Event Log Parameter Descriptions

Listing records in the Radius 802.1x Configuration event in the Administration/Radius 802.1x Config page

{}

No parameter

Deleting AAPM account event in the AAPM Management page

{applicationIp=[0.0.0.0/0], sapmAccounts=[/Test group/test3], eventUsername=admin, sapmGroups=[/Test group], allowListingAccounts=false, dbId=7232127, isActiveUsageLimitation=false, isActiveTimeLimitation=false, pinPort=0, applicationName=aa}

applicationIp=Deleted App IP, sapmAccounts= The SAPM accounts connected to the deleted AAPM account, eventUsername= The username of the account which deleted the AAPM Account, sapmGroups= The SAPM groups connected to the deleted AAPM account, allowListingAccounts= The allowance status for listing the account , dbId=Deleted AAPM account's DB ID, isActiveUsageLimitation= The allowance status for activating the user limitation , isActiveTimeLimitation=The allowance status for activating the time limitation, pinPort= PIN port is the requester server port Kron PAM shares the PIN value with. With this PIN value the requester can get the secret if other requirements are satisfied. It is 0, if there is no pin , applicationName= Deleted AAPM account's name

Creating/Editing account event in the AAPM Management page

{applicationIp=[0.0.0.1/24, 10.0.8.1/24], sapmAccounts=[elifStaticUserCredential], eventUsername=admin, sapmGroups=[], allowListingAccounts=false, isActiveUsageLimitation=false, isActiveTimeLimitation=false, pinPort=0, applicationName=AAPMStaticUserCredential}

applicationIp= AAPM account IP address, sapmAccounts=SAPM accounts assigned to the AAPM account, eventUsername=Username of the account that created/edited the AAPM account, sapmGroups=SAPM groups assigned to the AAPM account, allowListingAccounts=false, isActiveUsageLimitation=Status(True/False) of active usage limitation, isActiveTimeLimitation=Status(True/False) of active time limitation, pinPort=value of Pin sending port, applicationName= AAPM account name

Searching AAPM account event in the AAPM Management page

{applicationIp=[], sapmAccounts=[], pinPort=0, sapmGroups=[], dbId=843015}

{applicationIp= application IP Address, sapmAccounts=SAPM accounts included in the AAPM account, pinPort= PIN port is the requester server port Kron PAM shares the PIN value with. With this PIN value the requester can get the secret, if other requirements are satisfied., sapmGroups=SAPM groups included in the AAPM account, dbId= AAPM account DB Id

Creating/Editing configuration event in the AAPM Management page

{name=test, description=asd, strategy=ORACLE_WEBLOGIC}

name= AAPM Configuration name, description= AAPM Configuration description, strategy= The strategy for the created AAPM configuration

Searching AAPM configuration event in the AAPM Management page

{}

No parameter

Deleting AAPM trigger event in the AAPM Management page

{dbId=5968539, targetDeviceGroup=Windows, targetType=BULK, elementTypeId=windows, sapmUsername=irem.sapm2, config=com.kron.sc.aapm.api.pojo.AapmConfig@6502ecdb}

dbId=Deleted trigger's DB ID, targetDeviceGroup= Trigger's target device group, targetType= Trigger’s target type, elementTypeId= Selected device group’s Element type Id, sapmUsername= Trigger’s selected SAPM account, config= Trigger’s Selected AAPM configuration

Creating/Editing trigger event in the AAPM Management page

{targetDeviceGroup=testedted, sapmDeviceIp=10.20.42.56, targetType=BULK, elementTypeId=windows, sapmUsername=irem.sapm1, config=com.kron.sc.aapm.api.pojo.AapmConfig@7f8c94eb}

targetDeviceGroup= Saved trigger Target device group Name, sapmDeviceIp= The IP of the SAPM account chosen for trigger, targetType= Saved trigger target type, elementTypeId= Saved trigger element type id, sapmUsername= Selected SAPM account username for the saved trigger, config= Saved trigger selected AAPM configuration

Searching AAPM trigger event in the AAPM Management page

{}

No parameter

Searching APPM trigger process event in the AAPM Management page

{}

No parameter

Adding permission to account event via API

{sapmDbId=268567, newPermissions={9aeddee5-d9a2-4a0c-b476-cc58e8083a74=FULL_CONTROL}}

sapmDbId= DB ID of the SAPM account with the new permissions assigned, newPermission= given permissions to the SAPM accounts with the value {User Group ID=Permission Type}

Adding SAPM account event via API

{dbId=452373}

dbId= SAPM account db_id

Adding SAPM group event via API

{dbId=452064}

dbId= SAPM group dbid in the sapm_group table

Adding new command or Editing existing command event in the Privileged Task Manager/Command Template page

{name=Date, expression=date}

name = Created/Edited command name, expression = command

Creating SAPM groups event via API

{318198=Group A, 318200=Groupx}

{dbid=name} Created SAPM Groups are listed with the value SAPM Group DB ID= SAPM Group Name

