Audit Log Object

Defines the schema for an Audit log.

Parameters

The Audit Log object schema includes the following attributes:

Attribute

Description

Example

actor

The actor that made the change (user or system).

"actor":{ 
    "type":"user",
    "user": {
      "id":"234234234242892734",
      "email":"[email protected]",
      "name":"BP user"
    }
  }

context

Actor details

context": {
"actor_access": {
"ip_address": "1183.2.2.23",
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 11_1_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36"
}

timestamp

Time the event occurred in Unix format.

"timestamp":"1588697026"

resource_id

The resource id that was changed.

"resource_id": "fc4dfad7-0ab8-4117-a60e-71faac986eef"

resource_type

The resource type that was changed.

The following resources are available:

  • correlation_pattern
  • custom_tag
  • environments

"resource_type": "correlation_pattern"

action_type

The action that was made.

The following action types are available:
init_state: this type is used only as an initial value
create: when a resource is created.
update: when a resource is updated.
delete: when a resource is deleted.

"action_type": "update"

object

The resource object after the change.
When the resource is deleted, the object is {null}.

"object": {
    "template": "$1",
    "metadata": {
      "created_time": 1605777517,
      "updated_time": 1605777544,
      "created_user": "5fb62211db627c110086466c",
      "description": "",
      "updated_user": "5fb62211db627c110086466c"
    },
    "query": {
      "IN": [
        "source_system",
        [
          {
            "type": "regex",
            "value": "*"
          }
        ]
      ]
    },
    "destination": "hey1",
    "pattern": "(.*)",
    "active": true,
    "id": "c4f76657-af93-41bb-97c2-c802930e124e",
    "source": "check",
    "type": "extraction"
  }