": "BRUCE_WAYNE_ROLE",
"ROLE_TYPE": "ROLE",
"ROWS_DELETED": "0",
"ROWS_INSERTED": "0",
"ROWS_PRODUCED": null,
"ROWS_UNLOADED": "0",
"ROWS_UPDATED": "0",
"ROWS_WRITTEN_TO_RESULT": "1",
"SCHEMA_ID": "21231",
"SCHEMA_NAME": "PUBLIC",
"SECONDARY_ROLE_STATS": "{\"roleNames\":[\"ALL\"],\"roleCount\":5,\"roleIds\":[65165172,66515276,4545415,516511637,16418111122]}",
"SESSION_ID": "29322881123456789",
"START_TIME": "1717774231.171000",
"TOTAL_ELAPSED_TIME": "63",
"TRANSACTION_BLOCKED_TIME": "0",
"TRANSACTION_ID": "0",
"USER_NAME": "ALFRED_ADMIN",
"WAREHOUSE_ID": "350",
"WAREHOUSE_NAME": "GOTHAM_WAREHOUSE",
"WAREHOUSE_SIZE": null,
"WAREHOUSE_TYPE": "STANDARD"
}
Updates a role.
Updates a role.
{
"BYTES_DELETED": "0",
"BYTES_READ_FROM_RESULT": "0",
"BYTES_SCANNED": "0",
"BYTES_SENT_OVER_THE_NETWORK": "0",
"BYTES_SPILLED_TO_LOCAL_STORAGE": "0",
"BYTES_SPILLED_TO_REMOTE_STORAGE": "0",
"BYTES_WRITTEN": "0",
"BYTES_WRITTEN_TO_RESULT": "36",
"CHILD_QUERIES_WAIT_TIME": "0",
"CLUSTER_NUMBER": null,
"COMPILATION_TIME": "29",
"CREDITS_USED_CLOUD_SERVICES": "6.0000000000000002e-06",
"DATABASE_ID": null,
"DATABASE_NAME": null,
"END_TIME": "1717310018.697000",
"ERROR_CODE": null,
"ERROR_MESSAGE": null,
"EXECUTION_STATUS": "SUCCESS",
"EXECUTION_TIME": "13",
"EXTERNAL_FUNCTION_TOTAL_INVOCATIONS": "0",
"EXTERNAL_FUNCTION_TOTAL_RECEIVED_BYTES": "0",
"EXTERNAL_FUNCTION_TOTAL_RECEIVED_ROWS": "0",
"EXTERNAL_FUNCTION_TOTAL_SENT_BYTES": "0",
"EXTERNAL_FUNCTION_TOTAL_SENT_ROWS": "0",
"FAULT_HANDLING_TIME": null,
"INBOUND_DATA_TRANSFER_BYTES": "0",
"INBOUND_DATA_TRANSFER_CLOUD": null,
"INBOUND_DATA_TRANSFER_REGION": null,
"IS_CLIENT_GENERATED_STATEMENT": "false",
"LIST_EXTERNAL_FILES_TIME": "0",
"OUTBOUND_DATA_TRANSFER_BYTES": "0",
"OUTBOUND_DATA_TRANSFER_CLOUD": null,
"OUTBOUND_DATA_TRANSFER_REGION": null,
"PARTITIONS_SCANNED": "0",
"PARTITIONS_TOTAL": "0",
"PERCENTAGE_SCANNED_FROM_CACHE": "0",
"QUERY_ACCELERATION_BYTES_SCANNED": "0",
"QUERY_ACCELERATION_PARTITIONS_SCANNED": "0",
"QUERY_ACCELERATION_UPPER_LIMIT_SCALE_FACTOR": "0",
"QUERY_HASH": "1ed33b51ed33b51ed33b51ed33b51ed33b5563",
"QUERY_HASH_VERSION": "2",
"QUERY_ID": "01b4bc09-5759-e717-002f-5fg5151g61d5f2",
"QUERY_LOAD_PERCENT": null,
"QUERY_PARAMETERIZED_HASH": "1ed33b51ed33b51ed33b51ed33b51ed33b5563",
"QUERY_PARAMETERIZED_HASH_VERSION": "1",
"QUERY_RETRY_CAUSE": null,
"QUERY_RETRY_TIME": null,
"QUERY_TAG": "",
"QUERY_TEXT": "ALTER ROLE GEN1_VILLAINS SET\n COMMENT \u003d \u0027Role which will allow the creation\n and usage of schemas for the Villains\n database. \u0027\n ;",
"QUERY_TYPE": "ALTER_ROLE",
"QUEUED_OVERLOAD_TIME": "0",
"QUEUED_PROVISIONING_TIME": "0",
"QUEUED_REPAIR_TIME": "0",
"RELEASE_VERSION": "8.21.1",
"ROLE_NAME": "BRUCE_WAYNE_ROLE",
"ROLE_TYPE": "ROLE",
"ROWS_DELETED": "0",
"ROWS_INSERTED": "0",
"ROWS_PRODUCED": null,
"ROWS_UNLOADED": "0",
"ROWS_UPDATED": "0",
"ROWS_WRITTEN_TO_RESULT": "1",
"SCHEMA_ID": null,
"SCHEMA_NAME": null,
"SECONDARY_ROLE_STATS": "{\"roleNames\":[],\"roleCount\":0,\"roleIds\":[]}",
"SESSION_ID": "1327056921651651",
"START_TIME": "1717310018.655000",
"TOTAL_ELAPSED_TIME": "42",
"TRANSACTION_BLOCKED_TIME": "0",
"TRANSACTION_ID": "1717309941535000000",
"USER_NAME": "BWAYNE@wayneenterprises.org",
"WAREHOUSE_ID": null,
"WAREHOUSE_NAME": null,
"WAREHOUSE_SIZE": null,
"WAREHOUSE_TYPE": null
}
Removes or deletes a role.
Removes or deletes a role.
{
"BYTES_DELETED": "0",
"BYTES_READ_FROM_RESULT": "0",
"BYTES_SCANNED": "0",
"BYTES_SENT_OVER_THE_NETWORK": "0",
"BYTES_SPILLED_TO_LOCAL_STORAGE": "0",
"BYTES_SPILLED_TO_REMOTE_STORAGE": "0",
"BYTES_WRITTEN": "0",
"BYTES_WRITTEN_TO_RESULT": "65",
"CHILD_QUERIES_WAIT_TIME": "0",
"CLUSTER_NUMBER": null,
"COMPILATION_TIME": "37",
"CREDITS_USED_CLOUD_SERVICES": "1.1e-05",
"DATABASE_ID": null,
"DATABASE_NAME": null,
"END_TIME": "1717763466.606000",
"ERROR_CODE": null,
"ERROR_MESSAGE": null,
"EXECUTION_STATUS": "SUCCESS",
"EXECUTION_TIME": "33",
"EXTERNAL_FUNCTION_TOTAL_INVOCATIONS": "0",
"EXTERNAL_FUNCTION_TOTAL_RECEIVED_BYTES": "0",
"EXTERNAL_FUNCTION_TOTAL_RECEIVED_ROWS": "0",
"EXTERNAL_FUNCTION_TOTAL_SENT_BYTES": "0",
"EXTERNAL_FUNCTION_TOTAL_SENT_ROWS": "0",
"FAULT_HANDLING_TIME": null,
"INBOUND_DATA_TRANSFER_BYTES": "0",
"INBOUND_DATA_TRANSFER_CLOUD": null,
"INBOUND_DATA_TRANSFER_REGION": null,
"IS_CLIENT_GENERATED_STATEMENT": "false",
"LIST_EXTERNAL_FILES_TIME": "0",
"OUTBOUND_DATA_TRANSFER_BYTES": "0",
"OUTBOUND_DATA_TRANSFER_CLOUD": null,
"OUTBOUND_DATA_TRANSFER_REGION": null,
"PARTITIONS_SCANNED": "0",
"PARTITIONS_TOTAL": "0",
"PERCENTAGE_SCANNED_FROM_CACHE": "0",
"QUERY_ACCELERATION_BYTES_SCANNED": "0",
"QUERY_ACCELERATION_PARTITIONS_SCANNED": "0",
"QUERY_ACCELERATION_UPPER_LIMIT_SCALE_FACTOR": "0",
"QUERY_HASH": "9eb3a1c55a7c89eb3a1c55a7c89eb3",
"QUERY_HASH_VERSION": "2",
"QUERY_ID": "01b4d98f-0002-55ge-0000-c5165v07e1c9ea",
"QUERY_LOAD_PERCENT": null,
"QUERY_PARAMETERIZED_HASH": "9eb3a1c55a7c89eb3a1c55a7c89eb3",
"QUERY_PARAMETERIZED_HASH_VERSION": "1",
"QUERY_RETRY_CAUSE": null,
"QUERY_RETRY_TIME": null,
"QUERY_TAG": "",
"QUERY_TEXT": "DROP ROLE\tGEN1_VILLAINS\t;",
"QUERY_TYPE": "DROP_ROLE",
"QUEUED_OVERLOAD_TIME": "0",
"QUEUED_PROVISIONING_TIME": "0",
"QUEUED_REPAIR_TIME": "0",
"RELEASE_VERSION": "8.21.1",
"ROLE_NAME": "BRUCE_WAYNE_ROLE",
"ROLE_TYPE": "ROLE",
"ROWS_DELETED": "0",
"ROWS_INSERTED": "0",
"ROWS_PRODUCED": null,
"ROWS_UNLOADED": "0",
"ROWS_UPDATED": "0",
"ROWS_WRITTEN_TO_RESULT": "1",
"SCHEMA_ID": null,
"SCHEMA_NAME": null,
"SECONDARY_ROLE_STATS": "{\"roleNames\":[],\"roleCount\":0,\"roleIds\":[]}",
"SESSION_ID": "218979017654987",
"START_TIME": "1717763466.536000",
"TOTAL_ELAPSED_TIME": "70",
"TRANSACTION_BLOCKED_TIME": "0",
"TRANSACTION_ID": "0",
"USER_NAME": "ALFRED_ADMIN",
"WAREHOUSE_ID": null,
"WAREHOUSE_NAME": null,
"WAREHOUSE_SIZE": null,
"WAREHOUSE_TYPE": null
}
Adds a permission to a resource.
Adds a permission to a resource.
{
"BYTES_DELETED": "0",
"BYTES_READ_FROM_RESULT": "0",
"BYTES_SCANNED": "0",
"BYTES_SENT_OVER_THE_NETWORK": "0",
"BYTES_SPILLED_TO_LOCAL_STORAGE": "0",
"BYTES_SPILLED_TO_REMOTE_STORAGE": "0",
"BYTES_WRITTEN": "0",
"BYTES_WRITTEN_TO_RESULT": "36",
"CHILD_QUERIES_WAIT_TIME": "0",
"CLUSTER_NUMBER": null,
"COMPILATION_TIME": "19",
"CREDITS_USED_CLOUD_SERVICES": "7.9999999999999996e-06",
"DATABASE_ID": null,
"DATABASE_NAME": null,
"END_TIME": "1716999270.704000",
"ERROR_CODE": null,
"ERROR_MESSAGE": null,
"EXECUTION_STATUS": "SUCCESS",
"EXECUTION_TIME": "36",
"EXTERNAL_FUNCTION_TOTAL_INVOCATIONS": "0",
"EXTERNAL_FUNCTION_TOTAL_RECEIVED_BYTES": "0",
"EXTERNAL_FUNCTION_TOTAL_RECEIVED_ROWS": "0",
"EXTERNAL_FUNCTION_TOTAL_SENT_BYTES": "0",
"EXTERNAL_FUNCTION_TOTAL_SENT_ROWS": "0",
"FAULT_HANDLING_TIME": null,
"INBOUND_DATA_TRANSFER_BYTES": "0",
"INBOUND_DATA_TRANSFER_CLOUD": null,
"INBOUND_DATA_TRANSFER_REGION": null,
"IS_CLIENT_GENERATED_STATEMENT": "false",
"LIST_EXTERNAL_FILES_TIME": "0",
"OUTBOUND_DATA_TRANSFER_BYTES": "0",
"OUTBOUND_DATA_TRANSFER_CLOUD": null,
"OUTBOUND_DATA_TRANSFER_REGION": null,
"PARTITIONS_SCANNED": "0",
"PARTITIONS_TOTAL": "0",
"PERCENTAGE_SCANNED_FROM_CACHE": "0",
"QUERY_ACCELERATION_BYTES_SCANNED": "0",
"QUERY_ACCELERATION_PARTITIONS_SCANNED": "0",
"QUERY_ACCELERATION_UPPER_LIMIT_SCALE_FACTOR": "0",
"QUERY_HASH": "fdac6a14c32fdac6a14c32fda",
"QUERY_HASH_VERSION": "2",
"QUERY_ID": "01b4a7ce-0000-66gh-0000-65165115a3bda",
"QUERY_LOAD_PERCENT": null,
"QUERY_PARAMETERIZED_HASH": "fdac6a14c32fdac6a14c32fda",
"QUERY_PARAMETERIZED_HASH_VERSION": "1",
"QUERY_RETRY_CAUSE": null,
"QUERY_RETRY_TIME": null,
"QUERY_TAG": "",
"QUERY_TEXT": "grant ownership on database VILLIANS_DB to role GOTHAM_ADMINS_ROLE copy current grants;",
"QUERY_TYPE": "GRANT",
"QUEUED_OVERLOAD_TIME": "0",
"QUEUED_PROVISIONING_TIME": "0",
"QUEUED_REPAIR_TIME": "0",
"RELEASE_VERSION": "8.21.1",
"ROLE_NAME": "BRUCE_WAYNE_ROLE",
"ROLE_TYPE": "ROLE",
"ROWS_DELETED": "0",
"ROWS_INSERTED": "0",
"ROWS_PRODUCED": null,
"ROWS_UNLOADED": "0",
"ROWS_UPDATED": "0",
"ROWS_WRITTEN_TO_RESULT": "1",
"SCHEMA_ID": null,
"SCHEMA_NAME": null,
"SECONDARY_ROLE_STATS": "{\"roleNames\":[],\"roleCount\":0,\"roleIds\":[]}",
"SESSION_ID": "47121867651652",
"START_TIME": "1716999270.649000",
"TOTAL_ELAPSED_TIME": "55",
"TRANSACTION_BLOCKED_TIME": "0",
"TRANSACTION_ID": "0",
"USER_NAME": "ALFRED_ADMIN",
"WAREHOUSE_ID": "1",
"WAREHOUSE_NAME": "GOTHAM_WAREHOUSE",
"WAREHOUSE_SIZE": null,
"WAREHOUSE_TYPE": "STANDARD"
}
Removes a permission from a resource.