Deleting approval manager from SAPM group via API

{managerToDelete=24ad7d47-aa17-4cf9-89c2-0a07f55bc7f4, dbId=451986}

managerToDelete = Manager to be deleted

Deleting user from approved user list of SAPM Account event via API

{userName=os.expert1, dbId=452373}

userName= approved user username, dbId= SAPM account db_id

Deleting SAPM account's permissions event via API

{permissionsToDelete={9aeddee5-d9a2-4a0c-b476-cc58e8083a74=READ_ONLY}, sapmDbId=270640}

"sapmDbId": SAPM account DB ID, "permissionToDelete": Permission to be deleted with the values ("user group id" = "permission type")

Deleting SAPM group's permissions event via API

{"dbId"=85202, PermissionToDelete={9aeddee5-d9a2-4a0c-b476-cc58e8083a74=READ_ONLY},"applySub"="true"}

"dbId"= SAPM group DB ID, "permissionToDelete"=Permission to be deleted with the values ("user group id" = "permission type"), "applySub"= Given value of deletion process to apply the delete operation on the subgroups of the SAPM Group

Deleting SAPM account event via API

{"dbId"=10626}

"dbId"= deleted SAPM account DB ID

Deleting SAPM group event in via API

{dbId=51014}

dbId= Deleted SAPM account DB ID

Deleting device event in the Device Management page

{deviceName=10.20.42.19, managementIp=10.20.42.19}

deviceName= added device name (if nothing is entered it will be the same as managmentIp), managementIp= added device IP address

Creating/Editing device event in the Device Management page

{deviceName=10.20.42.63, managementIp=10.20.42.63}

deviceName= deleted device Name, managementIp = deleted device IP address

Searching device group realm event in the Device Management page

{userGroups=[], deviceGroups=[LinuxDG]}

userGroups=User Group Names, deviceGroups= Device Group Names

Showing device group secret event in the Device Management page

{propertyKey=globalPassword, deviceGroupName=rdp-40.64}

propertyKey= Device group property key name whose secret was shown, deviceGroupName= The name of the device group whose secret was shown

Adding device property event in the Device Management page

{propertyKey=remoteDesktop.server-layout, propertyValue=ru-ru, managementIp=10.20.40.64}

propertyKey= Added property key name, propertyValue= added property key value, managementIp= IP address of the device to which was added a property key

Removing device property event in the Device Management page

{propertyKey=remoteDesktop.ignore-cert, managementIp=0.0.0.0}

propertyKey= removed property key name, managementIp=IP address of device whose property was removed

Editing devices event in the Device Management page

{managementIp=10.20.42.55, deviceName=10.20.42.55, accessProtocol=RDP}

managementIp= rediscovered device IP address, deviceName = rediscovered device name, accessProtocol= rediscovered device access protocol type

Deleting device group event in the Device Management page

{groupName=Linux}

groupName= deleted device group name

Creating/Editing device group event in the Device Management page

{groupName=ssh-42.63}

groupName= Created/Edited device group name

Deleting subnet of device group event in the Device Management/Device Group page

{subnetCidr=12, deviceGroupName=Linux, subnetIP=10.20.42.56}

subnetCidr= deleted subnet CIDR value, deviceGroupName=Name of device group whose subnet is deleted, subnetIP= deleted subnet IP address

Adding/Editing device group subnet event in the Device Management/Device Group page

{subnetCidr=12, deviceGroupName=testedted, subnetIP=0.0.0.0}

subnetCidr= defined subnet CIDR value, deviceGroupName=Name of device group whose subnet is saved, subnetIP= saved subnet IP address

Deleting device realm event in the Device Management page.

{realmName=test}

realmName= deleted device group realm name

Creating/Editing device realm event in the Device Management page.

{addedDeviceGroups=ssh-42.63,rdp-42.55, realmName=test-realm1, addedUserGroups=hw-experts,hw-managers,os-managers,os-experts}

addedDeviceGroups=Name of device groups that a realm is added to, realmName= new realm name, addedUserGroups=Name of user groups that a realm is added to

Deleting device element type event in the Device Management page

{elementTypeProperties=[], elementTypeid=test, elementTypeName=te}

elementTypeProperties=Element type properties of the deleted element type, elementTypeid= element type ID, elementTypeName= Element type name of deleted element type

Creating/Editing device element type event in the Device Management page

{elementTypeProperties=[], elementTypeid=test, elementTypeName=te}

elementTypeProperties=Created/Edited element type properties, elementTypeid= Element type ID, elementTypeName=New element type name

Searching device element type event in the Device Management page

{}

No parameter

Editing SAPM account event in the SAPM Management page

{dbId=452646}

dbId=Edited SAPM account DB ID

Editing SAPM group event in SAPM via API

{"dbId":85829, "parentSapmGroupId":85202, "name":"group-2"}

dbId=Edited SAPM group DB ID, parentSapmGroupId=Edited SAPM group's parent group, name= edited SAPM group name

