Learn
Documentation
Support
Community

Audit trail codes Infinity

The audit trail codes in this section apply to Nexthink Infinity.

Refer to the documentation specific to Audit trail codes Engine (classic) and Audit trail codes Portal (classic), depending on the case.

Refer to the Exporting audit logs to learn how to query audit trail codes.

Below are all audit trail codes necessary for writing audit-related queries and subsequently exporting audit log results through third-party integrations.

Audit codeAudited user activity

90211

User login.

User logged in, id=user id, name=user name, session_id=session id

90212

User logout.

The system reports: User logged out, id=user id, name=user name, session_id=session id

90213

User failed login attempt. The system reports: User failed login attempt, id=user id, name=user name, error="Invalid username, password or MFA provided"

90214

User is locked.

The system reports: User {0} is locked

91011

User update.

The system reports: Updated user, id=user uid, name=user name

91012

User creation.

The system reports: Created user, id=user uid, name=user name

91013

User deletion.

The system reports: Removed user, id=user uid, name=user name

91014

User update. The system reports: Updated user, id=user id, name=user name

91021

Role update.

The system reports: Updated role, id=role uid, name=role name

91022

Role creation.

The system reports: Added role, id=role uid, name=role name

91023

Role deletion.

The system reports: Removed role, id=role uid, name=role name

91031

API Credentials creation.

The system reports: Updated API credentials, id=API credentials uid, name=API credentials name

91032

API Credentials creation.

The system reports: Added API credentials, id=API credentials uid, name=API credentials name

91033

API Credentials deletion.

The system reports: Removed API credentials, id=API credentials uid, name=API credentials name

91181

Access granted.

The system reports: Granted access to content, ID=content uid, name=content name, role_id=role uid, role_name=role name, permission=type of permission granted

91182

Access update.

The system reports: Updated access to content, ID=content uid, name=content name, role_id=role uid, role_name=role name, permission=type of permission updated

91183

Access revoke.

The system reports: Revoked access to content, ID=content uid, name=content name, role_id=role uid, role_name=role name

92011

Remote action update.

The system reports: Updated remote action, ID=remote action uid, name=remote action name

92012

Remote action creation.

The system reports: Created remote action, ID=remote action uid, name=remote action name

92013

Remote action deletion.

The system reports: Deleted remote action, ID=remote action uid, name=remote action name

92021

Checklist update.

The system reports: Updated Checklist, ID=Checklist uid, name=Checklist name

92022

Checklist creation.

The system reports: Created Checklist, ID=Checklist uid, name=Checklist name

92023

Checklist deletion.

The system reports: Deleted ID=Checklist uid, name=Checklist name

92031

Campaign update.

The system reports: Updated campaign, ID=campaign uid, name=campaign name

92032

Campaign creation.

The system reports: Created campaign, ID=campaign uid, name=campaign name

92033

Campaign deletion.

The system reports: Deleted campaign, ID=campaign uid, name=campaign name

92041

Dashboard update.

The system reports: Updated dashboard, ID=dashboard uid, name=dashboard name

92042

Dashboard creation.

The system reports: Created dashboard, ID=dashboard uid, name=dashboard name

92043

Dashboard deletion.

The system reports: Deleted dashboard, ID=dashboard uid, name=dashboard name

92051

Monitor update.

The system reports: Updated monitor, ID=monitor uid, name=monitor name

92052

Monitor creation.

The system reports: Created monitor, ID=monitor uid, name=monitor name

92053

Monitor deletion.

The system reports: Deleted monitor, ID=monitor uid, name=monitor name

92061

Application update.

The system reports: Updated appex, ID=application uid, name=application name

92062

Application creation.

The system reports: Created appex, ID=application uid, name=application name

92063

Application deletion.

The system reports: Deleted appex, ID=application uid, name=application name

92071

Bulk export update.

The system reports: Updated bulk export, ID=bulk export uid, name=bulk export name

92072

Bulk export creation.

The system reports: Created bulk export, ID=bulk export uid, name=bulk export name

92073

Bulk export deletion.

The system reports: Deleted bulk export, ID=bulk export uid, name=bulk export name

92081

Webhook update.

The system reports: Updated webhook, ID=webhook uid, name=webhook name

92082

Webhook creation.

The system reports: Created webhook, ID=webhook uid, name=webhook name

92083

Webhook deletion.

The system reports: Deleted webhook, ID=webhook uid, name=webhook name

92091

Dex Score definition update.

The system reports: Updated dex, ID=dex uid, name=dex name

92092

Dex Score definition creation.

The system reports: Created dex, ID=dex uid, name=dex name

92093

Dex Score definition deletion.

The system reports: Deleted dex, ID=dex uid, name=dex name

92111

Azure connector update.

The system reports: Updated azure connector, ID=connector uid, name=connector name

92112

Azure connector creation.

The system reports: Created azure connector, ID=connector uid, name=connector name

92113

Azure connector deletion.

The system reports: Deleted azure connector, ID=connector uid, name=connector name

92121

Teams connector update.

The system reports: Updated teams connector, ID=connector uid, name=connector name

92122

Teams connector creation.

The system reports: Created teams connector, ID=connector uid, name=connector name

92123

Teams connector deletion.