Removes a permission from a resource.
{
"BYTES_DELETED": "0",
"BYTES_READ_FROM_RESULT": "0",
"BYTES_SCANNED": "0",
"BYTES_SENT_OVER_THE_NETWORK": "0",
"BYTES_SPILLED_TO_LOCAL_STORAGE": "0",
"BYTES_SPILLED_TO_REMOTE_STORAGE": "0",
"BYTES_WRITTEN": "0",
"BYTES_WRITTEN_TO_RESULT": "36",
"CHILD_QUERIES_WAIT_TIME": "0",
"CLUSTER_NUMBER": null,
"COMPILATION_TIME": "33",
"CREDITS_USED_CLOUD_SERVICES": "1.2999999999999999e-05",
"DATABASE_ID": "42",
"DATABASE_NAME": "VILLAINS_DB",
"END_TIME": "1717740555.193000",
"ERROR_CODE": null,
"ERROR_MESSAGE": null,
"EXECUTION_STATUS": "SUCCESS",
"EXECUTION_TIME": "49",
"EXTERNAL_FUNCTION_TOTAL_INVOCATIONS": "0",
"EXTERNAL_FUNCTION_TOTAL_RECEIVED_BYTES": "0",
"EXTERNAL_FUNCTION_TOTAL_RECEIVED_ROWS": "0",
"EXTERNAL_FUNCTION_TOTAL_SENT_BYTES": "0",
"EXTERNAL_FUNCTION_TOTAL_SENT_ROWS": "0",
"FAULT_HANDLING_TIME": null,
"INBOUND_DATA_TRANSFER_BYTES": "0",
"INBOUND_DATA_TRANSFER_CLOUD": null,
"INBOUND_DATA_TRANSFER_REGION": null,
"IS_CLIENT_GENERATED_STATEMENT": "false",
"LIST_EXTERNAL_FILES_TIME": "0",
"OUTBOUND_DATA_TRANSFER_BYTES": "0",
"OUTBOUND_DATA_TRANSFER_CLOUD": null,
"OUTBOUND_DATA_TRANSFER_REGION": null,
"PARTITIONS_SCANNED": "0",
"PARTITIONS_TOTAL": "0",
"PERCENTAGE_SCANNED_FROM_CACHE": "0",
"QUERY_ACCELERATION_BYTES_SCANNED": "0",
"QUERY_ACCELERATION_PARTITIONS_SCANNED": "0",
"QUERY_ACCELERATION_UPPER_LIMIT_SCALE_FACTOR": "0",
"QUERY_HASH": "2fdac6a14c32fdac6a14c32fdac6a14c3",
"QUERY_HASH_VERSION": "2",
"QUERY_ID": "01b4d811-0509-5f55-0068-2d034deb8633",
"QUERY_LOAD_PERCENT": null,
"QUERY_PARAMETERIZED_HASH": "2fdac6a14c32fdac6a14c32fdac6a14c3",
"QUERY_PARAMETERIZED_HASH_VERSION": "1",
"QUERY_RETRY_CAUSE": null,
"QUERY_RETRY_TIME": null,
"QUERY_TAG": "gotham_metrics",
"QUERY_TEXT": "revoke REFERENCES on VILLAINS_DB.metadata from BRUCE_WAYNE_ROLE;",
"QUERY_TYPE": "REVOKE",
"QUEUED_OVERLOAD_TIME": "0",
"QUEUED_PROVISIONING_TIME": "0",
"QUEUED_REPAIR_TIME": "0",
"RELEASE_VERSION": "8.21.1",
"ROLE_NAME": "ALFRED_ROLE",
"ROLE_TYPE": "ROLE",
"ROWS_DELETED": "0",
"ROWS_INSERTED": "0",
"ROWS_PRODUCED": null,
"ROWS_UNLOADED": "0",
"ROWS_UPDATED": "0",
"ROWS_WRITTEN_TO_RESULT": "1",
"SCHEMA_ID": null,
"SCHEMA_NAME": null,
"SECONDARY_ROLE_STATS": "{\"roleNames\":[\"ALL\"],\"roleCount\":4,\"roleIds\":[6321300,1516583209,174715153,1747651161]}",
"SESSION_ID": "2932288165432153",
"START_TIME": "1717740555.111000",
"TOTAL_ELAPSED_TIME": "82",
"TRANSACTION_BLOCKED_TIME": "0",
"TRANSACTION_ID": "0",
"USER_NAME": "ALFRED_ADMIN",
"WAREHOUSE_ID": "97",
"WAREHOUSE_NAME": "GOTHAM_WAREHOUSE",
"WAREHOUSE_SIZE": null,
"WAREHOUSE_TYPE": "STANDARD"
}
A MFA enrollment was added to an account.
A MFA enrollment was added to an account.
A MFA enrollment was removed from an account.
A MFA enrollment was removed from an account.
{
"BYTES_DELETED": "0",
"BYTES_READ_FROM_RESULT": "0",
"BYTES_SCANNED": "0",
"BYTES_SENT_OVER_THE_NETWORK": "0",
"BYTES_SPILLED_TO_LOCAL_STORAGE": "0",
"BYTES_SPILLED_TO_REMOTE_STORAGE": "0",
"BYTES_WRITTEN": "0",
"BYTES_WRITTEN_TO_RESULT": "36",
"CHILD_QUERIES_WAIT_TIME": "0",
"CLUSTER_NUMBER": null,
"COMPILATION_TIME": "15",
"CREDITS_USED_CLOUD_SERVICES": "3.0000000000000001e-06",
"DATABASE_ID": null,
"DATABASE_NAME": null,
"END_TIME": "1717514614.922000",
"ERROR_CODE": null,
"ERROR_MESSAGE": null,
"EXECUTION_STATUS": "SUCCESS",
"EXECUTION_TIME": "8",
"EXTERNAL_FUNCTION_TOTAL_INVOCATIONS": "0",
"EXTERNAL_FUNCTION_TOTAL_RECEIVED_BYTES": "0",
"EXTERNAL_FUNCTION_TOTAL_RECEIVED_ROWS": "0",
"EXTERNAL_FUNCTION_TOTAL_SENT_BYTES": "0",
"EXTERNAL_FUNCTION_TOTAL_SENT_ROWS": "0",
"FAULT_HANDLING_TIME": null,
"INBOUND_DATA_TRANSFER_BYTES": "0",
"INBOUND_DATA_TRANSFER_CLOUD": null,
"INBOUND_DATA_TRANSFER_REGION": null,
"IS_CLIENT_GENERATED_STATEMENT": "false",
"LIST_EXTERNAL_FILES_TIME": "0",
"OUTBOUND_DATA_TRANSFER_BYTES": "0",
"OUTBOUND_DATA_TRANSFER_CLOUD": null,
"OUTBOUND_DATA_TRANSFER_REGION": null,
"PARTITIONS_SCANNED": "0",
"PARTITIONS_TOTAL": "0",
"PERCENTAGE_SCANNED_FROM_CACHE": "0",
"QUERY_ACCELERATION_BYTES_SCANNED": "0",
"QUERY_ACCELERATION_PARTITIONS_SCANNED": "0",
"QUERY_ACCELERATION_UPPER_LIMIT_SCALE_FACTOR": "0",
"QUERY_HASH": "2fdac6a14c32fdac6a14c32fdac6a14c3",
"QUERY_HASH_VERSION": "2",
"QUERY_ID": "01b4c95b-0000-83c0-1250-045151d18c90e",
"QUERY_LOAD_PERCENT": null,
"QUERY_PARAMETERIZED_HASH": "2fdac6a14c32fdac6a14c32fdac6a14c3",
"QUERY_PARAMETERIZED_HASH_VERSION": "1",
"QUERY_RETRY_CAUSE": null,
"QUERY_RETRY_TIME": null,
"QUERY_TAG": "",
"QUERY_TEXT": "alter user bruce_wayne set DISABLE_MFA = true",
"QUERY_TYPE": "ALTER_USER",
"QUEUED_OVERLOAD_TIME": "0",
"QUEUED_PROVISIONING_TIME": "0",
"QUEUED_REPAIR_TIME": "0",
"RELEASE_VERSION": "8.21.1",
"ROLE_NAME": "BRUCE_WAYNE_ROLE",
"ROLE_TYPE": "ROLE",
"ROWS_DELETED": "0",
"ROWS_INSERTED": "0",
"ROWS_PRODUCED": null,
"ROWS_UNLOADED": "0",
"ROWS_UPDATED": "0",
"ROWS_WRITTEN_TO_RESULT": "1",
"SCHEMA_ID": null,
"SCHEMA_NAME": null,
"SECONDARY_ROLE_STATS": "{\"roleNames\":[],\"roleCount\":0,\"roleIds\":[]}",
"SESSION_ID": "4712199844410",
"START_TIME": "1717514614.899000",
"TOTAL_ELAPSED_TIME": "23",
"TRANSACTION_BLOCKED_TIME": "0",
"TRANSACTION_ID": "0",
"USER_NAME": "ALFRED_ADMIN",
"WAREHOUSE_ID": "1",
"WAREHOUSE_NAME": "GOTHAM_WAREHOUSE",
"WAREHOUSE_SIZE": null,
"WAREHOUSE_TYPE": "STANDARD"
}
Events (8)
Creates a security configuration policy or enables settings.
Creates a security configuration policy or enables settings.
{
"BYTES_DELETED": "0",
"BYTES_READ_FROM_RESULT": "0",
"BYTES_SCANNED": "0",
"BYTES_SENT_OVER_THE_NETWORK": "0",
"BYTES_SPILLED_TO_LOCAL_STORAGE": "0",
"BYTES_SPILLED_TO_REMOTE_STORAGE": "0",
"BYTES_WRITTEN": "0",
"BYTES_WRITTEN_TO_RESULT": "53",
"CHILD_QUERIES_WAIT_TIME": "0",
"CLUSTER_NUMBER": null,
"COMPILATION_TIME": "33",
"CREDITS_USED_CLOUD_SERVICES": "9.0000000000000002e-06",
"DATABASE_ID": "42",
"DATABASE_NAME": "WAYNE_DB",
"END_TIME": "1717510863.492000",
"ERROR_CODE": null,
"ERROR_MESSAGE": null,
"EXECUTION_STATUS": "SUCCESS",
"EXECUTION_TIME": "30",
"EXTERNAL_FUNCTION_TOTAL_INVOCATIONS": "0",
"EXTERNAL_FUNCTION_TOTAL_RECEIVED_BYTES": "0",
"EXTERNAL_FUNCTION_TOTAL_RECEIVED_ROWS": "0",
"EXTERNAL_FUNCTION_TOTAL_SENT_BYTES": "0",
"EXTERNAL_FUNCTION_TOTAL_SENT_ROWS": "0",
"FAULT_HANDLING_TIME": null,
"INBOUND_DATA_TRANSFER_BYTES": "0",
"INBOUND_DATA_TRANSFER_CLOUD": null,
"INBOUND_DATA_TRANSFER_REGION": null,
"IS_CLIENT_GENERATED_STATEMENT": "false",
"LIST_EXTERNAL_FILES_TIME": "0",
"OUTBOUND_DATA_TRANSFER_BYTES": "0",
"OUTBOUND_DATA_TRANSFER_CLOUD": null,
"OUTBOUND_DATA_TRANSFER_REGION": null,
"PARTITIONS_SCANNED": "0",
"PARTITIONS_TOTAL": "0",
"PERCENTAGE_SCANNED_FROM_CACHE": "0",
"QUERY_ACCELERATION_BYTES_SCANNED": "0",
"QUERY_ACCELERATION_PARTITIONS_SCANNED": "0",
"QUERY_ACCELERATION_UPPER_LIMIT_SCALE_FACTOR": "0",
"QUERY_HASH": "e36a8208cce536a8208cce5453f1165e1b7f09ca",
"QUERY_HASH_VERSION": "2",
"QUERY_ID": "01b4c91d-4444-83bf-0000-566815187b52",
"QUERY_LOAD_PERCENT": null,
"QUERY_PARAMETERIZED_HASH": "e36a8208cce536a8208cce5453f1165e1b7f09ca",
"QUERY_PARAMETERIZED_HASH_VERSION": "1",
"QUERY_RETRY_CAUSE": null,
"QUERY_RETRY_TIME": null,
"QUERY_TAG": "",
"QUERY_TEXT": "CREATE SECURITY INTEGRATION OAUTH_INTEGRATION\n TYPE \u003d oauth\n ENABLED \u003d true\n OAUTH_CLIENT \u003d custom\n OAUTH_CLIENT_TYPE\u003d \u0027CONFIDENTIAL\u0027\n OAUTH_REDIRECT_URI \u003d \u0027https://okta.io/redirect/tmp\u0027\n OAUTH_ISSUE_REFRESH_TOKENS \u003d true\n OAUTH_REFRESH_TOKEN_VALIDITY \u003d 259200 // 3 days\n BLOCKED_ROLES_LIST \u003d (\n \u0027SYSADMIN\u0027, \u0027ACCOUNTADMIN\u0027, \u0027SECURITYADMIN\u0027\n )\n PRE_AUTHORIZED_ROLES_LIST \u003d (\u0027OKTA_ROLE\u0027);",
"QUERY_TYPE": "CREATE",
"QUEUED_OVERLOAD_TIME": "0",
"QUEUED_PROVISIONING_TIME": "0",
"QUEUED_REPAIR_TIME": "0",
"RELEASE_VERSION": "8.19.1",
"ROLE_NAME": "ACCOUNTADMIN",
"ROLE_TYPE": "ROLE",
"ROWS_DELETED": "0",
"ROWS_INSERTED": "0",
"ROWS_PRODUCED": null,
"ROWS_UNLOADED": "0",
"ROWS_UPDATED": "0",
"ROWS_WRITTEN_TO_RESULT": "1",
"SCHEMA_ID": "34",
"SCHEMA_NAME": "INFO_SCHEMA",
"SECONDARY_ROLE_STATS": "{\"roleNames\":[],\"roleCount\":0,\"roleIds\":[]}",
"SESSION_ID": "471219059845",
"START_TIME": "1717510863.429000",
"TOTAL_ELAPSED_TIME": "63",
"TRANSACTION_BLOCKED_TIME": "0",
"TRANSACTION_ID": "0",
"USER_NAME": "ALFRED_ADMIN",
"WAREHOUSE_ID": "1",
"WAREHOUSE_NAME": "GOTHAM_WAREHOUSE",
"WAREHOUSE_SIZE": null,
"WAREHOUSE_TYPE": "STANDARD"
}
Reads a security configuration policy or settings.