Requesting approval for an SAPM account event via API

{dbId=268567}

dbId=DB ID of SAPM account the approval was requested for

Requesting approval for an SAPM group event via API

{dbId=268244}

dbId=DB ID of SAPM group the approval was requested for

Getting  list of approved user list of an SAPM account event via API

{dbId=452373}

dbId= SAPM account DB ID

Getting list of approved user list of an SAPM group event via API

{dbId=451986}

dbId= SAPM group DB ID

Getting a list of approvers of an SAPM group event via API

{dbId=452373}

dbId= SAPM group DB ID

Getting a list of approvers of an SAPM account event via API

{dbId=630178}

dbId= SAPM account DB ID

Getting list of approvers of an SAPM account event via API

{dbId=452646}

dbId= SAPM account DB ID

Getting list of approvers of an SAPM group event via API

{"dbId": 85358}

dbId= SAPM group DB ID

Getting list of approvers of an SAPM group event via API

{dbId=630152}

dbId= SAPM group DB ID

Getting the device information in detail by ID event via API

{1ec9187a-382a-4242-af59-38f5539ce1f6=10.20.42.63}

Device ID of the device whose device information is retrieved

Getting the device information in detail by name event via API

DEVICENAME

Device Name of the device whose device information is retrieved

Getting the device group information in detail by name event via API

DEVICEGROUPNAME

Device Group Name of the device group whose information is retrieved

Listing Device groups of logged on user via API

{dg.sc_proxy=Proxy, dff66252-b667-4722-88b3-fb10ec99bb62=rdp-41.55, e08181b0-26f6-499f-9e69-e61165f8cabf=Linux, 89d36c8a-fbcf-4688-8922-3ee3eca8752b=ssh-42.19}

Device Group ID=Device Group Name listed for the Session User

Getting the device information in a device group by device group ID event via API

DEVICEGROUPID

Device group DB ID

Getting all element types event via API

{checkpoint=CheckPoint, huawei_sgsn=Huawei SGSN, aruba_wireless=Aruba Wireless, opensuse=openSUSE, Fortinet_Ogd=FORTINET OGD, a10_nat=A10 NAT, arbor_ddos=Arbor DDOS, huawei_nat=Huawei NAT, juniper_nsm_firewall=Juniper NSM Firewall, tic=TIC Aplenes, juniper_ssg_firewall=Juniper SSG Firewall, ericsson_HSS=Ericsson HSS, sc_proxy=SC PROXY, aws_aurora_mysql=AWS Aurora MySQL, ericsson_nat=Ericcson NAT, acme=ACME, nokia_wdm_pss32=Nokia WDM PSS32, a10_lb=A10 LB, aws_aurora_postgresql=AWS Aurora PostgreSQL, mysql=MySQL, arbor_pravail=Arbor PRAVAIL, huawei_olt=Huawei OLT, juniper_sa4_firewall=Juniper SA4 Firewall, huawei_vrp=Huawei NE40e-X8 VRP, citrix_load_balancer=Citrix Load Balancer, palo_alto=Palo Alto, ubuntu=Ubuntu, juniper_isg_firewall=Juniper ISG Firewall, oracledb=Oracle DB, cisco_nexus=Cisco Nexus Switch, ericsson_ccn=Ericcson CCN, suse_enterprise=SUSE Linux Enterprise, fortigate_firewall=Fortigate Firewall, juniper=Juniper Router, redhat=Red Hat, ericsson_mtas=Ericsson MTAS, alcatel_nms=Alcatel-Lucent NMS, cisco_ios=Cisco IOS Router, checkpoint_firewall=Checkpoint Firewall, genband=GENBAND, cassandra=Cassandra, f5_load_balancer=F5 Load Balancer, ibm_ips=IBM IPS, sandvine_pts=SANDVINE PTS, alcatel_switch=Alcatel-Lucent Switch, huawei_dslam=Huawei DSLAM, centos=CentOS, hive=Hive, juniper_srx_firewall=Juniper SRX Firewall, ericsson_sbg=Ericsson SBG, sap_hana=SAP HANA, enterasys=Enterasys, cisco_wireless=Cisco Wireless, sap_sybase=SAP Sybase, alcatel_router=Alcatel-Lucent Router, sandvine_sde=SANDVINE SDE, vmware_esxi=VMWare ESXi, postgresql=PostgreSQL, cisco_router_3600=Cisco 3600 Series Router, fortinet_fortigate=Fortinet FortiGate, couchbase=Couchbase, ericsson_sgsn=Ericcson SGSN, linux=Linux Server, mcafee_ips=MCAFEE IPS, cisco_ios_switch=Cisco IOS Switch, solaris=Solaris, mssql=MsSQL, rapid7_firewall=Rapid7 Firewall, cisco_ios_xe=Cisco IOS-XE Router, bluecat_dns=Bluecat DNS, teradata=Teradata, ericsson_ims=Ericcson Dicos IMS, windows=Windows, juniper_switch=Juniper Switch, huawei_switch=Huawei Switch, f5_big_ip=F5 Big IP, cisco_ios_xr=Cisco IOS-XR Router, ericsson_cscf=Ericsson CSCF, db2=Db2, fedora=Fedora, hp_switch=HP Switch, redback=Redback Router, huawei_router=Huawei Router, sandvine_spb=SANDVINE SPB, huawei_nms=Huawei NMS}

Listed all element types with the values element_type_id=element_type_name

Setting reminder for SAPM password reservation event in the SAPM Manager page

{RemindBeforeValues={15=15 Minutes}}

RemindBeforeValues= reminder value (for example, it reminds the user he/she will get the password in 15 minutes.)

