Audit Log Object

Defines the schema for audit logs.

Parameters

The Audit Log object schema includes the following attributes:

Attribute

Description

Type

Example

actor

The user or system that made the change.

Attributes:
type - whether the change was made by a user or the system. One of system-generated or user
user - (Only included in changes performed by a user) Data on the user account that performed the action. Attributes: id, email, and name.

Object

{ "type":"user", "user": { "id":"235554234242892734", "email":"[email protected]", "name":"BP user" } }

context

(Only included in changes performed by a user)
Actor access details as reported by the client.
actor_access object attributes:
user_agent - information about the user’s browser.
ip_address - the access point used to access the system.

Object

{ "actor_access": { "ip_address": "52.555.23.8", "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.5556.81 Safari/537.36" } }

timestamp

Time the event occurred in Unix format.

Timestamp (in seconds)

"1588697026"

resource_id

The system id of the resource that was changed.

String

"fc4dfad7-0ab8-4117-a60e-71faac986eef"

resource_type

The resource type that was changed.
Possible returns are:

  • correlation_patterns
  • enrichment v1 custom_tags
  • environments
  • users

String

"correlation_pattern"

action_type

The action that was made.

The following action types are available:
init_state: this type is used only as an initial value
create: when a resource is created.
update: when a resource is updated.
delete: when a resource is deleted.

String

"update"

object

The resource object after the change.
When the resource is deleted, the object is {null}.

Object

{ "filter": "source_system = 'api.mwv2demo' AND zero_impact != 'true'", "updated_at": 1554606117, "name": "MWV2 Demo", "created_at": 1554606117, "id": "5ca96825a5bd7724508374ba" }