Reads a security configuration policy or settings.
{
"BYTES_DELETED": "0",
"BYTES_READ_FROM_RESULT": "0",
"BYTES_SCANNED": "0",
"BYTES_SENT_OVER_THE_NETWORK": "0",
"BYTES_SPILLED_TO_LOCAL_STORAGE": "0",
"BYTES_SPILLED_TO_REMOTE_STORAGE": "0",
"BYTES_WRITTEN": "0",
"BYTES_WRITTEN_TO_RESULT": "36",
"CHILD_QUERIES_WAIT_TIME": "0",
"CLUSTER_NUMBER": null,
"COMPILATION_TIME": "39",
"CREDITS_USED_CLOUD_SERVICES": "3.1000000000000001e-05",
"DATABASE_ID": null,
"DATABASE_NAME": null,
"END_TIME": "1717685508.792000",
"ERROR_CODE": null,
"ERROR_MESSAGE": null,
"EXECUTION_STATUS": "SUCCESS",
"EXECUTION_TIME": "168",
"EXTERNAL_FUNCTION_TOTAL_INVOCATIONS": "0",
"EXTERNAL_FUNCTION_TOTAL_RECEIVED_BYTES": "0",
"EXTERNAL_FUNCTION_TOTAL_RECEIVED_ROWS": "0",
"EXTERNAL_FUNCTION_TOTAL_SENT_BYTES": "0",
"EXTERNAL_FUNCTION_TOTAL_SENT_ROWS": "0",
"FAULT_HANDLING_TIME": null,
"INBOUND_DATA_TRANSFER_BYTES": "0",
"INBOUND_DATA_TRANSFER_CLOUD": null,
"INBOUND_DATA_TRANSFER_REGION": null,
"IS_CLIENT_GENERATED_STATEMENT": "false",
"LIST_EXTERNAL_FILES_TIME": "0",
"OUTBOUND_DATA_TRANSFER_BYTES": "0",
"OUTBOUND_DATA_TRANSFER_CLOUD": null,
"OUTBOUND_DATA_TRANSFER_REGION": null,
"PARTITIONS_SCANNED": "0",
"PARTITIONS_TOTAL": "0",
"PERCENTAGE_SCANNED_FROM_CACHE": "0",
"QUERY_ACCELERATION_BYTES_SCANNED": "0",
"QUERY_ACCELERATION_PARTITIONS_SCANNED": "0",
"QUERY_ACCELERATION_UPPER_LIMIT_SCALE_FACTOR": "0",
"QUERY_HASH": "c575eb2d1cbc575eb2d1cba8c654911a91eb",
"QUERY_HASH_VERSION": "2",
"QUERY_ID": "01b4d47b-0045-3f94-0071-5451651a1de7a2a",
"QUERY_LOAD_PERCENT": null,
"QUERY_PARAMETERIZED_HASH": "c575eb2d1cbc575eb2d1cba8c654911a91eb",
"QUERY_PARAMETERIZED_HASH_VERSION": "1",
"QUERY_RETRY_CAUSE": null,
"QUERY_RETRY_TIME": null,
"QUERY_TAG": "",
"QUERY_TEXT": "SHOW DELEGATED AUTHORIZATIONS TO SECURITY INTEGRATION OAUTH_INTEGRATION",
"QUERY_TYPE": "SHOW",
"QUEUED_OVERLOAD_TIME": "0",
"QUEUED_PROVISIONING_TIME": "0",
"QUEUED_REPAIR_TIME": "0",
"RELEASE_VERSION": "8.21.1",
"ROLE_NAME": "WAYNE_ADMIN",
"ROLE_TYPE": "ROLE",
"ROWS_DELETED": "0",
"ROWS_INSERTED": "0",
"ROWS_PRODUCED": null,
"ROWS_UNLOADED": "0",
"ROWS_UPDATED": "0",
"ROWS_WRITTEN_TO_RESULT": "1",
"SCHEMA_ID": null,
"SCHEMA_NAME": null,
"SECONDARY_ROLE_STATS": "{\"roleNames\":[],\"roleCount\":0,\"roleIds\":[]}",
"SESSION_ID": "379374534157826",
"START_TIME": "1717685508.585000",
"TOTAL_ELAPSED_TIME": "207",
"TRANSACTION_BLOCKED_TIME": "0",
"TRANSACTION_ID": "0",
"USER_NAME": "BRUCE_WAYN@wayneenterprises.org",
"WAREHOUSE_ID": null,
"WAREHOUSE_NAME": null,
"WAREHOUSE_SIZE": null,
"WAREHOUSE_TYPE": null
}
Updates a security configuration policy or settings.
Updates a security configuration policy or settings.
{
"BYTES_DELETED": "0",
"BYTES_READ_FROM_RESULT": "0",
"BYTES_SCANNED": "0",
"BYTES_SENT_OVER_THE_NETWORK": "0",
"BYTES_SPILLED_TO_LOCAL_STORAGE": "0",
"BYTES_SPILLED_TO_REMOTE_STORAGE": "0",
"BYTES_WRITTEN": "0",
"BYTES_WRITTEN_TO_RESULT": "36",
"CHILD_QUERIES_WAIT_TIME": "0",
"CLUSTER_NUMBER": null,
"COMPILATION_TIME": "39",
"CREDITS_USED_CLOUD_SERVICES": "3.1000000000000001e-05",
"DATABASE_ID": null,
"DATABASE_NAME": null,
"END_TIME": "1717685508.792000",
"ERROR_CODE": null,
"ERROR_MESSAGE": null,
"EXECUTION_STATUS": "SUCCESS",
"EXECUTION_TIME": "168",
"EXTERNAL_FUNCTION_TOTAL_INVOCATIONS": "0",
"EXTERNAL_FUNCTION_TOTAL_RECEIVED_BYTES": "0",
"EXTERNAL_FUNCTION_TOTAL_RECEIVED_ROWS": "0",
"EXTERNAL_FUNCTION_TOTAL_SENT_BYTES": "0",
"EXTERNAL_FUNCTION_TOTAL_SENT_ROWS": "0",
"FAULT_HANDLING_TIME": null,
"INBOUND_DATA_TRANSFER_BYTES": "0",
"INBOUND_DATA_TRANSFER_CLOUD": null,
"INBOUND_DATA_TRANSFER_REGION": null,
"IS_CLIENT_GENERATED_STATEMENT": "false",
"LIST_EXTERNAL_FILES_TIME": "0",
"OUTBOUND_DATA_TRANSFER_BYTES": "0",
"OUTBOUND_DATA_TRANSFER_CLOUD": null,
"OUTBOUND_DATA_TRANSFER_REGION": null,
"PARTITIONS_SCANNED": "0",
"PARTITIONS_TOTAL": "0",
"PERCENTAGE_SCANNED_FROM_CACHE": "0",
"QUERY_ACCELERATION_BYTES_SCANNED": "0",
"QUERY_ACCELERATION_PARTITIONS_SCANNED": "0",
"QUERY_ACCELERATION_UPPER_LIMIT_SCALE_FACTOR": "0",
"QUERY_HASH": "c575eb2d1cbc575eb2d1cba8c654911a91eb",
"QUERY_HASH_VERSION": "2",
"QUERY_ID": "01b4d47b-0045-3f94-0071-5451651a1de7a2a",
"QUERY_LOAD_PERCENT": null,
"QUERY_PARAMETERIZED_HASH": "c575eb2d1cbc575eb2d1cba8c654911a91eb",
"QUERY_PARAMETERIZED_HASH_VERSION": "1",
"QUERY_RETRY_CAUSE": null,
"QUERY_RETRY_TIME": null,
"QUERY_TAG": "",
"QUERY_TEXT": "ALTER SECURITY INTEGRATION APPOMNI SET NETWORK_POLICY \u003d \u0027CLOUD_ACCESS_POLICY\u0027;",
"QUERY_TYPE": "ALTER",
"QUEUED_OVERLOAD_TIME": "0",
"QUEUED_PROVISIONING_TIME": "0",
"QUEUED_REPAIR_TIME": "0",
"RELEASE_VERSION": "8.21.1",
"ROLE_NAME": "WAYNE_ADMIN",
"ROLE_TYPE": "ROLE",
"ROWS_DELETED": "0",
"ROWS_INSERTED": "0",
"ROWS_PRODUCED": null,
"ROWS_UNLOADED": "0",
"ROWS_UPDATED": "0",
"ROWS_WRITTEN_TO_RESULT": "1",
"SCHEMA_ID": null,
"SCHEMA_NAME": null,
"SECONDARY_ROLE_STATS": "{\"roleNames\":[],\"roleCount\":0,\"roleIds\":[]}",
"SESSION_ID": "379374534157826",
"START_TIME": "1717685508.585000",
"TOTAL_ELAPSED_TIME": "207",
"TRANSACTION_BLOCKED_TIME": "0",
"TRANSACTION_ID": "0",
"USER_NAME": "BRUCE_WAYN@wayneenterprises.org",
"WAREHOUSE_ID": null,
"WAREHOUSE_NAME": null,
"WAREHOUSE_SIZE": null,
"WAREHOUSE_TYPE": null
}
Removes or deletes a security configuration policy or setting.
Removes or deletes a security configuration policy or setting.
{
"BYTES_DELETED": "0",
"BYTES_READ_FROM_RESULT": "0",
"BYTES_SCANNED": "0",
"BYTES_SENT_OVER_THE_NETWORK": "0",
"BYTES_SPILLED_TO_LOCAL_STORAGE": "0",
"BYTES_SPILLED_TO_REMOTE_STORAGE": "0",
"BYTES_WRITTEN": "0",
"BYTES_WRITTEN_TO_RESULT": "36",
"CHILD_QUERIES_WAIT_TIME": "0",
"CLUSTER_NUMBER": null,
"COMPILATION_TIME": "39",
"CREDITS_USED_CLOUD_SERVICES": "3.1000000000000001e-05",
"DATABASE_ID": null,
"DATABASE_NAME": null,
"END_TIME": "1717685508.792000",
"ERROR_CODE": null,
"ERROR_MESSAGE": null,
"EXECUTION_STATUS": "SUCCESS",
"EXECUTION_TIME": "168",
"EXTERNAL_FUNCTION_TOTAL_INVOCATIONS": "0",
"EXTERNAL_FUNCTION_TOTAL_RECEIVED_BYTES": "0",
"EXTERNAL_FUNCTION_TOTAL_RECEIVED_ROWS": "0",
"EXTERNAL_FUNCTION_TOTAL_SENT_BYTES": "0",
"EXTERNAL_FUNCTION_TOTAL_SENT_ROWS": "0",
"FAULT_HANDLING_TIME": null,
"INBOUND_DATA_TRANSFER_BYTES": "0",
"INBOUND_DATA_TRANSFER_CLOUD": null,
"INBOUND_DATA_TRANSFER_REGION": null,
"IS_CLIENT_GENERATED_STATEMENT": "false",
"LIST_EXTERNAL_FILES_TIME": "0",
"OUTBOUND_DATA_TRANSFER_BYTES": "0",
"OUTBOUND_DATA_TRANSFER_CLOUD": null,
"OUTBOUND_DATA_TRANSFER_REGION": null,
"PARTITIONS_SCANNED": "0",
"PARTITIONS_TOTAL": "0",
"PERCENTAGE_SCANNED_FROM_CACHE": "0",
"QUERY_ACCELERATION_BYTES_SCANNED": "0",
"QUERY_ACCELERATION_PARTITIONS_SCANNED": "0",
"QUERY_ACCELERATION_UPPER_LIMIT_SCALE_FACTOR": "0",
"QUERY_HASH": "c575eb2d1cbc575eb2d1cba8c654911a91eb",
"QUERY_HASH_VERSION": "2",
"QUERY_ID": "01b4d47b-0045-3f94-0071-5451651a1de7a2a",
"QUERY_LOAD_PERCENT": null,
"QUERY_PARAMETERIZED_HASH": "c575eb2d1cbc575eb2d1cba8c654911a91eb",
"QUERY_PARAMETERIZED_HASH_VERSION": "1",
"QUERY_RETRY_CAUSE": null,
"QUERY_RETRY_TIME": null,
"QUERY_TAG": "",
"QUERY_TEXT": "DROP SECURITY INTEGRATION OAUTH_INTEGRATION",
"QUERY_TYPE": "SHOW",
"QUEUED_OVERLOAD_TIME": "0",
"QUEUED_PROVISIONING_TIME": "0",
"QUEUED_REPAIR_TIME": "0",
"RELEASE_VERSION": "8.21.1",
"ROLE_NAME": "WAYNE_ADMIN",
"ROLE_TYPE": "ROLE",
"ROWS_DELETED": "0",
"ROWS_INSERTED": "0",
"ROWS_PRODUCED": null,
"ROWS_UNLOADED": "0",
"ROWS_UPDATED": "0",
"ROWS_WRITTEN_TO_RESULT": "1",
"SCHEMA_ID": null,
"SCHEMA_NAME": null,
"SECONDARY_ROLE_STATS": "{\"roleNames\":[],\"roleCount\":0,\"roleIds\":[]}",
"SESSION_ID": "379374534157826",
"START_TIME": "1717685508.585000",
"TOTAL_ELAPSED_TIME": "207",
"TRANSACTION_BLOCKED_TIME": "0",
"TRANSACTION_ID": "0",
"USER_NAME": "BRUCE_WAYN@wayneenterprises.org",
"WAREHOUSE_ID": null,
"WAREHOUSE_NAME": null,
"WAREHOUSE_SIZE": null,
"WAREHOUSE_TYPE": null
}
Creates a new integration.
Creates a new integration.