Getting permission for SAPM group event via API

{dbId=451986}

dbId= SAPM group DB ID

Getting users credentials by ID event via API

{userName=admin, userId=25e53f47-ce66-4df2-9abc-6961dc668264}

userName= searched user username, userId= searched user ID

Deleting user group event in the User Management/User Accounts page

{userGroupName=tested}

userGroupName= Deleted user group's name

Creating/Editing User group event in the User Management/User Accounts page

{newAddedManagers=[os.expert1], addedUsers=[os.expert1], userGroupName=os-experts, removedManagers=[testuser]}

newAddedManagers= New managers of the user group, addedUsers=Added users to the user group, userGroupName= Created/Edited user group name, removedManagers= Removed Managers of the user group

Searching group event in the User Management/User Accounts/User Group Definition page

{adminGroup=false, usersStr=, autonomousGroup=false, allowConsoleAccess=false, approvalRequiredForConnection=false, allowDirectAccess=false, keepDeviceRealms=true, users=[], managers=[], recordLimit=1001}

adminGroup=Admin group selectance status, usersStr=has default value as null, autonomousGroup= Autonomous group selectance status, allowConsoleAccess=allowance status of the console access, approvalRequiredForConnection=Approval requirements for connection status, allowDirectAccess= direct access allowance status, keepDeviceRealms=Keeping device realms status (has default value as true), users=Users of the user group to be searched, managers= Managers of the user group to be searched, recordLimit=Search limitation to be listed (has default value)

Preventing deletion of an LDAP user, if the user is in a local User group

{userName=testuser, existingGroups=[TestUserGr]}

Username=username of the user that is prevented from being deleted, exsistingGroups=Local user group name, including the user that is prevented from being deleted

After assigning manager SAPM group/account approval is required event in the SAPM Management page

{dbId=452373}

dbId= DB ID of approval assigned SAPM group/account

Creating/Editing LDAP server in the Administration/LDAP Manager page

{URL=ldap://10.20.40.120:389, Ldap Source=ldap55}

URL= LDAP server URL, Ldap Source= LDAP server Source Name

Searching Linux Audit Report event in the Audit Report page

{}

No parameter

Listing SAPM group's accounts and subs-groups event via API

{dbId=50970}

dbId= DB ID of SAPM group whose accounts and sub-groups are listed

Listing SAPM group's accounts event via API

{"dbId"= 85202,"applySub"=true }

dbId= DB ID of SAPM group whose accounts are listed, applySub= Given value of listing process to apply to the listing operation on the subgroups of the SAPM Group

Listing SAPM subs-groups event via API

{dbId=138607}

dbId=DB ID of SAPM group whose subgroups are listed

Listing SAPM group's permissions event via API

{dbId=3686}

dbId= DB ID of SAPM group whose permissions are listed

Listing permission of the SAPM account event via API

{dbId=11236}

dbId= DB ID of SAPM account whose permissions are listed

Listing SAPM accounts in a group event via API

{"dbId"= 6990, "applySub"= true}

dbId= DB ID of SAPM group whose accounts are listed, applySub= Given value of listing process to apply to the listing operation on the subgroups of the SAPM Group

Listing all SAPM configs event via API

{-46670=CheckPoint R80.10, -75631=Huawei ATN 910C Router, -1003887=Twitter, -74986=GENBAND Q21 SBC, -75911=Juniper vMX Series, -265948=Juniper vMX Series SSH Key, -75833=Huawei NE40-X8 Router, -627337=WinRM, -190821=VMWare ESXi - Root User, -412267=PostgreSQL, -141739=SAP HANA, -186400=Ericsson SGSN-MME OM_ADMIN Account, -306414=SAP Sybase, -1005270=Github, -412262=Oracle DB, -42021=openSUSE}

Congid ID=Name listed for all defined SAPM configs

Listing all SAPM groups events via API

{14251=Group1, 13827=GroupA, 70679=Static Group}

Sapm Group dbID= listed SAPM Group names

Searching sessions log event in the Logging/Session Log page

{negativeUsername=false, sessionAuditModels=[], negativeHost=false, negativeDeviceGroup=false, hostIp=, sessionEndTime=Tue Oct 27 17:59:59 GMT-03:00 2020, sessionStartTime=Mon Oct 26 18:00:00 GMT-03:00 2020, userName=, recordLimit=2001}

negativeUsername=Excluded selected user status, sessionAuditModels=has default value as null, negativeHost=Excluded selected host status, negativeDeviceGroup=Excluded selected device groups status, hostIp=Host IP entered, sessionEndTime=Session end time, sessionStartTime=Session start time, userName=Username entered to be searched, recordLimit= Search limitation to be listed (has default value)

