The Audit Log
object schema includes the following attributes:
Attribute
Description
Example
actor
The actor that made the change (user or system).
"actor":{
"type":"user",
"user": {
"id":"234234234242892734",
"email":"[email protected] ",
"name":"BP user"
}
}
context
Actor details
context": {
"actor_access": {
"ip_address": "1183.2.2.23",
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 11_1_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36"
}
timestamp
Time the event occurred in Unix format.
"timestamp":"1588697026"
resource_id
The resource id that was changed.
"resource_id": "fc4dfad7-0ab8-4117-a60e-71faac986eef"
resource_type
The resource type that was changed.
The following resources are available:
correlation_pattern
custom_tag (EV1)
environments
"resource_type": "correlation_pattern"
action_type
The action that was made.
The following action types are available:
init_state : this type is used only as an initial value
create : when a resource is created.
update : when a resource is updated.
delete : when a resource is deleted.
"action_type": "update"
object
The resource object after the change.
When the resource is deleted, the object is {null}.
"object": {
"template": "$1",
"metadata": {
"created_time": 1605777517,
"updated_time": 1605777544,
"created_user": "5fb62211db627c110086466c",
"description": "",
"updated_user": "5fb62211db627c110086466c"
},
"query": {
"IN": [
"source_system",
[
{
"type": "regex",
"value": "*"
}
]
]
},
"destination": "hey1",
"pattern": "(.*)",
"active": true,
"id": "c4f76657-af93-41bb-97c2-c802930e124e",
"source": "check",
"type": "extraction"
}