{
"BYTES_DELETED": "0",
"BYTES_READ_FROM_RESULT": "0",
"BYTES_SCANNED": "0",
"BYTES_SENT_OVER_THE_NETWORK": "0",
"BYTES_SPILLED_TO_LOCAL_STORAGE": "0",
"BYTES_SPILLED_TO_REMOTE_STORAGE": "0",
"BYTES_WRITTEN": "0",
"BYTES_WRITTEN_TO_RESULT": "51",
"CHILD_QUERIES_WAIT_TIME": "0",
"CLUSTER_NUMBER": null,
"COMPILATION_TIME": "62",
"CREDITS_USED_CLOUD_SERVICES": "9.0000000000000002e-06",
"DATABASE_ID": "42",
"DATABASE_NAME": "WAYNE_DB",
"END_TIME": "1717439033.854000",
"ERROR_CODE": null,
"ERROR_MESSAGE": null,
"EXECUTION_STATUS": "SUCCESS",
"EXECUTION_TIME": "1",
"EXTERNAL_FUNCTION_TOTAL_INVOCATIONS": "0",
"EXTERNAL_FUNCTION_TOTAL_RECEIVED_BYTES": "0",
"EXTERNAL_FUNCTION_TOTAL_RECEIVED_ROWS": "0",
"EXTERNAL_FUNCTION_TOTAL_SENT_BYTES": "0",
"EXTERNAL_FUNCTION_TOTAL_SENT_ROWS": "0",
"FAULT_HANDLING_TIME": null,
"INBOUND_DATA_TRANSFER_BYTES": "0",
"INBOUND_DATA_TRANSFER_CLOUD": null,
"INBOUND_DATA_TRANSFER_REGION": null,
"IS_CLIENT_GENERATED_STATEMENT": "false",
"LIST_EXTERNAL_FILES_TIME": "0",
"OUTBOUND_DATA_TRANSFER_BYTES": "0",
"OUTBOUND_DATA_TRANSFER_CLOUD": null,
"OUTBOUND_DATA_TRANSFER_REGION": null,
"PARTITIONS_SCANNED": "0",
"PARTITIONS_TOTAL": "0",
"PERCENTAGE_SCANNED_FROM_CACHE": "0",
"QUERY_ACCELERATION_BYTES_SCANNED": "0",
"QUERY_ACCELERATION_PARTITIONS_SCANNED": "0",
"QUERY_ACCELERATION_UPPER_LIMIT_SCALE_FACTOR": "0",
"QUERY_HASH": "16c6efc6efc6efc6efc6efc6ef466a4e7",
"QUERY_HASH_VERSION": "2",
"QUERY_ID": "01b4c65d-0504-e717-0000-15894ac5e9c2",
"QUERY_LOAD_PERCENT": null,
"QUERY_PARAMETERIZED_HASH": "16c6efc6efc6efc6efc6efc6ef466a4e7",
"QUERY_PARAMETERIZED_HASH_VERSION": "1",
"QUERY_RETRY_CAUSE": null,
"QUERY_RETRY_TIME": null,
"QUERY_TAG": "s3_integration",
"QUERY_TEXT": "CREATE STORAGE INTEGRATION IF NOT EXISTS S3\n TYPE \u003d external_stage\n STORAGE_PROVIDER \u003d \u0027S3\u0027\n ENABLED \u003d true\n STORAGE_AWS_ROLE_ARN \u003d \u0027arn:aws:iam::1234567890:role/gotham-snowflake-iam-role\u0027\n STORAGE_ALLOWED_LOCATIONS \u003d (\"s3://wayne/villians/\", \"s3://gotham/police/\")\n COMMENT\u003d\u0027Allow Snowflake access to S3.\u0027\n;",
"QUERY_TYPE": "CREATE",
"QUEUED_OVERLOAD_TIME": "0",
"QUEUED_PROVISIONING_TIME": "0",
"QUEUED_REPAIR_TIME": "0",
"RELEASE_VERSION": "8.21.1",
"ROLE_NAME": "WAYNE_ADMIN",
"ROLE_TYPE": "ROLE",
"ROWS_DELETED": "0",
"ROWS_INSERTED": "0",
"ROWS_PRODUCED": null,
"ROWS_UNLOADED": "0",
"ROWS_UPDATED": "0",
"ROWS_WRITTEN_TO_RESULT": "1",
"SCHEMA_ID": "12345",
"SCHEMA_NAME": "APPS",
"SECONDARY_ROLE_STATS": "{\"roleNames\":[],\"roleCount\":0,\"roleIds\":[]}",
"SESSION_ID": "13270565487958470",
"START_TIME": "1717439033.791000",
"TOTAL_ELAPSED_TIME": "63",
"TRANSACTION_BLOCKED_TIME": "0",
"TRANSACTION_ID": "17174394544441000000",
"USER_NAME": "ALFRED_ADMIN",
"WAREHOUSE_ID": "2442",
"WAREHOUSE_NAME": "VILLIAN_WAREHOUSE",
"WAREHOUSE_SIZE": null,
"WAREHOUSE_TYPE": "STANDARD"
}
Reads an existing integration.
Reads an existing integration.
{
"BYTES_DELETED": "0",
"BYTES_READ_FROM_RESULT": "0",
"BYTES_SCANNED": "0",
"BYTES_SENT_OVER_THE_NETWORK": "0",
"BYTES_SPILLED_TO_LOCAL_STORAGE": "0",
"BYTES_SPILLED_TO_REMOTE_STORAGE": "0",
"BYTES_WRITTEN": "0",
"BYTES_WRITTEN_TO_RESULT": "51",
"CHILD_QUERIES_WAIT_TIME": "0",
"CLUSTER_NUMBER": null,
"COMPILATION_TIME": "62",
"CREDITS_USED_CLOUD_SERVICES": "9.0000000000000002e-06",
"DATABASE_ID": "42",
"DATABASE_NAME": "WAYNE_DB",
"END_TIME": "1717439033.854000",
"ERROR_CODE": null,
"ERROR_MESSAGE": null,
"EXECUTION_STATUS": "SUCCESS",
"EXECUTION_TIME": "1",
"EXTERNAL_FUNCTION_TOTAL_INVOCATIONS": "0",
"EXTERNAL_FUNCTION_TOTAL_RECEIVED_BYTES": "0",
"EXTERNAL_FUNCTION_TOTAL_RECEIVED_ROWS": "0",
"EXTERNAL_FUNCTION_TOTAL_SENT_BYTES": "0",
"EXTERNAL_FUNCTION_TOTAL_SENT_ROWS": "0",
"FAULT_HANDLING_TIME": null,
"INBOUND_DATA_TRANSFER_BYTES": "0",
"INBOUND_DATA_TRANSFER_CLOUD": null,
"INBOUND_DATA_TRANSFER_REGION": null,
"IS_CLIENT_GENERATED_STATEMENT": "false",
"LIST_EXTERNAL_FILES_TIME": "0",
"OUTBOUND_DATA_TRANSFER_BYTES": "0",
"OUTBOUND_DATA_TRANSFER_CLOUD": null,
"OUTBOUND_DATA_TRANSFER_REGION": null,
"PARTITIONS_SCANNED": "0",
"PARTITIONS_TOTAL": "0",
"PERCENTAGE_SCANNED_FROM_CACHE": "0",
"QUERY_ACCELERATION_BYTES_SCANNED": "0",
"QUERY_ACCELERATION_PARTITIONS_SCANNED": "0",
"QUERY_ACCELERATION_UPPER_LIMIT_SCALE_FACTOR": "0",
"QUERY_HASH": "16c6efc6efc6efc6efc6efc6ef466a4e7",
"QUERY_HASH_VERSION": "2",
"QUERY_ID": "01b4c65d-0504-e717-0000-15894ac5e9c2",
"QUERY_LOAD_PERCENT": null,
"QUERY_PARAMETERIZED_HASH": "16c6efc6efc6efc6efc6efc6ef466a4e7",
"QUERY_PARAMETERIZED_HASH_VERSION": "1",
"QUERY_RETRY_CAUSE": null,
"QUERY_RETRY_TIME": null,
"QUERY_TAG": "s3_integration",
"QUERY_TEXT": "DESCRIBE STORAGE INTEGRATION S3",
"QUERY_TYPE": "DESCRIBE",
"QUEUED_OVERLOAD_TIME": "0",
"QUEUED_PROVISIONING_TIME": "0",
"QUEUED_REPAIR_TIME": "0",
"RELEASE_VERSION": "8.21.1",
"ROLE_NAME": "WAYNE_ADMIN",
"ROLE_TYPE": "ROLE",
"ROWS_DELETED": "0",
"ROWS_INSERTED": "0",
"ROWS_PRODUCED": null,
"ROWS_UNLOADED": "0",
"ROWS_UPDATED": "0",
"ROWS_WRITTEN_TO_RESULT": "1",
"SCHEMA_ID": "12345",
"SCHEMA_NAME": "APPS",
"SECONDARY_ROLE_STATS": "{\"roleNames\":[],\"roleCount\":0,\"roleIds\":[]}",
"SESSION_ID": "13270565487958470",
"START_TIME": "1717439033.791000",
"TOTAL_ELAPSED_TIME": "63",
"TRANSACTION_BLOCKED_TIME": "0",
"TRANSACTION_ID": "17174394544441000000",
"USER_NAME": "ALFRED_ADMIN",
"WAREHOUSE_ID": "2442",
"WAREHOUSE_NAME": "VILLIAN_WAREHOUSE",
"WAREHOUSE_SIZE": null,
"WAREHOUSE_TYPE": "STANDARD"
}
Updates an existing integration.
Updates an existing integration.
{
"BYTES_DELETED": "0",
"BYTES_READ_FROM_RESULT": "0",
"BYTES_SCANNED": "0",
"BYTES_SENT_OVER_THE_NETWORK": "0",
"BYTES_SPILLED_TO_LOCAL_STORAGE": "0",
"BYTES_SPILLED_TO_REMOTE_STORAGE": "0",
"BYTES_WRITTEN": "0",
"BYTES_WRITTEN_TO_RESULT": "51",
"CHILD_QUERIES_WAIT_TIME": "0",
"CLUSTER_NUMBER": null,
"COMPILATION_TIME": "62",
"CREDITS_USED_CLOUD_SERVICES": "9.0000000000000002e-06",
"DATABASE_ID": "42",
"DATABASE_NAME": "WAYNE_DB",
"END_TIME": "1717439033.854000",
"ERROR_CODE": null,
"ERROR_MESSAGE": null,
"EXECUTION_STATUS": "SUCCESS",
"EXECUTION_TIME": "1",
"EXTERNAL_FUNCTION_TOTAL_INVOCATIONS": "0",
"EXTERNAL_FUNCTION_TOTAL_RECEIVED_BYTES": "0",
"EXTERNAL_FUNCTION_TOTAL_RECEIVED_ROWS": "0",
"EXTERNAL_FUNCTION_TOTAL_SENT_BYTES": "0",
"EXTERNAL_FUNCTION_TOTAL_SENT_ROWS": "0",
"FAULT_HANDLING_TIME": null,
"INBOUND_DATA_TRANSFER_BYTES": "0",
"INBOUND_DATA_TRANSFER_CLOUD": null,
"INBOUND_DATA_TRANSFER_REGION": null,
"IS_CLIENT_GENERATED_STATEMENT": "false",
"LIST_EXTERNAL_FILES_TIME": "0",
"OUTBOUND_DATA_TRANSFER_BYTES": "0",
"OUTBOUND_DATA_TRANSFER_CLOUD": null,
"OUTBOUND_DATA_TRANSFER_REGION": null,
"PARTITIONS_SCANNED": "0",
"PARTITIONS_TOTAL": "0",
"PERCENTAGE_SCANNED_FROM_CACHE": "0",
"QUERY_ACCELERATION_BYTES_SCANNED": "0",
"QUERY_ACCELERATION_PARTITIONS_SCANNED": "0",
"QUERY_ACCELERATION_UPPER_LIMIT_SCALE_FACTOR": "0",
"QUERY_HASH": "16c6efc6efc6efc6efc6efc6ef466a4e7",
"QUERY_HASH_VERSION": "2",
"QUERY_ID": "01b4c65d-0504-e717-0000-15894ac5e9c2",
"QUERY_LOAD_PERCENT": null,
"QUERY_PARAMETERIZED_HASH": "16c6efc6efc6efc6efc6efc6ef466a4e7",
"QUERY_PARAMETERIZED_HASH_VERSION": "1",
"QUERY_RETRY_CAUSE": null,
"QUERY_RETRY_TIME": null,
"QUERY_TAG": "s3_integration",
"QUERY_TEXT": "ALTER STORAGE INTEGRATION S3\n TYPE \u003d external_stage\n STORAGE_PROVIDER \u003d \u0027S3\u0027\n ENABLED \u003d true\n STORAGE_AWS_ROLE_ARN \u003d \u0027arn:aws:iam::1234567890:role/gotham-snowflake-iam-role\u0027\n STORAGE_ALLOWED_LOCATIONS \u003d (\"s3://wayne/villains/\", \"s3://gotham/police/\")\n COMMENT\u003d\u0027Allow Snowflake access to S3.\u0027\n;",
"QUERY_TYPE": "ALTER",
"QUEUED_OVERLOAD_TIME": "0",
"QUEUED_PROVISIONING_TIME": "0",
"QUEUED_REPAIR_TIME": "0",
"RELEASE_VERSION": "8.21.1",
"ROLE_NAME": "WAYNE_ADMIN",
"ROLE_TYPE": "ROLE",
"ROWS_DELETED": "0",
"ROWS_INSERTED": "0",
"ROWS_PRODUCED": null,
"ROWS_UNLOADED": "0",
"ROWS_UPDATED": "0",
"ROWS_WRITTEN_TO_RESULT": "1",
"SCHEMA_ID": "12345",
"SCHEMA_NAME": "APPS",
"SECONDARY_ROLE_STATS": "{\"roleNames\":[],\"roleCount\":0,\"roleIds\":[]}",
"SESSION_ID": "13270565487958470",
"START_TIME": "1717439033.791000",
"TOTAL_ELAPSED_TIME": "63",
"TRANSACTION_BLOCKED_TIME": "0",
"TRANSACTION_ID": "17174394544441000000",
"USER_NAME": "ALFRED_ADMIN",
"WAREHOUSE_ID": "2442",
"WAREHOUSE_NAME": "VILLIAN_WAREHOUSE",
"WAREHOUSE_SIZE": null,
"WAREHOUSE_TYPE": "STANDARD"
}
Removes or deletes an existing integration.
Removes or deletes an existing integration.