Searching Tacacs account event in the Logging/Tacacs Account Log page

{negativeUsername=false, negativeHost=false, negativeDeviceGroup=false, hostIp=, sessionEndTime=Fri Nov 20 17:59:59 GMT-03:00 2020, sessionStartTime=Thu Nov 19 18:00:00 GMT-03:00 2020, recordLimit=5001}

negativeUsername=Excluded selected user status, negativeHost=Excluded selected hosts status, negativeDeviceGroup=Excluded selected device groups status, hostIp=Host IP entered, sessionEndTime=Session end time, sessionStartTime=Session start time, userName=Username entered, recordLimit= Search limitation to be listed (has default value)

Searching user authentication log event in the Logging/User Auth. Log page

{userGroups=[], negativeUsername=false, filterEmptyUsernames=true, negativeUserGroup=false, startTime=Thu Nov 19 18:00:00 GMT-03:00 2020, endTime=Fri Nov 20 17:59:59 GMT-03:00 2020, recordLimit=2001}

userGroups=User groups entered to be searched, negativeUsername=Excluded selected usernames status, filterEmptyUsernames=true, negativeUserGroup=Excluded selected user groups status, startTime= Session start time, endTime=Session end time, recordLimit=Search limitation to be listed (has default value)}

Sending mail event

{templateDataModel={manager=com.kron.netright.kernel.internal.UserImpl@d048dfb9, isGroupAdded=true, updaterUser=com.kron.netright.kernel.internal.UserImpl@667dd00e, updatedUser=com.kron.netright.kernel.internal.UserImpl@d048dfb9, group=com.kron.netright.kernel.internal.GroupImpl@a482438f}, contentTemplate=userGroupChanged, header=text/html; charset=UTF8, [email protected], [email protected], locale=en}

templateDataModel= Mail content information (depends on triggered event), header=header format, charset=character set format, from=sender email address, contentTemplate=Mail type (like policyConnectionApproval, userGroupChanged), toList=recipient mail address

Making reservation for SAPM account in the SAPM Manager page

{SecondPartUsername=admin, RemindBeforeInMins=1, endDate=Mon Oct 26 23:08:00 GMT-03:00 2020, sapmDbId=452373, comment=333, FirstPartUsername=admin, startDate=Mon Oct 26 22:38:00 GMT-03:00 2020, userEid=admin}

SecondPartUsername=User who can see the second part of password, RemindBeforeInMins= Reminder minute before the reserved date of the password, endDate=Password Reservation End date, sapmDbId= Sapm Account DB ID, comment=comment entered when creating the reservation, FirstPartUsername=User who can see the first part of the password, startDate=Password Reservation Start date, userEid=username who created the reservation

Searching agent profile event in the Policy Control/Session Policy page

{}

No parameter

Creating assigned credential event in the User Management/Assigned Credential page

{dbId=104734}

dbId=DB ID of the assigned credential

Searching assigned credential event in the User Management/Assigned Credential page

{}

No parameter

Searching policy authentication event in the Policy Control/Policy Tracking page

{deviceOptionSelected=true, deviceGroupOptionSelected=true, userGroupOptionSelected=true, allowConsoleAccess=false, userOptionSelected=true, allowDirectAccess=false, deviceIpOrPatternOrSubnet=, userEid=SQLPROXY}

deviceOptionSelected=Status of device option selection, deviceGroupOptionSelected=Status of device group option selection, userGroupOptionSelected=Status of user group option selection, allowConsoleAccess=Value (true/false) of allowance of console access to be searched, userOptionSelected=Status of user option selection, allowDirectAccess=Value (true/false) of allowance of direct access to be searched, deviceIpOrPatternOrSubnet=Entered DeviceIP or Pattern or Subnet Info to be searched, userEid= Name of user to be searched

Searching policy authorization event in the Policy Control/Policy Tracking page

{applicationUsageType=sshTelnetPolicy, deviceOptionSelected=true, deviceGroupOptionSelected=true, userGroupOptionSelected=true, userOptionSelected=true, deviceId=6544, userEid=admin}

deviceOptionSelected=Status of device option selection, userGroupOptionSelected=Status of user group option selection, userOptionSelected=Status of user option selection, userEid=Name of user to be searched

Creating/Editing Black Key event in the Policy Control/Session Policy page

{value=key=ls -art, type=BLACK}

value=key= Key of the saved/edited Policy key, type=Type of the key with default value "BLACK"

Searching policy group event in the Policy Control/Session Policy page

{name=test, policies=[pwd], keepPolicyGroup=true, snmp=false, email=false}

name= name of the policy group to be searched, policies= policy keys to be searched, keepPolicyGroup=has default value as true, snmp=Status of option to send snmp trap, email=Status of option to send email alert option

Searching policy key event in the Policy Control/Session Policy page

{elementType=[Linux Server], key=pwd}

elementType= Selected element types to search in policy keys, key= characters to search by policy key

