Audit trail codes Infinity
The audit trail codes in this section apply to Nexthink Infinity.
Refer to the documentation specific to Audit trail codes Engine (classic) and Audit trail codes Portal (classic), depending on the case.
Refer to the Exporting audit logs to learn how to query audit trail codes.
Below are all audit trail codes necessary for writing audit-related queries and subsequently exporting audit log results through third-party integrations.
90211
User login.
User logged in, id=user id, name=user name, session_id=session id
90212
User logout.
The system reports: User logged out, id=user id, name=user name, session_id=session id
90213
User failed login attempt.
The system reports: User failed login attempt, id=user id, name=user name, error="Invalid username, password or MFA provided"
90214
User is locked.
The system reports: User {0} is locked
91011
User update.
The system reports: Updated user, id=user uid, name=user name
91012
User creation.
The system reports: Created user, id=user uid, name=user name
91013
User deletion.
The system reports: Removed user, id=user uid, name=user name
91021
Role update.
The system reports: Updated role, id=role uid, name=role name
91022
Role creation.
The system reports: Added role, id=role uid, name=role name
91023
Role deletion.
The system reports: Removed role, id=role uid, name=role name
91031
API credentials update.
The system reports: Updated API credentials, id=API credentials uid, name=API credentials name
91032
API Credentials creation.
The system reports: Added API credentials, id=API credentials uid, name=API credentials name
91033
API Credentials deletion.
The system reports: Removed API credentials, id=API credentials uid, name=API credentials name
91181
Access granted.
The system reports: Granted access to content, ID=content uid, name=content name, role_id=role uid, role_name=role name, permission=type of permission granted
91182
Access update.
The system reports: Updated access to content, ID=content uid, name=content name, role_id=role uid, role_name=role name, permission=type of permission updated
91183
Access revoke.
The system reports: Revoked access to content, ID=content uid, name=content name, role_id=role uid, role_name=role name
92011
Remote action update.
The system reports: Updated remote action, ID=remote action uid, name=remote action name
92012
Remote action creation.
The system reports: Created remote action, ID=remote action uid, name=remote action name
92013
Remote action deletion.
The system reports: Deleted remote action, ID=remote action uid, name=remote action name
92021
Checklist update.
The system reports: Updated Checklist, ID=Checklist uid, name=Checklist name
92022
Checklist creation.
The system reports: Created Checklist, ID=Checklist uid, name=Checklist name
92023
Checklist deletion.
The system reports: Deleted ID=Checklist uid, name=Checklist name
92031
Campaign update.
The system reports: Updated campaign, ID=campaign uid, name=campaign name
92032
Campaign creation.
The system reports: Created campaign, ID=campaign uid, name=campaign name
92033
Campaign deletion.
The system reports: Deleted campaign, ID=campaign uid, name=campaign name
92041
Dashboard update.
The system reports: Updated dashboard, ID=dashboard uid, name=dashboard name
92042
Dashboard creation.
The system reports: Created dashboard, ID=dashboard uid, name=dashboard name
92043
Dashboard deletion.
The system reports: Deleted dashboard, ID=dashboard uid, name=dashboard name
92051
Monitor update.
The system reports: Updated monitor, ID=monitor uid, name=monitor name
92052
Monitor creation.
The system reports: Created monitor, ID=monitor uid, name=monitor name
92053
Monitor deletion.
The system reports: Deleted monitor, ID=monitor uid, name=monitor name
92061
Application update.
The system reports: Updated appex, ID=application uid, name=application name
92062
Application creation.
The system reports: Created appex, ID=application uid, name=application name
92063
Application deletion.
The system reports: Deleted appex, ID=application uid, name=application name
92071
Bulk export update.
The system reports: Updated bulk export, ID=bulk export uid, name=bulk export name
92072
Bulk export creation.
The system reports: Created bulk export, ID=bulk export uid, name=bulk export name
92073
Bulk export deletion.
The system reports: Deleted bulk export, ID=bulk export uid, name=bulk export name
92081
Webhook update.
The system reports: Updated webhook, ID=webhook uid, name=webhook name
92082
Webhook creation.
The system reports: Created webhook, ID=webhook uid, name=webhook name
92083
Webhook deletion.
The system reports: Deleted webhook, ID=webhook uid, name=webhook name
92091
Dex Score definition update.
The system reports: Updated dex, ID=dex uid, name=dex name
92092
Dex Score definition creation.
The system reports: Created dex, ID=dex uid, name=dex name
92093
Dex Score definition deletion.
The system reports: Deleted dex, ID=dex uid, name=dex name
92111
Azure connector update.
The system reports: Updated azure connector, ID=connector uid, name=connector name
92112
Azure connector creation.
The system reports: Created azure connector, ID=connector uid, name=connector name
92113
Azure connector deletion.
The system reports: Deleted azure connector, ID=connector uid, name=connector name
92121
Teams connector update.
The system reports: Updated teams connector, ID=connector uid, name=connector name
92122
Teams connector creation.
The system reports: Created teams connector, ID=connector uid, name=connector name
92123
Teams connector deletion.
The system reports: Deleted teams connector, ID=connector uid, name=connector name
92131
Workflow update.
The system reports: Updated workflow, ID=#workflow_name, name=Workflow_name
92132
Workflow creation.
The system reports: Created workflow, ID=#workflow_name, name=Workflow_name
92133
Workflow deletion.
The system reports: Deleted workflow, ID=#workflow_name, name=Workflow_name
92141
Zoom connector update.