{
"BYTES_DELETED": "0",
"BYTES_READ_FROM_RESULT": "0",
"BYTES_SCANNED": "0",
"BYTES_SENT_OVER_THE_NETWORK": "0",
"BYTES_SPILLED_TO_LOCAL_STORAGE": "0",
"BYTES_SPILLED_TO_REMOTE_STORAGE": "0",
"BYTES_WRITTEN": "0",
"BYTES_WRITTEN_TO_RESULT": "36",
"CHILD_QUERIES_WAIT_TIME": "0",
"CLUSTER_NUMBER": null,
"COMPILATION_TIME": "39",
"CREDITS_USED_CLOUD_SERVICES": "3.1000000000000001e-05",
"DATABASE_ID": null,
"DATABASE_NAME": null,
"END_TIME": "1717685508.792000",
"ERROR_CODE": null,
"ERROR_MESSAGE": null,
"EXECUTION_STATUS": "SUCCESS",
"EXECUTION_TIME": "168",
"EXTERNAL_FUNCTION_TOTAL_INVOCATIONS": "0",
"EXTERNAL_FUNCTION_TOTAL_RECEIVED_BYTES": "0",
"EXTERNAL_FUNCTION_TOTAL_RECEIVED_ROWS": "0",
"EXTERNAL_FUNCTION_TOTAL_SENT_BYTES": "0",
"EXTERNAL_FUNCTION_TOTAL_SENT_ROWS": "0",
"FAULT_HANDLING_TIME": null,
"INBOUND_DATA_TRANSFER_BYTES": "0",
"INBOUND_DATA_TRANSFER_CLOUD": null,
"INBOUND_DATA_TRANSFER_REGION": null,
"IS_CLIENT_GENERATED_STATEMENT": "false",
"LIST_EXTERNAL_FILES_TIME": "0",
"OUTBOUND_DATA_TRANSFER_BYTES": "0",
"OUTBOUND_DATA_TRANSFER_CLOUD": null,
"OUTBOUND_DATA_TRANSFER_REGION": null,
"PARTITIONS_SCANNED": "0",
"PARTITIONS_TOTAL": "0",
"PERCENTAGE_SCANNED_FROM_CACHE": "0",
"QUERY_ACCELERATION_BYTES_SCANNED": "0",
"QUERY_ACCELERATION_PARTITIONS_SCANNED": "0",
"QUERY_ACCELERATION_UPPER_LIMIT_SCALE_FACTOR": "0",
"QUERY_HASH": "c575eb2d1cbc575eb2d1cba8c654911a91eb",
"QUERY_HASH_VERSION": "2",
"QUERY_ID": "01b4d47b-0045-3f94-0071-5451651a1de7a2a",
"QUERY_LOAD_PERCENT": null,
"QUERY_PARAMETERIZED_HASH": "c575eb2d1cbc575eb2d1cba8c654911a91eb",
"QUERY_PARAMETERIZED_HASH_VERSION": "1",
"QUERY_RETRY_CAUSE": null,
"QUERY_RETRY_TIME": null,
"QUERY_TAG": "",
"QUERY_TEXT": "DROP STORAGE INTEGRATION S3",
"QUERY_TYPE": "SHOW",
"QUEUED_OVERLOAD_TIME": "0",
"QUEUED_PROVISIONING_TIME": "0",
"QUEUED_REPAIR_TIME": "0",
"RELEASE_VERSION": "8.21.1",
"ROLE_NAME": "WAYNE_ADMIN",
"ROLE_TYPE": "ROLE",
"ROWS_DELETED": "0",
"ROWS_INSERTED": "0",
"ROWS_PRODUCED": null,
"ROWS_UNLOADED": "0",
"ROWS_UPDATED": "0",
"ROWS_WRITTEN_TO_RESULT": "1",
"SCHEMA_ID": null,
"SCHEMA_NAME": null,
"SECONDARY_ROLE_STATS": "{\"roleNames\":[],\"roleCount\":0,\"roleIds\":[]}",
"SESSION_ID": "379374534157826",
"START_TIME": "1717685508.585000",
"TOTAL_ELAPSED_TIME": "207",
"TRANSACTION_BLOCKED_TIME": "0",
"TRANSACTION_ID": "0",
"USER_NAME": "BRUCE_WAYN@wayneenterprises.org",
"WAREHOUSE_ID": null,
"WAREHOUSE_NAME": null,
"WAREHOUSE_SIZE": null,
"WAREHOUSE_TYPE": null
}
Events (5)
A resource was created.
A resource was created.
{
"BYTES_DELETED": "0",
"BYTES_READ_FROM_RESULT": "0",
"BYTES_SCANNED": "28160",
"BYTES_SENT_OVER_THE_NETWORK": "0",
"BYTES_SPILLED_TO_LOCAL_STORAGE": "0",
"BYTES_SPILLED_TO_REMOTE_STORAGE": "0",
"BYTES_WRITTEN": "25088",
"BYTES_WRITTEN_TO_RESULT": "27",
"CHILD_QUERIES_WAIT_TIME": "0",
"CLUSTER_NUMBER": "1",
"COMPILATION_TIME": "38",
"CREDITS_USED_CLOUD_SERVICES": "2.5999999999999998e-05",
"DATABASE_ID": "42",
"DATABASE_NAME": "VILLAIN_DB",
"END_TIME": "1717680343.697000",
"ERROR_CODE": null,
"ERROR_MESSAGE": null,
"EXECUTION_STATUS": "SUCCESS",
"EXECUTION_TIME": "623",
"EXTERNAL_FUNCTION_TOTAL_INVOCATIONS": "0",
"EXTERNAL_FUNCTION_TOTAL_RECEIVED_BYTES": "0",
"EXTERNAL_FUNCTION_TOTAL_RECEIVED_ROWS": "0",
"EXTERNAL_FUNCTION_TOTAL_SENT_BYTES": "0",
"EXTERNAL_FUNCTION_TOTAL_SENT_ROWS": "0",
"FAULT_HANDLING_TIME": null,
"INBOUND_DATA_TRANSFER_BYTES": "0",
"INBOUND_DATA_TRANSFER_CLOUD": null,
"INBOUND_DATA_TRANSFER_REGION": null,
"IS_CLIENT_GENERATED_STATEMENT": "false",
"LIST_EXTERNAL_FILES_TIME": "0",
"OUTBOUND_DATA_TRANSFER_BYTES": "0",
"OUTBOUND_DATA_TRANSFER_CLOUD": null,
"OUTBOUND_DATA_TRANSFER_REGION": null,
"PARTITIONS_SCANNED": "2",
"PARTITIONS_TOTAL": "175",
"PERCENTAGE_SCANNED_FROM_CACHE": "0.50909090909090904",
"QUERY_ACCELERATION_BYTES_SCANNED": "0",
"QUERY_ACCELERATION_PARTITIONS_SCANNED": "0",
"QUERY_ACCELERATION_UPPER_LIMIT_SCALE_FACTOR": "0",
"QUERY_HASH": "2f2f45df35df4535df4535df45f9bc9d",
"QUERY_HASH_VERSION": "2",
"QUERY_ID": "01b4d425-0509-54fd-0068-2d034e5caba3",
"QUERY_LOAD_PERCENT": "100",
"QUERY_PARAMETERIZED_HASH": "2f2f45df35df4535df4535df45f9bc9d",
"QUERY_PARAMETERIZED_HASH_VERSION": "1",
"QUERY_RETRY_CAUSE": null,
"QUERY_RETRY_TIME": null,
"QUERY_TAG": "",
"QUERY_TEXT": "INSERT INTO ...",
"QUERY_TYPE": "INSERT",
"QUEUED_OVERLOAD_TIME": "451",
"QUEUED_PROVISIONING_TIME": "0",
"QUEUED_REPAIR_TIME": "0",
"RELEASE_VERSION": "8.21.1",
"ROLE_NAME": "WAYNE_ADMIN",
"ROLE_TYPE": "ROLE",
"ROWS_DELETED": "0",
"ROWS_INSERTED": "306",
"ROWS_PRODUCED": "578",
"ROWS_UNLOADED": "0",
"ROWS_UPDATED": "0",
"ROWS_WRITTEN_TO_RESULT": "1",
"SCHEMA_ID": null,
"SCHEMA_NAME": null,
"SECONDARY_ROLE_STATS": "{\" roleNames \":[\" ALL \"],\" roleCount \":3,\" roleIds \":[6865490,17465841737,11459846222574]}",
"SESSION_ID": "293228816254855",
"START_TIME": "1717680342.585000",
"TOTAL_ELAPSED_TIME": "1112",
"TRANSACTION_BLOCKED_TIME": "0",
"TRANSACTION_ID": "17176803484581100000",
"USER_NAME": "ALFRED_ADMIN",
"WAREHOUSE_ID": "42",
"WAREHOUSE_NAME": "GOTHAM_WAREHOUSE",
"WAREHOUSE_SIZE": "X-Small",
"WAREHOUSE_TYPE": "STANDARD"
}
A resource was read.
A resource was read.
{
"BYTES_DELETED": "0",
"BYTES_READ_FROM_RESULT": "0",
"BYTES_SCANNED": "28160",
"BYTES_SENT_OVER_THE_NETWORK": "0",
"BYTES_SPILLED_TO_LOCAL_STORAGE": "0",
"BYTES_SPILLED_TO_REMOTE_STORAGE": "0",
"BYTES_WRITTEN": "25088",
"BYTES_WRITTEN_TO_RESULT": "27",
"CHILD_QUERIES_WAIT_TIME": "0",
"CLUSTER_NUMBER": "1",
"COMPILATION_TIME": "38",
"CREDITS_USED_CLOUD_SERVICES": "2.5999999999999998e-05",
"DATABASE_ID": "42",
"DATABASE_NAME": "VILLAIN_DB",
"END_TIME": "1717680343.697000",
"ERROR_CODE": null,
"ERROR_MESSAGE": null,
"EXECUTION_STATUS": "SUCCESS",
"EXECUTION_TIME": "623",
"EXTERNAL_FUNCTION_TOTAL_INVOCATIONS": "0",
"EXTERNAL_FUNCTION_TOTAL_RECEIVED_BYTES": "0",
"EXTERNAL_FUNCTION_TOTAL_RECEIVED_ROWS": "0",
"EXTERNAL_FUNCTION_TOTAL_SENT_BYTES": "0",
"EXTERNAL_FUNCTION_TOTAL_SENT_ROWS": "0",
"FAULT_HANDLING_TIME": null,
"INBOUND_DATA_TRANSFER_BYTES": "0",
"INBOUND_DATA_TRANSFER_CLOUD": null,
"INBOUND_DATA_TRANSFER_REGION": null,
"IS_CLIENT_GENERATED_STATEMENT": "false",
"LIST_EXTERNAL_FILES_TIME": "0",
"OUTBOUND_DATA_TRANSFER_BYTES": "0",
"OUTBOUND_DATA_TRANSFER_CLOUD": null,
"OUTBOUND_DATA_TRANSFER_REGION": null,
"PARTITIONS_SCANNED": "2",
"PARTITIONS_TOTAL": "175",
"PERCENTAGE_SCANNED_FROM_CACHE": "0.50909090909090904",
"QUERY_ACCELERATION_BYTES_SCANNED": "0",
"QUERY_ACCELERATION_PARTITIONS_SCANNED": "0",
"QUERY_ACCELERATION_UPPER_LIMIT_SCALE_FACTOR": "0",
"QUERY_HASH": "2f2f45df35df4535df4535df45f9bc9d",
"QUERY_HASH_VERSION": "2",
"QUERY_ID": "01b4d425-0509-54fd-0068-2d034e5caba3",
"QUERY_LOAD_PERCENT": "100",
"QUERY_PARAMETERIZED_HASH": "2f2f45df35df4535df4535df45f9bc9d",
"QUERY_PARAMETERIZED_HASH_VERSION": "1",
"QUERY_RETRY_CAUSE": null,
"QUERY_RETRY_TIME": null,
"QUERY_TAG": "",
"QUERY_TEXT": "SELECT ...",
"QUERY_TYPE": "SELECT",
"QUEUED_OVERLOAD_TIME": "451",
"QUEUED_PROVISIONING_TIME": "0",
"QUEUED_REPAIR_TIME": "0",
"RELEASE_VERSION": "8.21.1",
"ROLE_NAME": "WAYNE_ADMIN",
"ROLE_TYPE": "ROLE",
"ROWS_DELETED": "0",
"ROWS_INSERTED": "306",
"ROWS_PRODUCED": "578",
"ROWS_UNLOADED": "0",
"ROWS_UPDATED": "0",
"ROWS_WRITTEN_TO_RESULT": "1",
"SCHEMA_ID": null,
"SCHEMA_NAME": null,
"SECONDARY_ROLE_STATS": "{\" roleNames \":[\" ALL \"],\" roleCount \":3,\" roleIds \":[6865490,17465841737,11459846222574]}",
"SESSION_ID": "293228816254855",
"START_TIME": "1717680342.585000",
"TOTAL_ELAPSED_TIME": "1112",
"TRANSACTION_BLOCKED_TIME": "0",
"TRANSACTION_ID": "17176803484581100000",
"USER_NAME": "ALFRED_ADMIN",
"WAREHOUSE_ID": "42",
"WAREHOUSE_NAME": "GOTHAM_WAREHOUSE",
"WAREHOUSE_SIZE": "X-Small",
"WAREHOUSE_TYPE": "STANDARD"
}
A resource was updated.
A resource was updated.
