Audit Log Object

Defines the schema for audit logs.


The Audit Log object schema includes the following attributes:

actorThe user or system that made the change.

type - whether the change was made by a user or the system. One of system-generated or user
user - (Only included in changes performed by a user) Data on the user account that performed the action. Attributes: id, email, and name.
Object{ "type":"user", "user": { "id":"235554234242892734", "email":"[email protected]", "name":"BP user" } }
context(Only included in changes performed by a user)
Actor access details as reported by the client.
actor_access object attributes:
user_agent - information about the user’s browser.
ip_address - the access point used to access the system.
Object{ "actor_access": { "ip_address": "52.555.23.8", "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.5556.81 Safari/537.36" } }
timestampUnix epoch time when the event occurred (in seconds).Timestamp (in seconds)"1588697026"
resource_idThe system id of the resource that was changed.String"fc4dfad7-0ab8-4117-a60e-71faac986eef"
resource_typeThe resource type that was changed.
Possible returns are:

- correlation_patterns
- enrichment v1 custom_tags
- environments
- users
action_typeThe action that was made.

The following action types are available:
init_state: this type is used only as an initial value
create: when a resource is created.
update: when a resource is updated.
delete: when a resource is deleted.
objectThe resource object after the change.

Resource objects include:
-Alert Correlation
-Alert Enrichments

When the resource is deleted, the object is {null}.
Object{ "filter": "source_system = 'api.mwv2demo' AND zero_impact != 'true'", "updated_at": 1554606117, "name": "MWV2 Demo", "created_at": 1554606117, "id": "5ca96825a5bd7724508374ba" }