Searching permit zone event in the Policy Control/Session Policy page

{}

No parameter

Deleting policy group event in the Policy Control/Session Policy page

{value=PolicyGroupImpl{name='redoss', policyKeys=[key=(a|aa)+, type=BLACK, key=date, type=BLACK], httpPolicies=[], maskingPolicies=[], timeRestrictions=[], rdpProfiles=[], agentProfiles=[]}}

value=PolicyGroupImpl{name= Name of the deleted policy group, policyKeys=policy keys in the deleted policy group, httpPolicies=HTTP policies in the deleted policy group, maskingPolicies= Masking policies in the deleted policy group, timeRestrictions=Time Restriction policies in the deleted policy group, rdpProfiles=RDP profiles int the deleted policy group

Creating/Editing policy group event in the Policy Control/Session Policy page

{value=PolicyGroupImpl{name='test pg', policyKeys=[key=ls -art, type=BLACK, key=.*, type=WHITE], httpPolicies=[], maskingPolicies=[], timeRestrictions=[], rdpProfiles=[]}}

value=PolicyGroupImpl{name= saved policy group name, policyKeys=Selected keys for the saved policy group, httpPolicies=Selected HTTP policies for the saved policy group, maskingPolicies= Selected masking policies for the saved policy group , timeRestrictions=Selected time restriction policies for the saved policy group, rdpProfiles=Selected RDP profiles for the saved policy group

Deleting policy realm in the Policy Control/Session Policy page

{value=PolicyRealmName=test_policy_realm, policyGroups=[PolicyGroupImpl{name='test_policy_group', policyKeys=[key=ls -art, type=BLACK], httpPolicies=[], maskingPolicies=[], timeRestrictions=[], rdpProfiles=[], agentProfiles=[]}]}

value=PolicyRealmName=deleted policy realm name, policyGroups=[PolicyGroupImpl{name=policy group name in the deleted policy realm, policyKeys=Policy keys in the deleted policy realm, httpPolicies=HTTP policies in the deleted policy realm, maskingPolicies=Masking policies in the deleted policy realm, timeRestrictions=Time restriction policies in the deleted policy realm, rdpProfiles=RDP profiles in the deleted policy realm, agentProfiles=Agent profiles in the deleted policy realm

Creating/Editing policy realm event in the Policy Control/Session Policy page

{value=PolicyRealmName=test_policy_realm, policyGroups=[PolicyGroupImpl{name='test_policy_group', policyKeys=[key=ls -art, type=BLACK], httpPolicies=[], maskingPolicies=[], timeRestrictions=[], rdpProfiles=[], agentProfiles=[]}]}

value=PolicyRealmName= saved policy realm name, policyGroups=[PolicyGroupImpl{name=Name of the group that includes the saved policy realm, policyKeys=Selected policy keys for the saved policy realm, httpPolicies=Selected HTTP policies for the saved policy realm, maskingPolicies=Selected masking policies for the saved policy realm, timeRestrictions=Selected time restriction policies for the saved policy realm, rdpProfiles=Selected RDP profiles for the saved policy realm, agentProfiles=Agent profiles for the saved policy realm

Searching RDP profile event in the Policy Control/Session Policy page

{}

No parameter

Searching policy realm event in the Policy Control/Session Policy page

No Parameter

No parameter

Killing active sessions event in the Policy Control/Active Session page

{sessionUser=testuser, description=All sessions of user are disconnected}

sessionUser=Name of the user whose connection is disconnected , description= Disconnection description

Creating/Editing time restriction event in the Policy Control/Session Policy page

{value=TimeRestrictionName=asd, startTime=00:00, endTime=23:59}

value=TimeRestrictionName=Created/Edited time restriction policy name,startTime=Starting time of the time restriction policy, endTime= Ending time of the time restriction policy

Searching time restriction event in the Policy Control/Session Policy page

{saturday=false, startTimeHm=00:00, timeZone=Europe/Istanbul, thursday=true, creationDate=Sat Dec 12 09:20:28 GMT+03:00 2020, type=Time Restriction, endTimeHm=23:59, userCreate=admin, sunday=false, tuesday=false, dbId=314248, name=time, wednesday=true, friday=false, displayField=time - Time Restriction, allowedDays=4-5-, monday=false}

sunday=Whether the day is selected or not for the time zone policy searched, saturday=Whether the day is selected or not for the time zone policy searched, tuesday=Whether the day is selected or not for the time zone policy searched, wednesday=Whether the day is selected or not for the time zone policy searched, thursday=Whether the day is selected or not for the time zone policy searched, friday=Whether the day is selected or not for the time zone policy searched, timeZone= Selected Time zone for the time zone policy searched , startTimeHm=Starting time for the time zone policy searched, endTimeHm= Ending time for the time zone policy searched, monday=Whether the day is selected or not for the time zone policy searched, creationDate=Creation Date of the time restriction, type=Policy type with the default value “time restriction”, userCreate=username who created the time restriction policy, dbId=time restriction policy DB ID, name=Time restriction policy name, displayField= Time restriction policy display name, allowedDays=Allowed days with number format for the time restriction policy