{
"BYTES_DELETED": "0",
"BYTES_READ_FROM_RESULT": "0",
"BYTES_SCANNED": "28160",
"BYTES_SENT_OVER_THE_NETWORK": "0",
"BYTES_SPILLED_TO_LOCAL_STORAGE": "0",
"BYTES_SPILLED_TO_REMOTE_STORAGE": "0",
"BYTES_WRITTEN": "25088",
"BYTES_WRITTEN_TO_RESULT": "27",
"CHILD_QUERIES_WAIT_TIME": "0",
"CLUSTER_NUMBER": "1",
"COMPILATION_TIME": "38",
"CREDITS_USED_CLOUD_SERVICES": "2.5999999999999998e-05",
"DATABASE_ID": "42",
"DATABASE_NAME": "VILLAIN_DB",
"END_TIME": "1717680343.697000",
"ERROR_CODE": null,
"ERROR_MESSAGE": null,
"EXECUTION_STATUS": "SUCCESS",
"EXECUTION_TIME": "623",
"EXTERNAL_FUNCTION_TOTAL_INVOCATIONS": "0",
"EXTERNAL_FUNCTION_TOTAL_RECEIVED_BYTES": "0",
"EXTERNAL_FUNCTION_TOTAL_RECEIVED_ROWS": "0",
"EXTERNAL_FUNCTION_TOTAL_SENT_BYTES": "0",
"EXTERNAL_FUNCTION_TOTAL_SENT_ROWS": "0",
"FAULT_HANDLING_TIME": null,
"INBOUND_DATA_TRANSFER_BYTES": "0",
"INBOUND_DATA_TRANSFER_CLOUD": null,
"INBOUND_DATA_TRANSFER_REGION": null,
"IS_CLIENT_GENERATED_STATEMENT": "false",
"LIST_EXTERNAL_FILES_TIME": "0",
"OUTBOUND_DATA_TRANSFER_BYTES": "0",
"OUTBOUND_DATA_TRANSFER_CLOUD": null,
"OUTBOUND_DATA_TRANSFER_REGION": null,
"PARTITIONS_SCANNED": "2",
"PARTITIONS_TOTAL": "175",
"PERCENTAGE_SCANNED_FROM_CACHE": "0.50909090909090904",
"QUERY_ACCELERATION_BYTES_SCANNED": "0",
"QUERY_ACCELERATION_PARTITIONS_SCANNED": "0",
"QUERY_ACCELERATION_UPPER_LIMIT_SCALE_FACTOR": "0",
"QUERY_HASH": "2f2f45df35df4535df4535df45f9bc9d",
"QUERY_HASH_VERSION": "2",
"QUERY_ID": "01b4d425-0509-54fd-0068-2d034e5caba3",
"QUERY_LOAD_PERCENT": "100",
"QUERY_PARAMETERIZED_HASH": "2f2f45df35df4535df4535df45f9bc9d",
"QUERY_PARAMETERIZED_HASH_VERSION": "1",
"QUERY_RETRY_CAUSE": null,
"QUERY_RETRY_TIME": null,
"QUERY_TAG": "",
"QUERY_TEXT": "INSERT INTO ...",
"QUERY_TYPE": "INSERT",
"QUEUED_OVERLOAD_TIME": "451",
"QUEUED_PROVISIONING_TIME": "0",
"QUEUED_REPAIR_TIME": "0",
"RELEASE_VERSION": "8.21.1",
"ROLE_NAME": "WAYNE_ADMIN",
"ROLE_TYPE": "ROLE",
"ROWS_DELETED": "0",
"ROWS_INSERTED": "306",
"ROWS_PRODUCED": "578",
"ROWS_UNLOADED": "0",
"ROWS_UPDATED": "0",
"ROWS_WRITTEN_TO_RESULT": "1",
"SCHEMA_ID": null,
"SCHEMA_NAME": null,
"SECONDARY_ROLE_STATS": "{\" roleNames \":[\" ALL \"],\" roleCount \":3,\" roleIds \":[6865490,17465841737,11459846222574]}",
"SESSION_ID": "293228816254855",
"START_TIME": "1717680342.585000",
"TOTAL_ELAPSED_TIME": "1112",
"TRANSACTION_BLOCKED_TIME": "0",
"TRANSACTION_ID": "17176803484581100000",
"USER_NAME": "ALFRED_ADMIN",
"WAREHOUSE_ID": "42",
"WAREHOUSE_NAME": "GOTHAM_WAREHOUSE",
"WAREHOUSE_SIZE": "X-Small",
"WAREHOUSE_TYPE": "STANDARD"
}
A resource was removed or deleted.
A resource was removed or deleted.
{
"BYTES_DELETED": "0",
"BYTES_READ_FROM_RESULT": "0",
"BYTES_SCANNED": "28160",
"BYTES_SENT_OVER_THE_NETWORK": "0",
"BYTES_SPILLED_TO_LOCAL_STORAGE": "0",
"BYTES_SPILLED_TO_REMOTE_STORAGE": "0",
"BYTES_WRITTEN": "25088",
"BYTES_WRITTEN_TO_RESULT": "27",
"CHILD_QUERIES_WAIT_TIME": "0",
"CLUSTER_NUMBER": "1",
"COMPILATION_TIME": "38",
"CREDITS_USED_CLOUD_SERVICES": "2.5999999999999998e-05",
"DATABASE_ID": "42",
"DATABASE_NAME": "VILLAIN_DB",
"END_TIME": "1717680343.697000",
"ERROR_CODE": null,
"ERROR_MESSAGE": null,
"EXECUTION_STATUS": "SUCCESS",
"EXECUTION_TIME": "623",
"EXTERNAL_FUNCTION_TOTAL_INVOCATIONS": "0",
"EXTERNAL_FUNCTION_TOTAL_RECEIVED_BYTES": "0",
"EXTERNAL_FUNCTION_TOTAL_RECEIVED_ROWS": "0",
"EXTERNAL_FUNCTION_TOTAL_SENT_BYTES": "0",
"EXTERNAL_FUNCTION_TOTAL_SENT_ROWS": "0",
"FAULT_HANDLING_TIME": null,
"INBOUND_DATA_TRANSFER_BYTES": "0",
"INBOUND_DATA_TRANSFER_CLOUD": null,
"INBOUND_DATA_TRANSFER_REGION": null,
"IS_CLIENT_GENERATED_STATEMENT": "false",
"LIST_EXTERNAL_FILES_TIME": "0",
"OUTBOUND_DATA_TRANSFER_BYTES": "0",
"OUTBOUND_DATA_TRANSFER_CLOUD": null,
"OUTBOUND_DATA_TRANSFER_REGION": null,
"PARTITIONS_SCANNED": "2",
"PARTITIONS_TOTAL": "175",
"PERCENTAGE_SCANNED_FROM_CACHE": "0.50909090909090904",
"QUERY_ACCELERATION_BYTES_SCANNED": "0",
"QUERY_ACCELERATION_PARTITIONS_SCANNED": "0",
"QUERY_ACCELERATION_UPPER_LIMIT_SCALE_FACTOR": "0",
"QUERY_HASH": "2f2f45df35df4535df4535df45f9bc9d",
"QUERY_HASH_VERSION": "2",
"QUERY_ID": "01b4d425-0509-54fd-0068-2d034e5caba3",
"QUERY_LOAD_PERCENT": "100",
"QUERY_PARAMETERIZED_HASH": "2f2f45df35df4535df4535df45f9bc9d",
"QUERY_PARAMETERIZED_HASH_VERSION": "1",
"QUERY_RETRY_CAUSE": null,
"QUERY_RETRY_TIME": null,
"QUERY_TAG": "",
"QUERY_TEXT": "DROP ...",
"QUERY_TYPE": "DROP",
"QUEUED_OVERLOAD_TIME": "451",
"QUEUED_PROVISIONING_TIME": "0",
"QUEUED_REPAIR_TIME": "0",
"RELEASE_VERSION": "8.21.1",
"ROLE_NAME": "WAYNE_ADMIN",
"ROLE_TYPE": "ROLE",
"ROWS_DELETED": "0",
"ROWS_INSERTED": "306",
"ROWS_PRODUCED": "578",
"ROWS_UNLOADED": "0",
"ROWS_UPDATED": "0",
"ROWS_WRITTEN_TO_RESULT": "1",
"SCHEMA_ID": null,
"SCHEMA_NAME": null,
"SECONDARY_ROLE_STATS": "{\" roleNames \":[\" ALL \"],\" roleCount \":3,\" roleIds \":[6865490,17465841737,11459846222574]}",
"SESSION_ID": "293228816254855",
"START_TIME": "1717680342.585000",
"TOTAL_ELAPSED_TIME": "1112",
"TRANSACTION_BLOCKED_TIME": "0",
"TRANSACTION_ID": "17176803484581100000",
"USER_NAME": "ALFRED_ADMIN",
"WAREHOUSE_ID": "42",
"WAREHOUSE_NAME": "GOTHAM_WAREHOUSE",
"WAREHOUSE_SIZE": "X-Small",
"WAREHOUSE_TYPE": "STANDARD"
}
A resource was downloaded.
A resource was downloaded.
{
"BYTES_DELETED": "0",
"BYTES_READ_FROM_RESULT": "0",
"BYTES_SCANNED": "28160",
"BYTES_SENT_OVER_THE_NETWORK": "0",
"BYTES_SPILLED_TO_LOCAL_STORAGE": "0",
"BYTES_SPILLED_TO_REMOTE_STORAGE": "0",
"BYTES_WRITTEN": "25088",
"BYTES_WRITTEN_TO_RESULT": "27",
"CHILD_QUERIES_WAIT_TIME": "0",
"CLUSTER_NUMBER": "1",
"COMPILATION_TIME": "38",
"CREDITS_USED_CLOUD_SERVICES": "2.5999999999999998e-05",
"DATABASE_ID": "42",
"DATABASE_NAME": "VILLAIN_DB",
"END_TIME": "1717680343.697000",
"ERROR_CODE": null,
"ERROR_MESSAGE": null,
"EXECUTION_STATUS": "SUCCESS",
"EXECUTION_TIME": "623",
"EXTERNAL_FUNCTION_TOTAL_INVOCATIONS": "0",
"EXTERNAL_FUNCTION_TOTAL_RECEIVED_BYTES": "0",
"EXTERNAL_FUNCTION_TOTAL_RECEIVED_ROWS": "0",
"EXTERNAL_FUNCTION_TOTAL_SENT_BYTES": "0",
"EXTERNAL_FUNCTION_TOTAL_SENT_ROWS": "0",
"FAULT_HANDLING_TIME": null,
"INBOUND_DATA_TRANSFER_BYTES": "0",
"INBOUND_DATA_TRANSFER_CLOUD": null,
"INBOUND_DATA_TRANSFER_REGION": null,
"IS_CLIENT_GENERATED_STATEMENT": "false",
"LIST_EXTERNAL_FILES_TIME": "0",
"OUTBOUND_DATA_TRANSFER_BYTES": "0",
"OUTBOUND_DATA_TRANSFER_CLOUD": null,
"OUTBOUND_DATA_TRANSFER_REGION": null,
"PARTITIONS_SCANNED": "2",
"PARTITIONS_TOTAL": "175",
"PERCENTAGE_SCANNED_FROM_CACHE": "0.50909090909090904",
"QUERY_ACCELERATION_BYTES_SCANNED": "0",
"QUERY_ACCELERATION_PARTITIONS_SCANNED": "0",
"QUERY_ACCELERATION_UPPER_LIMIT_SCALE_FACTOR": "0",
"QUERY_HASH": "2f2f45df35df4535df4535df45f9bc9d",
"QUERY_HASH_VERSION": "2",
"QUERY_ID": "01b4d425-0509-54fd-0068-2d034e5caba3",
"QUERY_LOAD_PERCENT": "100",
"QUERY_PARAMETERIZED_HASH": "2f2f45df35df4535df4535df45f9bc9d",
"QUERY_PARAMETERIZED_HASH_VERSION": "1",
"QUERY_RETRY_CAUSE": null,
"QUERY_RETRY_TIME": null,
"QUERY_TAG": "",
"QUERY_TEXT": "GET ...",
"QUERY_TYPE": "GET_FILES",
"QUEUED_OVERLOAD_TIME": "451",
"QUEUED_PROVISIONING_TIME": "0",
"QUEUED_REPAIR_TIME": "0",
"RELEASE_VERSION": "8.21.1",
"ROLE_NAME": "WAYNE_ADMIN",
"ROLE_TYPE": "ROLE",
"ROWS_DELETED": "0",
"ROWS_INSERTED": "306",
"ROWS_PRODUCED": "578",
"ROWS_UNLOADED": "0",
"ROWS_UPDATED": "0",
"ROWS_WRITTEN_TO_RESULT": "1",
"SCHEMA_ID": null,
"SCHEMA_NAME": null,
"SECONDARY_ROLE_STATS": "{\" roleNames \":[\" ALL \"],\" roleCount \":3,\" roleIds \":[6865490,17465841737,11459846222574]}",
"SESSION_ID": "293228816254855",
"START_TIME": "1717680342.585000",
"TOTAL_ELAPSED_TIME": "1112",
"TRANSACTION_BLOCKED_TIME": "0",
"TRANSACTION_ID": "17176803484581100000",
"USER_NAME": "ALFRED_ADMIN",
"WAREHOUSE_ID": "42",
"WAREHOUSE_NAME": "GOTHAM_WAREHOUSE",
"WAREHOUSE_SIZE": "X-Small",
"WAREHOUSE_TYPE": "STANDARD"
}
This Account Usage view can be used to query Snowflake query history by various dimensions (time range, session, user, warehouse, etc.) within the last 365 days (1 year).
Storage Duration: 365 days
No comments
Duration: up to 45 minutes
No comments
Snowflake is a cloud-based Software as a Service (SaaS) platform that provides data warehousing, data lake, data sharing, and data integration services to customers. It stores a wide variety of data types, including structured and semi-structured data, enabling organizations to perform complex data analytics and gain insights from their data.
Events (3)
An account attempted to login to a system.
An account attempted to login to a system.
{
"browser": "Chrome 124.0.0.0",
"id": "6145782847",
"on_behalf_of": null,
"platform": "Intel Mac OS X 10.15.7",
"source_ip": "8.8.8.8",
"status": "Success",
"timestamp": "2024-05-07T21:01:27Z",
"type": "User Login",
"user_name": "bbunny@acme.com",
"vault_id": "123456"
}
{
"browser": "Unknown",
"id": "6151724407",
"on_behalf_of": null,
"platform": "Unknown",
"source_ip": "8.8.8.8",
"status": "Password Change Required",
"timestamp": "2024-05-08T21:17:23Z",
"type": "User Login",
"user_name": "granny@acme.com",
"vault_id": null
}
An account attempted to logout of a system.
An account attempted to logout of a system.
{
"browser": "Chrome 124.0.0.0",
"id": "6145624385",
"on_behalf_of": null,
"platform": "Intel Mac OS X 10.15.7",
"source_ip": "8.8.8.8",
"status": "Success",
"timestamp": "2024-05-07T20:18:07Z",
"type": "User Logout",
"user_name": "bbunny@acme.com",
"vault_id": "123456"
}
Enter or acknowledge an MFA factor which indicates success or failure.
Enter or acknowledge an MFA factor which indicates success or failure.
Events (18)
Creates a user.
