Audit Events Reference
NAME | CODE | DESCRIPTION |
---|---|---|
License-error | 0 | The system license does not allow operation. |
Configuration-error | 1 | The system configuration is invalid. |
Service-starting | 10 | The service is starting. |
Service-running | 11 | The service is running. |
Service-stopped | 12 | The service has been stopped. |
User-logged-in | 100 | User has logged in to the system. |
User-login-failed | 102 | User login operation failed. |
User-MFA-challenge-sent | 103 | User tried to log in without MFA pin code. |
User-MFA-challenge-accepted | 104 | User successfully authenticated with MFA pin code. |
User-MFA-challenge-setup-sent | 105 | User was MFA setup information. |
Access-token-granted | 106 | Access token granted |
User-access-token-refreshed | 110 | User refreshed the access token |
User-access-token-refresh-failed | 111 | User access token refresh failed. |
OAuth-client-authenticated | 121 | OAuth client authenticated |
OAuth-client-authentication-failed | 122 | OAuth client authentication failed |
User-login-attempt-rate-limited | 130 | User login attempt rate limited |
Role-added | 201 | New role added to the system. |
Role-modified | 202 | Role has been modified. |
Role-removed | 203 | Role has been removed. |
Directory-added | 210 | New directory added to the system. |
Directory-modified | 211 | Directory has been modified. |
Directory-removed | 212 | Directory has been removed. |
Directory-authentication-failed | 213 | Directory authentication failed. |
User-roles-modified | 220 | The user's role associations were changed |
AWS-token-granted | 230 | AWS token was granted to a user |
AWS-token-grant-failed | 231 | AWS token grant failed |
LogConf-collector-created | 232 | LogConf collector created |
LogConf-collector-modified | 233 | LogConf collector modified |
LogConf-collector-removed | 234 | LogConf collector removed |
LogConf-collector-failed | 235 | LogConf collector failed |
RoleContext-usage-alert | 250 | RoleContext limitations were violated. |
RoleContext-role-blocked | 251 | RoleContext limitations were violated, role blocked. |
Authorized-key-added | 260 | Authorized key added |
Authorized-key-modified | 261 | Authorized key modified |
Authorized-key-removed | 262 | Authorized key removed |
Connection-requested | 300 | Connection was requested. |
Connection-authenticated | 301 | Connection was authenticated. |
Connection-rejected | 302 | Connection was rejected. |
Connection-closed | 303 | Connection was closed. |
Connection-failed | 304 | Connection closed with an error. |
Client-authenticated | 305 | Client was authenticated. |
Session-added | 310 | A session was added to a connection. |
Session-removed | 311 | A session was removed from a connection. |
Session-rejected | 312 | A session was rejected. |
File-upload | 320 | File upload performed. |
File-download | 321 | File download performed. |
Host-key-matched | 324 | Host key matched |
Host-key-denied | 325 | Host key denied |
Host-key-accepted | 326 | Host key accepted |
Host-key-saved | 327 | Host key saved |
Extender-connected | 328 | Extender connected |
Extender-disconnected | 329 | Extender disconnected |
File-removed | 330 | File removed via SSH. |
Folder-removed | 331 | Folder removed via SSH. |
File-moved | 332 | File moved. |
Folder-created | 333 | Folder created. |
Connection-audit-started | 334 | Connection audit started |
Connection-audit-failed | 335 | Connection audit failed |
Host-certificate-trusted | 336 | Host certificate trusted |
Host-certificate-matched | 337 | Host certificate matched |
Host-certificate-denied | 338 | Host certificate denied |
Host-certificate-accepted | 339 | Host certificate accepted |
Host-certificate-saved | 340 | Host certificate saved |
Authorization-requested | 400 | A client requested an authorization. |
Authorization-certificate-granted | 401 | An authorization certificate granted. |
Authorization-role-key-granted | 402 | An authorization role key granted. |
Authorization-role-key-sign-operation-rejected | 403 | An authorization role key sign operation was rejected. |
Authorization-role-key-sign-operation-accepted | 404 | An authorization role key sign operation was accepted. |
Authorization-rejected | 405 | An authorization was rejected. |
Authorization-certificate-warning | 406 | Authorization certificate creation generated warnings. |