Creating/Editing White Key event in the Policy Control/Session Policy page

{value=key=.*, type=WHITE}

value=key= Key of the saved/edited Policy key, type=Type of the key with the default value of "WHITE"

Searching portal functions group event in the Policy Control/Portal Functions page

No Parameter

No parameter

Searching portal functions realm event in the Policy Control/Portal Functions page

No Parameter

No parameter

Resetting SAPM account's password event

{dbId=452646}

dbId= DB ID of the SAPM account whose password was reset

Deleting SAPM account event in the SAPM Management page

{configName=Linux, owner=admin, deviceIp=10.20.42.18, secretName=berrutest, description=berrutest, deviceId=75572723-955b-4b14-b8ed-dd0cca046de0, deviceHostname=10.20.42.18, nextChangeTime=27.10.2020 10:04 (GMT-03:00), secretType=STATIC, lastChangeTime=26.10.2020 10:04 (GMT-03:00), changePeriod=05d 00h 00m, username=berrutest}

configName= Deleted SAPM account configuration name, owner=Deleted the SAPM account owner name, deviceIp=deleted SAPM account device IP, secretName=deleted SAPM account secret name, description=deleted SAPM account description, deviceId=deleted SAPM account device ID, deviceHostname=deleted SAPM account Host name, nextChangeTime= deleted SAPM account next password change time, secretType=deleted SAPM account secret type, lastChangeTime= deleted SAPM account last password change time, changePeriod= deleted SAPM account password change period, username=deleted the SAPM account Username

Changing SAPM accounts' password event

{configName=Linux, owner=admin, deviceIp=10.20.42.63, secretName=SAPM_d, nextChangeTime=02.10.2024 03:03 (GMT-03:00), secretType=DYNAMIC, lastChangeTime=23.10.2020 03:03 (GMT-03:00), changePeriod=1440d 00h 00m, deviceId=1ec9187a-382a-4242-af59-38f5539ce1f6, deviceHostname=10.20.42.63, username=tom123}

configName=Configuration name of the SAPM account whose password has been changed, owner=Owner name of the SAPM account whose password has been changed, deviceIp=SAPM account device IP, secretName=Secret name of the SAPM account whose password has been changed, nextChangeTime=Next password change time of the SAPM account whose password has been changed, secretType=SAPM account Secret type, lastChangeTime=Last password change time of the SAPM account whose password has been changed, changePeriod=SAPM account Password change period, deviceId=Device ID of the SAPM account whose password has been changed, deviceHostname=SAPM account host name, username=Username of the SAPM account whose password has been changed

Creating/Editing SAPM account event in the SAPM Management page

{configName=Static Secret Data, owner=admin, secretName=SECRET DATA, nextChangeTime=24.10.2020 02:56 (GMT-03:00), secretType=STATIC, lastChangeTime=23.10.2020 02:56 (GMT-03:00), changePeriod=00d 00h 00m, username=}

configName= Configuration name of the created/edited SAPM account, owner=Owner of the created/edited SAPM account, secretName= secret name of the created/edited SAPM account, nextChangeTime=Next password change time of the created/editted SAPM account, secretType=Secret type for the created/edited SAPM account, lastChangeTime=Last password change time of the created/edited SAPM account, changePeriod= Change period of the created/edited SAPM account

Searching SAPM account event in the SAPM Management page

{changePeriod=00d 00h 00m, secretType=STATIC}

changePeriod=value of the SAPM Account change period to search, secretType= secret Type Value to search

Creating/Editing SAPM auto-import rules event in the SAPM Management/Auto-Import Rules page

{configName=Windows, deviceGroupId=6434819, isRecreateWhenSerialNumberIsChanged=false, ruleName=as, deviceGroupName=testedted, elementTypeId=windows, isActive=false, changePeriod=02d 00h 00m, username=irem}

configName=Selected configuration name for the auto import rule, deviceGroupId=selected device group DB ID, isRecreateWhenSerialNumberIsChanged=Status of recreating when serial number is changed:, ruleName=Name of the rule, deviceGroupName= Selected device group name, elementTypeId=Selected element type ID, isActive=Whether the auto import rule is active or not, changePeriod=The change period determined for the selected SAPM account password change, username=selected SAPM account username

Searching SAPM auto-import rules event in the SAPM Management/Auto-Import Rules page

{isActive=false, changePeriod=00d 00h 00m, isRecreateWhenSerialNumberIsChanged=false}

isActive=Whether the active button is selected or not, changePeriod=The entered change period of the SAPM Accounts to be searched, isRecreateWhenSerialNumberIsChanged= Whether the button Recreate When Serial Number Is Changed is selected or not

Deleting SAPM configuration event in the SAPM Management page

{name=xxxx, description=Linux, strategy=SSH, configId=779230}

name=deleted SAPM configuration name, description=deleted configuration description, strategy=deleted SAPM configuration strategy, configId=deleted SAPM configuration DB ID