The system reports: Updated zoom connector, ID=connector uid, name=connector name
92142
Zoom connector creation.
The system reports: Created zoom connector, ID=connector uid, name=connector name
92143
Zoom connector deletion.
The system reports: Deleted zoom connector, ID=connector uid, name=connector name
92151
Saved investigation update.
The system reports: Updated save investigation, ID=investigation uid, name=investigation name
92152
Saved investigation creation.
The system reports: Created save investigation, ID=investigation uid, name=investigation name
92153
Saved investigation deletion.
The system reports: Deleted save investigation, ID=investigation uid, name=investigation name
92171
Connector credentials update.
The system reports: Updated connector credentials, ID=connector uid, name=connector name
92172
Connector credentials creation.
The system reports: Created connector credentials, ID=connector uid, name=connector name
92173
Connector credentials deletion.
The system reports: Deleted connector credentials, ID=connector uid, name=connector name
92191
Amplify configuration update.
The system reports: Updated amplify configuration, ID=configuration uid, name=configuration name
92192
Amplify configuration creation.
The system reports: Created amplify configuration, ID=configuration uid, name=configuration name
92193
Amplify configuration deletion.
The system reports: Deleted amplify configuration, ID=configuration uid, name=configuration name
92201
Ms Avd connector update.
The system reports: Updated ms avd connector, ID=ms avd connector uid, name=ms avd connector name
92202
Ms Avd connector creation.
The system reports: Created ms avd connector, ID=ms avd connector uid, name=ms avd connector name
92203
Ms Avd connector deletion.
The system reports: Deleted ms avd connector, ID=ms avd connector uid, name=ms avd connector name
92221
Location type update.
The system reports: Updated location type, ID=location type uid, name=location type name
92222
Location type creation.
The system reports: Created location type, ID=location type uid, name=location type name
92231
NQL API update.
The system reports: Updated nql api, ID=nql api uid, name=nql api name
92232
NQL API creation.
The system reports: Created nql api, ID=nql api uid, name=nql api name
92233
NQL API deletion.
The system reports: Deleted nql api, ID=nql api uid, name=nql api name
92241
Product configuration update.
The system reports: Updated product configuration, ID=configuration uid, name=configuration name
92242
Product configuration creation.
The system reports: Created product configuration, ID=configuration uid, name=configuration name
92243
Product configuration deletion.
The system reports: Deleted product configuration, ID=configuration uid, name=configuration name
92251
Organization update.
The system reports: Updated organization, ID=organization uid, name=organization name
92252
Organization creation.
The system reports: Created organization, ID=organization uid, name=organization name
92261
Custom field update.
The system reports: Updated custom field, ID=custom field uid, name=custom field name (TYPE)
92262
Custom field creation.
The system reports: Created custom field, ID=custom field uid, name=custom field name (TYPE)
92263
Custom field deletion.
The system reports: Deleted custom field, ID=custom field uid, name=custom field name (TYPE)
92271
Collector update.
The system reports: Updated collector updater configuration, ID=collector uid, name=collector name
92272
Collector creation.
The system reports: Created collector updater configuration, ID=collector uid, name=collector name
92273
Collector deletion.
The system reports: Deleted collector updater configuration, ID=collector uid, name=collector name
92311
Custom trend update.
The system reports: Updated custom trend, ID=d627929d-f70f-4b01-8319-e8b21df6e88c, name=trend-name
92312
Custom trend creation.
The system reports: Created custom trend, ID=fc52162c-228d-47a4-ba39-c2ca3e395160, name=trends-snapshot-definition
92313
Custom trend deletion.
The system reports: Deleted custom trend, ID=e583df14-f05f-4dd2-a389-24a9491547f0, name=trends-snapshot-definition
93011
External execution of a remote action through the API.
The system reports: API request manual execution of remote action, source= source where remote action is triggered, ID=remote action uid, name=remote action on n devices with uids devices uids
93031
External triggering of a campaign through the API.
The system reports: API request manual triggering of campaign, ID=nql_id_of_campaign, name=Campaign Name on n users with SIDs
93262
Manual custom field update via API.
The system reports: Value of {object_type}/{object_type}/#custom_field_name updated at timestamp with request_id request ID by API user ID for 1 {object_type} via API.
94011
Manual execution of a remote action through the Web.
The system reports: Web request manual execution of remote action, source= source where remote action is triggered, ID=remote action uid, name=remote action on n devices with uids devices uids
94031
Manual triggering of a campaign through the Web.
The system reports: Manual triggering of a campaign through the Web, ID=nql_id_of_campaign, name=Campaign Name on n users with SIDs or on all users from an investigation
94162
GDPR Data Retrieval on Infinity Platform.
The system reports: Data retrieval request for user 'username', Data={TYPE OF DATA}
94163
GDPR Anonymize Data for users/devices.
The system reports: Anonymized user 'username' / [Portal|UI|94163|account] Anonymized device 'device name'
94262
Manual custom field update via UI.
The system reports: Value of {object_type}/{object_type}/#custom_field_name updated at timestamp by user ID for 1 {object_type} via UI.
94301
Device deletion scheduled.
The system reports: 2 device(s) scheduled successfully for deletion with the following device name(s): ABC-XYZ123456, XYZ-ABC123456
94303
User deletion scheduled (by user SID).
The system reports: 1 user(s) scheduled for deletion with the following SID(s): S-1-12-1-123456789
Last updated