| User login. User logged in, id=user id, name=user name, session_id=session id
|
| User logout. The system reports: User logged out, id=user id, name=user name, session_id=session id |
| User failed login attempt.
The system reports: User failed login attempt, id=user id, name=user name, error="Invalid username, password or MFA provided" |
| User is locked. The system reports: User {0} is locked |
| User update. The system reports: Updated user, id=user uid, name=user name |
| User creation. The system reports: Created user, id=user uid, name=user name |
| User deletion. The system reports: Removed user, id=user uid, name=user name |
| Role update. The system reports: Updated role, id=role uid, name=role name |
| Role creation. The system reports: Added role, id=role uid, name=role name |
| Role deletion. The system reports: Removed role, id=role uid, name=role name |
| API credentials update. The system reports: Updated API credentials, id=API credentials uid, name=API credentials name |
| API Credentials creation. The system reports: Added API credentials, id=API credentials uid, name=API credentials name |
| API Credentials deletion. The system reports: Removed API credentials, id=API credentials uid, name=API credentials name |
| Access granted. The system reports: Granted access to content, ID=content uid, name=content name, role_id=role uid, role_name=role name, permission=type of permission granted |
| Access update. The system reports: Updated access to content, ID=content uid, name=content name, role_id=role uid, role_name=role name, permission=type of permission updated |
| Access revoke. The system reports: Revoked access to content, ID=content uid, name=content name, role_id=role uid, role_name=role name |
| Remote action update. The system reports: Updated remote action, ID=remote action uid, name=remote action name |
| Remote action creation. The system reports: Created remote action, ID=remote action uid, name=remote action name |
| Remote action deletion. The system reports: Deleted remote action, ID=remote action uid, name=remote action name |
| Checklist update. The system reports: Updated Checklist, ID=Checklist uid, name=Checklist name |
| Checklist creation. The system reports: Created Checklist, ID=Checklist uid, name=Checklist name |
| Checklist deletion. The system reports: Deleted ID=Checklist uid, name=Checklist name |
| Campaign update. The system reports: Updated campaign, ID=campaign uid, name=campaign name |
| Campaign creation. The system reports: Created campaign, ID=campaign uid, name=campaign name |
| Campaign deletion. The system reports: Deleted campaign, ID=campaign uid, name=campaign name |
| Dashboard update. The system reports: Updated dashboard, ID=dashboard uid, name=dashboard name |
| Dashboard creation. The system reports: Created dashboard, ID=dashboard uid, name=dashboard name |
| Dashboard deletion. The system reports: Deleted dashboard, ID=dashboard uid, name=dashboard name |
| Monitor update. The system reports: Updated monitor, ID=monitor uid, name=monitor name |
| Monitor creation. The system reports: Created monitor, ID=monitor uid, name=monitor name |
| Monitor deletion. The system reports: Deleted monitor, ID=monitor uid, name=monitor name |
| Application update. The system reports: Updated appex, ID=application uid, name=application name |
| Application creation. The system reports: Created appex, ID=application uid, name=application name |
| Application deletion. The system reports: Deleted appex, ID=application uid, name=application name |
| Bulk export update. The system reports: Updated bulk export, ID=bulk export uid, name=bulk export name |
| Bulk export creation. The system reports: Created bulk export, ID=bulk export uid, name=bulk export name |
| Bulk export deletion. The system reports: Deleted bulk export, ID=bulk export uid, name=bulk export name |
| Webhook update. The system reports: Updated webhook, ID=webhook uid, name=webhook name |
| Webhook creation. The system reports: Created webhook, ID=webhook uid, name=webhook name |
| Webhook deletion. The system reports: Deleted webhook, ID=webhook uid, name=webhook name |
| Dex Score definition update. The system reports: Updated dex, ID=dex uid, name=dex name |
| Dex Score definition creation. The system reports: Created dex, ID=dex uid, name=dex name |
| Dex Score definition deletion. The system reports: Deleted dex, ID=dex uid, name=dex name |
| Azure connector update. The system reports: Updated azure connector, ID=connector uid, name=connector name |
| Azure connector creation. The system reports: Created azure connector, ID=connector uid, name=connector name |
| Azure connector deletion. The system reports: Deleted azure connector, ID=connector uid, name=connector name |
| Teams connector update. The system reports: Updated teams connector, ID=connector uid, name=connector name |
| Teams connector creation. The system reports: Created teams connector, ID=connector uid, name=connector name |
| Teams connector deletion. The system reports: Deleted teams connector, ID=connector uid, name=connector name |
| Workflow update.
The system reports: Updated workflow, ID=#workflow_name, name=Workflow_name |
| Workflow creation.
The system reports: Created workflow, ID=#workflow_name, name=Workflow_name |
| Workflow deletion.