Creates a user.
{
"action": "Create",
"capacity": null,
"event_description": "User : example_firstname example_lastname created",
"field_name": null,
"full_name": "Bugs Bunny",
"id": "123188",
"item": "User : example_firstname example_lastname",
"new_value": null,
"object_label": "User",
"old_value": null,
"on_behalf_of": null,
"reason": null,
"record_id": "20107255",
"task_name": null,
"timestamp": "2024-05-07T23:19:06Z",
"user_name": "bbunny@acme.com",
"verdict": null,
"workflow_name": null
}
Reads information about a user.
Reads information about a user.
Updates information about a user.
Updates information about a user.
{
"action": "Edit",
"capacity": null,
"event_description": "\"Email\" changed from \"example_user_123@appomni.com\" to \"changed_email@appomni.com\"",
"field_name": "Email",
"full_name": "Bugs Bunny",
"id": "123193",
"item": "User : example_firstname example_lastname",
"new_value": "changed_email@appomni.com",
"object_label": "User",
"old_value": "example_user_123@appomni.com",
"on_behalf_of": null,
"reason": null,
"record_id": "20107255",
"task_name": null,
"timestamp": "2024-05-07T23:19:35Z",
"user_name": "bbunny@acme.com",
"verdict": null,
"workflow_name": null
}
Removes or deletes a user.
Removes or deletes a user.
Creates a logical group.
Creates a logical group.
{
"action": "Create",
"event_description": "Group \"example_group_123\" created",
"field_name": "groupName",
"full_name": "Bugs Bunny",
"id": "726727",
"item": "example_group_123",
"new_value": "example_group_123",
"old_value": null,
"on_behalf_of": null,
"timestamp": "2024-05-07T23:21:12Z",
"user_id": "13648907",
"user_name": "bbunny@acme.com"
}
Reads a group.
Reads a group.
Updates a group.
Updates a group.
{
"action": "Edit",
"event_description": "Group description set to \"new_description\"",
"field_name": "groupDescr",
"full_name": "Bugs Bunny",
"id": "726729",
"item": "example_group_123",
"new_value": "new_description",
"old_value": null,
"on_behalf_of": null,
"timestamp": "2024-05-07T23:21:28Z",
"user_id": "13648907",
"user_name": "bbunny@acme.com"
}
Removes or deletes a group.
Removes or deletes a group.
{
"action": "Delete",
"event_description": "Group \"example_group_123\" deleted",
"field_name": null,
"full_name": "Bugs Bunny",
"id": "726731",
"item": "example_group_123",
"new_value": null,
"old_value": null,
"on_behalf_of": null,
"timestamp": "2024-05-07T23:21:49Z",
"user_id": "13648907",
"user_name": "bbunny@acme.com"
}
Adds a service, user or account to a group.
Adds a service, user or account to a group.
{
"action": "Edit_ListProperty",
"event_description": "\"jdoe@acme.com\" was added to the \"Report Administrators\" group",
"field_name": "groupMember",
"full_name": "Bugs Bunny",
"id": "726692",
"item": "Report Administrators",
"new_value": "jdoe@acme.com",
"old_value": null,
"on_behalf_of": null,
"timestamp": "2024-05-07T22:20:50Z",
"user_id": "13648907",
"user_name": "bbunny@acme.com"
}
Removes a service, user or account from a group.
Removes a service, user or account from a group.
{
"action": "Edit_ListProperty",
"event_description": "\"example_user_123@acme.com\" was removed from the \"External Inspectors\" group",
"field_name": "groupMember",
"full_name": "System",
"id": "726721",
"item": "External Inspectors",
"new_value": null,
"old_value": "example_user_123@acme.com",
"on_behalf_of": null,
"timestamp": "2024-05-07T23:20:35Z",
"user_id": "1",
"user_name": "System"
}
Creates a new role.
Creates a new role.
{
"action": "Create",
"capacity": null,
"event_description": "Application Role : example_new_role created",
"field_name": null,
"full_name": "Bugs Bunny",
"id": "123212",
"item": "Application Role : example_new_role",
"new_value": null,
"object_label": "Application Role",
"old_value": null,
"on_behalf_of": null,
"reason": null,
"record_id": "0AR00000000P001",
"task_name": null,
"timestamp": "2024-05-08T20:24:13Z",
"user_name": "bbunny@acme.com",
"verdict": null,
"workflow_name": null
}
Reads a role.
Reads a role.
Updates a role.
Updates a role.
{
"action": "Edit",
"capacity": null,
"event_description": "\"Permission Set\" changed from \"Central Monitor\" to \"Clinical App Administrator Actions\"",
"field_name": "Permission Set",
"full_name": "Bugs Bunny",
"id": "123221",
"item": "Application Role : example_new_role_123",
"new_value": "Clinical App Administrator Actions",
"object_label": "Application Role",
"old_value": "Central Monitor",
"on_behalf_of": null,
"reason": null,
"record_id": "0AR00000000Q001",
"task_name": null,
"timestamp": "2024-05-08T21:16:31Z",
"user_name": "bbunny@acme.com",
"verdict": null,
"workflow_name": null
}
Removes or deletes a role.
Removes or deletes a role.
{
"action": "Delete",
"capacity": null,
"event_description": "Application Role : example_new_role deleted",
"field_name": null,
"full_name": "Bugs Bunny",
"id": "123214",
"item": "Application Role : example_new_role",
"new_value": null,
"object_label": "Application Role",
"old_value": null,
"on_behalf_of": null,
"reason": null,
"record_id": "0AR00000000P001",
"task_name": null,
"timestamp": "2024-05-08T20:24:33Z",
"user_name": "bbunny@acme.com",
"verdict": null,
"workflow_name": null
}
Adds a permission to a resource.
Adds a permission to a resource.
{
"action": "Edit",
"event_description": "Security profile for \"jdoe@acme.com\" was changed from \"System Administrator\" to \"Vault Owner\"",
"field_name": "securityProfile",
"full_name": "Paul Bunyan",
"id": "731223",
"item": "jdoe@acme.com (John Doe)",
"new_value": "Vault Owner",
"old_value": "System Administrator",
"on_behalf_of": null,
"timestamp": "2024-05-10T13:53:39Z",
"user_id": "13796477",
"user_name": "pbunyan@acme.com"
}
Removes a permission from a resource.
Removes a permission from a resource.
{
"action": "RemovePermission",
"event_description": "Permission \"Admin > Configuration > Pages > Edit\" removed from permission set \"example_permission_set\"",
"field_name": "Admin > Configuration > Pages > Edit",
"full_name": "Bugs Bunny",
"id": "726747",
"item": "Permission Set \"example_permission_set\"",
"new_value": null,
"old_value": null,
"on_behalf_of": null,
"timestamp": "2024-05-08T23:03:03Z",
"user_id": "13648907",
"user_name": "bbunny@acme.com"
}
A MFA enrollment was added to an account.
A MFA enrollment was added to an account.
A MFA enrollment was removed from an account.
A MFA enrollment was removed from an account.
Events (8)
Creates a security configuration policy or enables settings.
Creates a security configuration policy or enables settings.
Reads a security configuration policy or settings.
Reads a security configuration policy or settings.
Updates a security configuration policy or settings.
Updates a security configuration policy or settings.
Removes or deletes a security configuration policy or setting.
Removes or deletes a security configuration policy or setting.
Creates a new integration.
Creates a new integration.
{
"action": "Create",
"capacity": null,
"event_description": "Connection Client : example_external_connection created",
"field_name": null,
"full_name": "System",
"id": "123225",
"item": "Connection Client : example_external_connection",
"new_value": null,
"object_label": "Connection Client",
"old_value": null,
"on_behalf_of": "bbunny@acme.com",
"reason": null,
"record_id": "V8M00000000E001",
"task_name": null,
"timestamp": "2024-05-09T18:23:21Z",
"user_name": "System",
"verdict": null,
"workflow_name": null
}
Reads an existing integration.
Reads an existing integration.
Updates an existing integration.
Updates an existing integration.
{
"action": "Edit",
"capacity": null,
"event_description": "\"URL\" set to \"https://appomni.test_url.com\" ",
"field_name": "URL",
"full_name": "Bugs Bunny",
"id": "123226",
"item": "Connection : External : example_external_connection",
"new_value": "https://appomni.test_url.com",
"object_label": "Connection",
"old_value": null,
"on_behalf_of": null,
"reason": null,
"record_id": "V1F00000000L001",
"task_name": null,
"timestamp": "2024-05-09T18:42:23Z",
"user_name": "bbunny@acme.com",
"verdict": null,
"workflow_name": null
}
Removes or deletes an existing integration.
Removes or deletes an existing integration.
{
"action": "Delete",
"capacity": null,
"event_description": "Connection : External : example_external_connection deleted",
"field_name": null,
"full_name": "Bugs Bunny",
"id": "123232",
"item": "Connection : External : example_external_connection",
"new_value": null,
"object_label": "Connection",
"old_value": null,
"on_behalf_of": null,
"reason": null,
"record_id": "V1F00000000L001",
"task_name": null,
"timestamp": "2024-05-09T18:50:15Z",
"user_name": "bbunny@acme.com",
"verdict": null,
"workflow_name": null
}
Events (5)
A resource was created.
A resource was created.
{
"action": "Create",
"capacity": null,
"event_description": "Study : example_study_1337 created",
"field_name": null,
"full_name": "Bugs Bunny",
"id": "123244",
"item": "Study : example_study_1337",
"new_value": null,
"object_label": "Study",
"old_value": null,
"on_behalf_of": null,
"reason": null,
"record_id": "0ST000000006002",
"task_name": null,
"timestamp": "2024-05-09T20:18:54Z",
"user_name": "bbunny@acme.com",
"verdict": null,
"workflow_name": null
}
A resource was read.
A resource was read.
{
"action": "GetDocumentVersion",
"doc_id": "102",
"document_url": "/ui/#doc_info/102/0/1",
"event_description": "Viewed Document",
"field_name": null,
"full_name": "John Doe",
"id": "729",
"item": "VV-TMF-12345",
"job_instance_id": null,
"new_value": null,
"old_value": null,
"on_behalf_of": null,
"signature_meaning": null,
"task_name": null,
"timestamp": "2024-05-14T21:37:10Z",
"user_name": "jdoe@acme.com",
"version": "0.1",
"view_license": null,
"workflow_name": null
}
A resource was updated.
A resource was updated.
{
"action": "Edit",
"capacity": null,
"event_description": "\"Subject Status\" changed from \"Started Treatment\" to \"Started Follow Up\"",
"field_name": "Subject Status",
"full_name": "Bugs Bunny",
"id": "123243",
"item": "Subject : example_subject_id",
"new_value": "Started Follow Up",
"object_label": "Subject",
"old_value": "Started Treatment",
"on_behalf_of": null,
"reason": null,
"record_id": "OPB000000001002",
"task_name": null,
"timestamp": "2024-05-09T19:59:52Z",
"user_name": "bbunny@acme.com",
"verdict": null,
"workflow_name": null
}
A resource was removed or deleted.
A resource was removed or deleted.
{
"action": "Delete",
"capacity": null,
"event_description": "Study : example_study_1337 deleted",
"field_name": null,
"full_name": "Bugs Bunny",
"id": "123245",
"item": "Study : example_study_1337",
"new_value": null,
"object_label": "Study",
"old_value": null,
"on_behalf_of": null,
"reason": null,
"record_id": "0ST000000006002",
"task_name": null,
"timestamp": "2024-05-09T20:19:06Z",
"user_name": "bbunny@acme.com",
"verdict": null,
"workflow_name": null
}
A resource was downloaded.
A resource was downloaded.
{
"action": "Download",
"doc_id": "101",
"document_url": "/ui/#doc_info/101/0/1",
"event_description": "Document downloaded",
"field_name": null,
"full_name": "Bugs Bunny",
"id": "650",
"item": "VV-TMF-00017",
"job_instance_id": null,
"new_value": null,
"old_value": null,
"on_behalf_of": null,
"signature_meaning": null,
"task_name": null,
"timestamp": "2024-05-07T19:24:09Z",
"user_name": "bbunny@acme.com",
"version": "0.1",
"view_license": null,
"workflow_name": null
}
The Veeva Vault Retrieve Audit Details API provides near real-time, read-only access to an organization's audit log.
Storage Duration: 30 days
N/A
Duration: Near real-time
N/A
Veeva Vault is a true cloud enterprise content management platform and suite of applications specifically built for life sciences. Veeva Vault audit events record logs related to an documents, objects, logins, and systems. The Events can be used to understand platform and user activity, troubleshoot problems, and investigate security incidents. The Veeva Vault Retrieve Audit Details API allows an organization to programmatically access the Veeva Vault audit logs. The API provides a way to retrieve, filter, and export events.
The Veeva Vault Retrieve Audit Details API provides near real-time, read-only access to an organization's audit log.
Events (3)
An account attempted to login to a system.
An account attempted to login to a system.
An account attempted to logout of a system.
An account attempted to logout of a system.
Enter or acknowledge an MFA factor which indicates success or failure.
Enter or acknowledge an MFA factor which indicates success or failure.
Events (18)
Creates a user.
Creates a user.
{
"activityAction": "WRITE",
"deviceType": "Desktop",
"ipAddress": "192.168.0.1",
"requestTime": "2024-04-15T12:09:31.763Z",
"sessionId": "495269",
"systemAccount": "test.user@acme.com",
"target":
{
"descriptor": "Create Workday Account: Jane Doe",
"id": "3f2a87a1ee011000ad21051bbfb90000"
},
"taskDisplayName": "Create Workday Account",
"taskId": "dc2fbbfc446c11de98360015c5e6daf6",
"userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0"
}
Reads information about a user.
Reads information about a user.
{
"activityAction": "READ",
"deviceType": "Desktop",
"ipAddress": "192.168.0.1",
"requestTime": "2024-04-24T14:32:40.272Z",
"sessionId": "dd7803",
"systemAccount": "test.user@acme.com",
"target":
{
"descriptor": "john.doe / John Doe",
"id": "597a5fe0e5b41000a873c5e87aa10000"
},
"taskDisplayName": "View Workday Account",
"taskId": "dc347228446c11de98360015c5e6daf6",
"userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36"
}
Updates information about a user.
Updates information about a user.