The system reports: Deleted teams connector, ID=connector uid, name=connector name

92141

Zoom connector update.

The system reports: Updated zoom connector, ID=connector uid, name=connector name

92142

Zoom connector creation.

The system reports: Created zoom connector, ID=connector uid, name=connector name

92143

Zoom connector deletion.

The system reports: Deleted zoom connector, ID=connector uid, name=connector name

92151

Saved investigation update.

The system reports: Updated save investigation, ID=investigation uid, name=investigation name

92152

Saved investigation creation.

The system reports: Created save investigation, ID=investigation uid, name=investigation name

92153

Saved investigation deletion.

The system reports: Deleted save investigation, ID=investigation uid, name=investigation name

92171

Connector credentials update.

The system reports: Updated connector credentials, ID=connector uid, name=connector name

92172

Connector credentials creation.

The system reports: Created connector credentials, ID=connector uid, name=connector name

92173

Connector credentials deletion.

The system reports: Deleted connector credentials, ID=connector uid, name=connector name

92191

Amplify configuration update.

The system reports: Updated amplify configuration, ID=configuration uid, name=configuration name

92192

Amplify configuration creation.

The system reports: Created amplify configuration, ID=configuration uid, name=configuration name

92193

Amplify configuration deletion.

The system reports: Deleted amplify configuration, ID=configuration uid, name=configuration name

92201

Ms Avd connector update.

The system reports: Updated ms avd connector, ID=ms avd connector uid, name=ms avd connector name

92202

Ms Avd connector creation.

The system reports: Created ms avd connector, ID=ms avd connector uid, name=ms avd connector name

92203

Ms Avd connector deletion.

The system reports: Deleted ms avd connector, ID=ms avd connector uid, name=ms avd connector name

92221

Location type update.

The system reports: Updated location type, ID=location type uid, name=location type name

92222

Location type creation.

The system reports: Created location type, ID=location type uid, name=location type name

92231

NQL API update.

The system reports: Updated nql api, ID=nql api uid, name=nql api name

92232

NQL API creation.

The system reports: Created nql api, ID=nql api uid, name=nql api name

92233

NQL API deletion.

The system reports: Deleted nql api, ID=nql api uid, name=nql api name

92241

Product configuration update.

The system reports: Updated product configuration, ID=configuration uid, name=configuration name

92242

Product configuration creation.

The system reports: Created product configuration, ID=configuration uid, name=configuration name

92243

Product configuration deletion.

The system reports: Deleted product configuration, ID=configuration uid, name=configuration name

92251

Organization update.

The system reports: Updated organization, ID=organization uid, name=organization name

92252

Organization creation.

The system reports: Created organization, ID=organization uid, name=organization name

92261

Custom field update.

The system reports: Updated custom field, ID=custom field uid, name=custom field name (TYPE)

92262

Custom field creation.

The system reports: Created custom field, ID=custom field uid, name=custom field name (TYPE)

92263

Custom field deletion.

The system reports: Deleted custom field, ID=custom field uid, name=custom field name (TYPE)

92271

Collector update.

The system reports: Updated collector updater configuration, ID=collector uid, name=collector name

92272

Collector creation.

The system reports: Created collector updater configuration, ID=collector uid, name=collector name

92273

Collector deletion.

The system reports: Deleted collector updater configuration, ID=collector uid, name=collector name

92311

Custom trend update. The system reports: Updated custom trend, ID=d627929d-f70f-4b01-8319-e8b21df6e88c, name=trend-name

92312

Custom trend creation. The system reports: Created custom trend, ID=fc52162c-228d-47a4-ba39-c2ca3e395160, name=trends-snapshot-definition

92313

Custom trend deletion. The system reports: Deleted custom trend, ID=e583df14-f05f-4dd2-a389-24a9491547f0, name=trends-snapshot-definition

93011

External execution of a remote action through the API.

The system reports: API request manual execution of remote action, source= source where remote action is triggered, ID=remote action uid, name=remote action on n devices with uids devices uids

93262

Manual custom field update via API.

The system reports: Value of {object_type}/{object_type}/#custom_field_name updated at timestamp with request_id request ID by API user ID for 1 {object_type} via API.

94011

Manual execution of a remote action through the Web.

The system reports: Web request manual execution of remote action, source= source where remote action is triggered, ID=remote action uid, name=remote action on n devices with uids devices uids

94162

GDPR Data Retrieval on Infinity Platform.

The system reports: Data retrieval request for user 'username', Data={TYPE OF DATA}

94163

GDPR Anonymize Data for users/devices.

The system reports: Anonymized user 'username' / [Portal|UI|94163|account] Anonymized device 'device name'

94262

Manual custom field update via UI.

The system reports: Value of {object_type}/{object_type}/#custom_field_name updated at timestamp by user ID for 1 {object_type} via UI.

94301

Device deletion scheduled. The system reports: 2 device(s) scheduled successfully for deletion with the following device name(s): ABC-XYZ123456, XYZ-ABC123456

94303

User deletion scheduled (by user SID).

The system reports: 1 user(s) scheduled for deletion with the following SID(s): S-1-12-1-123456789

Last updated

© Nexthink

Privacy policyResponsible Disclosure Policy