The system reports: Deleted workflow, ID=#workflow_name, name=Workflow_name |
| Zoom connector update. The system reports: Updated zoom connector, ID=connector uid, name=connector name |
| Zoom connector creation. The system reports: Created zoom connector, ID=connector uid, name=connector name |
| Zoom connector deletion. The system reports: Deleted zoom connector, ID=connector uid, name=connector name |
| Saved investigation update. The system reports: Updated save investigation, ID=investigation uid, name=investigation name |
| Saved investigation creation. The system reports: Created save investigation, ID=investigation uid, name=investigation name |
| Saved investigation deletion. The system reports: Deleted save investigation, ID=investigation uid, name=investigation name |
| Connector credentials update. The system reports: Updated connector credentials, ID=connector uid, name=connector name |
| Connector credentials creation. The system reports: Created connector credentials, ID=connector uid, name=connector name |
| Connector credentials deletion. The system reports: Deleted connector credentials, ID=connector uid, name=connector name |
| Amplify configuration update. The system reports: Updated amplify configuration, ID=configuration uid, name=configuration name |
| Amplify configuration creation. The system reports: Created amplify configuration, ID=configuration uid, name=configuration name |
| Amplify configuration deletion. The system reports: Deleted amplify configuration, ID=configuration uid, name=configuration name |
| Ms Avd connector update. The system reports: Updated ms avd connector, ID=ms avd connector uid, name=ms avd connector name |
| Ms Avd connector creation. The system reports: Created ms avd connector, ID=ms avd connector uid, name=ms avd connector name |
| Ms Avd connector deletion. The system reports: Deleted ms avd connector, ID=ms avd connector uid, name=ms avd connector name |
| Location type update. The system reports: Updated location type, ID=location type uid, name=location type name |
| Location type creation. The system reports: Created location type, ID=location type uid, name=location type name |
| NQL API update. The system reports: Updated nql api, ID=nql api uid, name=nql api name |
| NQL API creation. The system reports: Created nql api, ID=nql api uid, name=nql api name |
| NQL API deletion. The system reports: Deleted nql api, ID=nql api uid, name=nql api name |
| Product configuration update. The system reports: Updated product configuration, ID=configuration uid, name=configuration name |
| Product configuration creation. The system reports: Created product configuration, ID=configuration uid, name=configuration name |
| Product configuration deletion. The system reports: Deleted product configuration, ID=configuration uid, name=configuration name |
| Organization update. The system reports: Updated organization, ID=organization uid, name=organization name |
| Organization creation. The system reports: Created organization, ID=organization uid, name=organization name |
| Custom field update. The system reports: Updated custom field, ID=custom field uid, name=custom field name (TYPE) |
| Custom field creation. The system reports: Created custom field, ID=custom field uid, name=custom field name (TYPE) |
| Custom field deletion. The system reports: Deleted custom field, ID=custom field uid, name=custom field name (TYPE) |
| Collector update. The system reports: Updated collector updater configuration, ID=collector uid, name=collector name |
| Collector creation. The system reports: Created collector updater configuration, ID=collector uid, name=collector name |
| Collector deletion. The system reports: Deleted collector updater configuration, ID=collector uid, name=collector name |
| Custom trend update.
The system reports: Updated custom trend, ID=d627929d-f70f-4b01-8319-e8b21df6e88c, name=trend-name |
| Custom trend creation.
The system reports: Created custom trend, ID=fc52162c-228d-47a4-ba39-c2ca3e395160, name=trends-snapshot-definition |
| Custom trend deletion.
The system reports: Deleted custom trend, ID=e583df14-f05f-4dd2-a389-24a9491547f0, name=trends-snapshot-definition |
| External execution of a remote action through the API. The system reports: API request manual execution of remote action, source= source where remote action is triggered, ID=remote action uid, name=remote action on n devices with uids devices uids |
| External triggering of a campaign through the API.
The system reports: API request manual triggering of campaign, ID=nql_id_of_campaign, name=Campaign Name on n users with SIDs |
| Manual custom field update via API. The system reports: Value of {object_type}/{object_type}/#custom_field_name updated at timestamp with request_id request ID by API user ID for 1 {object_type} via API. |
| Manual execution of a remote action through the Web. The system reports: Web request manual execution of remote action, source= source where remote action is triggered, ID=remote action uid, name=remote action on n devices with uids devices uids |
| Manual triggering of a campaign through the Web. The system reports: Manual triggering of a campaign through the Web, ID=nql_id_of_campaign, name=Campaign Name on n users with SIDs or on all users from an investigation |
| GDPR Data Retrieval on Infinity Platform. The system reports: Data retrieval request for user 'username', Data={TYPE OF DATA} |
| GDPR Anonymize Data for users/devices. The system reports: Anonymized user 'username' / [Portal|UI|94163|account] Anonymized device 'device name' |
| Manual custom field update via UI. The system reports: Value of {object_type}/{object_type}/#custom_field_name updated at timestamp by user ID for 1 {object_type} via UI. |
| Device deletion scheduled.
The system reports: 2 device(s) scheduled successfully for deletion with the following device name(s): ABC-XYZ123456, XYZ-ABC123456 |
| User deletion scheduled (by user SID). The system reports: 1 user(s) scheduled for deletion with the following SID(s): S-1-12-1-123456789 |