{
"activityAction": "WRITE",
"deviceType": "Desktop",
"ipAddress": "192.168.0.1",
"requestTime": "2024-04-22T12:06:18.499Z",
"sessionId": "208afc",
"systemAccount": "test.user@acme.com",
"target":
{
"descriptor": "Edit Workday Account: jane.doe@acme.com / Jane Doe",
"id": "3b45e1da2b3e1000ad425682b5ab0000"
},
"taskDisplayName": "Edit Workday Account",
"taskId": "6c148253fc8b1000027f9a8ba31c000e",
"userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
}
Removes or deletes a user.
Removes or deletes a user.
Creates a logical group.
Creates a logical group.
{
"activityAction": "WRITE",
"deviceType": "Desktop",
"ipAddress": "192.168.0.1",
"requestTime": "2024-04-22T11:17:40.737Z",
"sessionId": "b4dc5b",
"systemAccount": "test.user@acme.com",
"target":
{
"descriptor": "Custom HR Admin Group",
"id": "3b45e1da2b3e1000aa9b045a187d0000"
},
"taskDisplayName": "Create Security Group",
"taskId": "dc3318ce446c11de98360015c5e6daf6",
"userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36"
}
Reads a group.
Reads a group.
{
"activityAction": "READ",
"deviceType": "Desktop",
"ipAddress": "192.168.0.1",
"requestTime": "2024-04-29T15:57:47.459Z",
"sessionId": "692dd8",
"systemAccount": "test.user@acme.com",
"target":
{
"descriptor": "Bank Administrator",
"id": "6143bf1db22e10d1657fff8287342718"
},
"taskDisplayName": "View Security Group",
"taskId": "dc331496446c11de98360015c5e6daf6",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36"
}
Updates a group.
Updates a group.
{
"activityAction": "WRITE",
"deviceType": "Desktop",
"ipAddress": "192.168.0.1",
"requestTime": "2024-04-29T15:59:18.710Z",
"sessionId": "692dd8",
"systemAccount": "test.user@acme.com",
"target":
{
"descriptor": "Finance Administrator",
"id": "6143bf1db22e10d1657fff8287342718"
},
"taskDisplayName": "Edit User-Based Security Group",
"taskId": "dc4d3ce0446c11de98360015c5e6daf6",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36"
}
Removes or deletes a group.
Removes or deletes a group.
{
"activityAction": "WRITE",
"deviceType": "Desktop",
"ipAddress": "192.168.0.1",
"requestTime": "2024-04-29T16:00:31.986Z",
"sessionId": "692dd8",
"systemAccount": "test.user@acme.com",
"target":
{
"descriptor": "",
"id": "dfbf16403554012375dee2ebd7cb0000"
},
"taskDisplayName": "Delete Security Group",
"taskId": "dc33157c446c11de98360015c5e6daf6",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36"
}
Adds a service, user or account to a group.
Adds a service, user or account to a group.
{
"activityAction": "WRITE",
"deviceType": "Desktop",
"ipAddress": "192.168.0.1",
"requestTime": "2024-04-29T16:09:37.206Z",
"sessionId": "692dd8",
"systemAccount": "test.user@acme.com",
"target":
{
"descriptor": "Compensation System",
"id": "1d1b0ad99fb64daa863027571269e158"
},
"taskDisplayName": "Assign Users to User-Based Security Group",
"taskId": "dc49b84a446c11de98360015c5e6daf6",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36"
}
Removes a service, user or account from a group.
Removes a service, user or account from a group.
{
"activityAction": "WRITE",
"deviceType": "Desktop",
"ipAddress": "192.168.0.1",
"requestTime": "2024-04-29T16:09:37.206Z",
"sessionId": "692dd8",
"systemAccount": "test.user@acme.com",
"target":
{
"descriptor": "Benefits Administrator",
"id": "1d1b0ad99fb64daa863027571269e158"
},
"taskDisplayName": "Assign Users to User-Based Security Group",
"taskId": "dc49b84a446c11de98360015c5e6daf6",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36"
}
Creates a new role.
Creates a new role.
Reads a role.
Reads a role.
{
"activityAction": "READ",
"deviceType": "Desktop",
"ipAddress": "192.168.0.1",
"requestTime": "2024-04-29T17:05:55.030Z",
"sessionId": "d025f2",
"systemAccount": "test.user@acme.com",
"taskDisplayName": "Role Assignment Permissions",
"taskId": "dc3f2f4c446c11de98360015c5e6daf6",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36"
}
Updates a role.
Updates a role.
{
"activityAction": "WRITE",
"deviceType": "Desktop",
"ipAddress": "192.168.0.1",
"requestTime": "2024-04-29T16:12:45.263Z",
"sessionId": "692dd8",
"systemAccount": "test.user@acme.com",
"target":
{
"descriptor": "Accountant",
"id": "b54cec1213ff4f6e8a3567998124a7a2"
},
"taskDisplayName": "Edit Role Assignment Permissions",
"taskId": "dc4cf668446c11de98360015c5e6daf6",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36"
}
Removes or deletes a role.
Removes or deletes a role.
Adds a permission to a resource.
Adds a permission to a resource.
{
"activityAction": "WRITE",
"deviceType": "Desktop",
"ipAddress": "192.168.0.1",
"requestTime": "2024-04-25T17:45:31.612Z",
"sessionId": "a6259b",
"systemAccount": "test.user@acme.com",
"target":
{
"descriptor": "Calendar Download Access",
"id": "89e47473254c0103772956e0ca441800"
},
"taskDisplayName": "Edit Domain Security Policy Permissions",
"taskId": "dc30feea446c11de98360015c5e6daf6",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36"
}
Removes a permission from a resource.
Removes a permission from a resource.
{
"activityAction": "WRITE",
"deviceType": "Desktop",
"ipAddress": "192.168.0.1",
"requestTime": "2024-04-22T19:18:56.858Z",
"sessionId": "8413e1",
"systemAccount": "test.user@acme.com",
"target":
{
"descriptor": "Create and Manage Surveys",
"id": "860b38cc4831013d6b1850dfb58c8200"
},
"taskDisplayName": "Edit Permissions",
"taskId": "dc32592a446c11de98360015c5e6daf6",
"userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36"
}
A MFA enrollment was added to an account.
A MFA enrollment was added to an account.
{
"activityAction": "WRITE",
"deviceType": "Desktop",
"ipAddress": "192.168.0.1",
"requestTime": "2024-04-15T23:06:03.915Z",
"sessionId": "67b7bc",
"systemAccount": "test.user@acme.com",
"taskDisplayName": "Set up Authenticator App",
"taskId": "383bb6086e1a100011635fc295a60095",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3.1 Safari/605.1.15"
}
A MFA enrollment was removed from an account.
A MFA enrollment was removed from an account.
{
"activityAction": "WRITE",
"deviceType": "Desktop",
"ipAddress": "192.168.0.1",
"requestTime": "2024-03-27T15:22:28.183Z",
"sessionId": "92dc7b",
"systemAccount": "test.user@acme.com",
"target":
{
"descriptor": "One Time Passcode - Email",
"id": "8b2c9ed03ecb1049073f1d6487120000"
},
"taskDisplayName": "Edit One Time Passcode - Email Setup",
"taskId": "cab913dced9810001e63901c892a0017",
"userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36"
}
Events (8)
Creates a security configuration policy or enables settings.
Creates a security configuration policy or enables settings.
{
"activityAction": "WRITE",
"deviceType": "Desktop",
"ipAddress": "192.168.0.1",
"requestTime": "2024-04-18T17:04:59.204Z",
"sessionId": "efc2ba",
"systemAccount": "test.user@acme.com",
"target":
{
"descriptor": "Self-Service: Benefits and Pay Hub",
"id": "fb58ac88f9ba1001a8a5835b27aa0000"
},
"taskDisplayName": "Create Security Policy for Domain",
"taskId": "dc31d018446c11de98360015c5e6daf6",
"userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36"
}
Reads a security configuration policy or settings.
Reads a security configuration policy or settings.
{
"activityAction": "READ",
"deviceType": "Desktop",
"ipAddress": "192.168.0.1",
"requestTime": "2024-04-18T17:01:25.414Z",
"sessionId": "5ced74",
"systemAccount": "test.user@acme.com",
"target":
{
"descriptor": "acme_workday_tenant",
"id": "acc14cefb22b44e18d96ac71fc35f6a0"
},
"taskDisplayName": "Tenant Setup - Security",
"taskId": "29f477f31172498f83fba6e51c59930e",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36"
}
Updates a security configuration policy or settings.
Updates a security configuration policy or settings.
{
"activityAction": "WRITE",
"deviceType": "Desktop",
"ipAddress": "192.168.0.1",
"requestTime": "2024-04-18T17:04:18.829Z",
"sessionId": "5ced74",
"systemAccount": "test.user@acme.com",
"target":
{
"descriptor": "One Time Passcode - SMS",
"id": "ab2cb4ac47b401c761847989a2551700"
},
"taskDisplayName": "Edit One Time Passcode - SMS Setup",
"taskId": "cdc5d309f37910000296e685317a0120",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36"
}
Removes or deletes a security configuration policy or setting.
Removes or deletes a security configuration policy or setting.
{
"activityAction": "WRITE",
"deviceType": "Desktop",
"ipAddress": "192.168.0.1",
"requestTime": "2024-04-18T17:46:17.353Z",
"sessionId": "5ced74",
"systemAccount": "test.user@acme.com",
"target":
{
"descriptor": "acme_workday_tenant",
"id": "acc14cefb22b44e18d96ac71fc35f6a0"
},
"taskDisplayName": "Edit Tenant Setup - Security",
"taskId": "35382c414f3140e9bc738121e6f6f68f",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36"
}
Creates a new integration.
Creates a new integration.
{
"activityAction": "WRITE",
"deviceType": "Desktop",
"ipAddress": "192.168.0.1",
"requestTime": "2024-04-12T17:48:40.298Z",
"sessionId": "a6894b",
"systemAccount": "test.user@acme.com",
"target":
{
"descriptor": "3rd Party Integration to Workday",
"id": "a98bc7f71d0010020844f80994580000"
},
"taskDisplayName": "Register API Client for Integrations",
"taskId": "564682b1f8824efd87254fc5d6ffb5a4",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36"
}
Reads an existing integration.
Reads an existing integration.
{
"activityAction": "READ",
"deviceType": "Desktop",
"ipAddress": "192.168.0.1",
"requestTime": "2024-04-24T16:45:01.996Z",
"sessionId": "23f3c4",
"systemAccount": "test.user@acme.com",
"taskDisplayName": "Register API Client for Integrations",
"taskId": "564682b1f8824efd87254fc5d6ffb5a4",
"userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36"
}
Updates an existing integration.
Updates an existing integration.
{
"activityAction": "WRITE",
"deviceType": "Desktop",
"ipAddress": "192.168.0.1",
"requestTime": "2024-04-10T18:36:53.137Z",
"sessionId": "9b4f58",
"systemAccount": "test.user@acme.com",
"target":
{
"descriptor": "EIB - Put Compensation Plans",
"id": "caeae0ba9a4a10015f280519f6be0000"
},
"taskDisplayName": "Edit Integration System",
"taskId": "82c4467dd1cf4ee89d12712e1709cca4",
"userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36"
}
Removes or deletes an existing integration.
Removes or deletes an existing integration.
Events (5)
A resource was created.
A resource was created.
{
"activityAction": "WRITE",
"deviceType": "Desktop",
"ipAddress": "192.168.0.1",
"requestTime": "2024-04-15T18:58:53.582Z",
"sessionId": "a0ce77",
"systemAccount": "test.user@acme.com",
"target":
{
"descriptor": "Expense Report: EXP-20240-123",
"id": "a4b2226134119000c4478784348b0000"
},
"taskDisplayName": "Create Expense Report",
"taskId": "dc306b10446c11de98360015c5e6daf6",
"userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36"
}
A resource was read.
A resource was read.
{
"activityAction": "READ",
"deviceType": "Desktop",
"ipAddress": "192.168.0.1",
"requestTime": "2024-04-16T15:20:25.595Z",
"sessionId": "7bfc6f",
"systemAccount": "test.user@acme.com",
"target":
{
"descriptor": "Expense Payments - John Doe",
"id": "4a7ccee4655d1009b82f55cf259b0002"
},
"taskDisplayName": "Change Election",
"taskId": "b73c880a358640fdae5c86aa21daa427",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36"
}
A resource was updated.
A resource was updated.
{
"activityAction": "WRITE",
"deviceType": "Desktop",
"ipAddress": "192.168.0.1",
"requestTime": "2024-04-16T15:00:22.436Z",
"sessionId": "7bfc6f",
"systemAccount": "test.user@acme.com",
"target":
{
"descriptor": "Custom Payroll Report",
"id": "3786a181dce445298a877f501322f72b"
},
"taskDisplayName": "Edit Custom Report",
"taskId": "dc2fb94a446c11de98360015c5e6daf6",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36"
}
A resource was removed or deleted.
A resource was removed or deleted.
{
"activityAction": "WRITE",
"deviceType": "Desktop",
"ipAddress": "192.168.0.1",
"requestTime": "2024-04-16T14:58:10.665Z",
"sessionId": "7bfc6f",
"systemAccount": "test.user@acme.com",
"target":
{
"descriptor": "",
"id": "4fd998fc9a861001120eb5ebf89c0000"
},
"taskDisplayName": "Delete Custom Report",
"taskId": "dc2fc08e446c11de98360015c5e6daf6",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36"
}
A resource was downloaded.
A resource was downloaded.
{
"activityAction": "WRITE",
"deviceType": "Desktop",
"ipAddress": "192.168.0.1",
"requestTime": "2024-04-16T14:58:10.665Z",
"sessionId": "7bfc6f",
"systemAccount": "test.user@acme.com",
"target":
{
"descriptor": "",
"id": "4fd998fc9a861001120eb5ebf89c0000"
},
"taskDisplayName": "Delete Custom Report",
"taskId": "dc2fc08e446c11de98360015c5e6daf6",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36"
}
Workday user activity logs provide an audit trail of user activity over a certain time period.
Storage Duration: 30 days
By default, the User Activity Logging REST API retains log entries for 30 days.
Duration: Near real-time
By default, the User Activity Logging REST API retains log entries for 30 days.
Workday is a cloud-based enterprise resource planning (ERP) platform that offers financial management, human resources management, and workforce planning. The User Activity Logging REST API enables organizations to retrieve an audit trail for Workday user activities.
Documentation on collecting events from the User Activity Logging REST API