Authorization-passphrase-returned | 407 | Authorization passphrase was returned |
Principal-added | 410 | A principal was added. |
Principal-removed | 411 | A principal was removed. |
Trusted-client-added | 420 | A trusted client was added. |
Trusted-client-modified | 421 | A trusted client was modified. |
Trusted-client-removed | 423 | A trusted client was removed. |
API-client-added | 424 | An API client was added. |
API-client-modified | 425 | An API client was modified. |
API-client-removed | 426 | An API client was removed. |
License-updated | 430 | The service license was updated. |
CA-certificate-created | 440 | CA certificate was created. |
CA-certificate-deleted | 441 | CA certificate was deleted. |
EE-certificate-enrolled | 442 | End entity certificate was enrolled |
EE-certificate-revoked | 443 | End entity certificate was revoked |
CA-certificate-enrolled | 444 | CA certificate was enrolled |
CA-certificate-revoked | 445 | CA certificate was revoked |
Access-group-created | 450 | Access group created |
Access-group-modified | 451 | Access group modified |
Access-group-deleted | 452 | Access group deleted |
User-added | 500 | New user added to the system. |
User-modified | 501 | User has been modified. |
User-removed | 502 | User has been removed. |
User-password-modified | 510 | User password has been modified. |
User-authenticated | 520 | User has been authenticated. |
User-authentication-failed | 521 | User authentication has failed. |
Workflow-added | 600 | A workflow was added. |
Workflow-modified | 601 | A workflow was modified. |
Workflow-removed | 602 | A workflow was removed. |
Request-added | 610 | A request was added. |
Request-removed | 612 | A request was removed. |
Decision-made | 620 | A decision has been made on a request. |
Email-sent | 630 | A email notification has been sent. |
Email-configuration-modified | 631 | Email configuration has been modified. |
Email-not-sent | 632 | Email not sent. |
Log-downloaded | 700 | Log files have been downloaded. |
Log-level-modified | 710 | The log level was modified. |
Host-added | 801 | A host was added. |
Host-modified | 802 | A host was modified. |
Host-removed | 803 | A host was removed. |
Host-service-connection-re-established | 804 | A host service connection re-established. |
Host-service-connection-failure | 805 | A host service connection failed. |
Host-disabled-state-changed | 806 | Host disabled state changed |
Connection-terminated | 900 | Connection terminated. |
Connection-terminated-for-host | 901 | Connection terminated for host. |
Connection-terminated-for-user | 902 | Connection terminated for user. |
Licensed-connection-count-exceeded | 903 | Licensed connection count exceeded. |
Access-role-granted | 910 | Access role granted |
Access-role-revoked | 911 | Access role revoked |
Connections-meta-removed | 920 | Connections meta removed |
Trail-opened | 1000 | Trail opened. |
Trail-open-failed | 1001 | Failed to open trail. |
Trail-file-open-failed | 1002 | Failed to open trail file. |
Trail-file-read-failed | 1003 | Failed to read trail file. |
Trail-removed | 1004 | Trail removed. |
Trail-remove-failed | 1005 | Failed to remove trail. |
Trail-file-integrity-failed | 1006 | Trail file integrity check failed. |
Trail-file-downloaded | 1007 | Trail file downloaded. |
Config-checksum-added | 1100 | A config file checksum was added. |
Config-checksum-changed | 1101 | A config file checksum has changed. |
Transcript-status-scheduled | 1201 | Transcript status: scheduled. |
Transcript-status-indexing | 1202 | Transcript status: indexing. |
Transcript-status-indexed | 1203 | Transcript status: indexed. |
Transcript-status-error | 1204 | Transcript status: error. |
Transcript-status-not-indexed | 1205 | Transcript status: not indexed. |
Transcript-trail-removed | 1206 | Transcript trail removed. |
Transcript-opened | 1207 | Transcript opened. |
Disk-full | 1301 | Disk Full. |
Auditevent-removed | 1302 | Auditevent removed |
PrivX-restarted | 1303 | PrivX restarted |
Secret-created | 1400 | Secret created. |
Secret-removed | 1401 | Secret removed. |
Secret-accessed | 1402 | Secret accessed. |
Secret-changed | 1403 | Secret changed. |
Secret-metadata-changed | 1404 | Secret's metadata changed. |
Settings-modified | 1501 | Settings modified. |
Updated over 2 years ago