Creating/Editing SAPM configuration event in the SAPM Management page

{name=Linux, description=Linux, strategy=SSH, configId=-9077}

name=saved configuration name, description=saved configuration description, strategy=saved configuration strategy, configId=saved configuration DB ID

Searching SAPM configuration event in the SAPM Management page

{}

No parameter

Deleting SAPM group event in the SAPM Management page

{groupName=AA11}

groupName=deleted SAPM group name

Searching SAPM new user's log event in the SAPM Management page

{deviceIp=10.20.42.19, nextChangeTime=11.12.2020 23:59:59 (GMT+03:00), newUser=elif, lastChangeTime=11.12.0202 01:04:08 (GMT+03:00)}

deviceIp= Device IP to search, nextChangeTime=end time limit of the log to search, lastChangeTime=start time limit of the log to search

Searching SAPM password change log history event in the SAPM Management page

{deviceIp=10.20.42.60, nextChangeTime=06.11.2020 23:59:59 (GMT+03:00), lastChangeTime=14.07.2020 00:00:00 (GMT+03:00), username=irem1}

deviceIp= IP of the device to search in the SAPM change history log, nextChangeTime= end time limit of the log to search, lastChangeTime= start time limit of the log to search, username=name of the SAPM account whose password history is searched

Searching SAPM password change log event in the SAPM Management page

{nextChangeTime=28.10.2020 17:59:59 (GMT-03:00), lastChangeTime=27.10.2020 18:00:00 (GMT-03:00)}

nextChangeTime= end time limit of the log to search, lastChangeTime=start time limit of the log to search

Searching SAPM password check log event in the SAPM Management page

{nextChangeTime=16.10.2020 23:59:59 (GMT+03:00), lastChangeTime=05.05.2020 00:00:00 (GMT+03:00)}

nextChangeTime=end time limit of the log to search, lastChangeTime=start time limit of the log to search

Deleting SAPM account's password reservation event in the SAPM Management page

{reservationStartTime=2020-11-23 05:17:00.0, reservationEndTime=2020-11-23 05:22:00.0, reservationId=273431, remaindBeforeTime=Mon Nov 23 05:02:00 GMT-03:00 2020, sapmAccountId=99914}

reservationStartTime=reservation starting time, reservationEndTime= reservation ending time, reservationId=password reservation DB ID, remaindBeforeTime=password reservation reminder time, sapmAccountId=DB ID of the SAPM account with the deleted reservation

Searching SAPM account's password reservation event in the SAPM Management page

{reservationStartTime=Sat Dec 11 01:04:08 GMT+03:00 202, reservationEndTime=Fri Dec 11 23:59:59 GMT+03:00 2020, sapmAccountId=127591}

reservationStartTime= start time limit to search reservationEndTime= end time limit to search, sapmAccountId=DB ID of the SAPM account whose password reservation is searched

Creating/Editing SAPM group event in the SAPM Management page

{groupName=KRON}

groupName = Created/Edited SAPM group name

Showing SAPM account's password event in the SAPM Management page

{dbId=452373}

dbId= DB ID of the SAPM account whose password was shown

Searching sensitive data discovery event in the Sensitivity Data Discovery page

{schema=SQLPROXY, expectedMatchPercentage=80, database=Oracle 11g Database, tables=[EMPLOYEES], sampleDataCount=20, patterns=[{regex=^(?:4[0-9]{12}(?:[0-9]{3})?|[25][1-7][0-9]{14}|6(?:011|5[0-9][0-9])[0-9]{12}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|(?:2131|1800|35\\d{3})\\d{11})$, validationType=Credit Card Number, name=Credit Card, type=Sample Data}, {regex=[A-Za-z0-9._%-]+@[A-Za-z0-9._%-]+\.[A-Za-z]{2,4}, validationType=Pattern, name=E-Mail, type=Sample Data}]}

schema=Selected Schema for Sensitive Data Discovery, expectedMatchPercentage=Expected match percentage for discovered data, database=Selected Database for Sensitive Data Discovery, tables=Selected Tables for Sensitive Data Discovery, sampleDataCount=Sample Data Count to be discovered in selected database, patterns=[{regex=regex to be matched data for Sensitive Data Discovery, validationType=Validation type name in defined Kron PAM, name=Validation Pattern Name, type=Validation pattern type

Searching sensitive data discovery pattern event in the Sensitivity Data Discovery page

{name=email}

name= Name of the pattern to be searched

Creating/Editing secret data vault group in the Secret Data Vault page

{groupName=test}

groupName= Group name of the saved secret data vault

Searching SAPM account event via API

{13924=sapm1}

Sapm Account DB ID=SAPM Account name listed according to search phrase

Searching SAPM configuration event via API

{-9077=Linux, -307082=Linux SSH Key, -40829=SUSE Linux Enterprise, -40893=SUSE Linux Enterprise SSH Key}

Congid ID=Name listed according to search phrase

Deleting secret data vault record event in the Secret Data Vault page

{name=test, ipAddress=0.0.0.0, description=asd, type=Other}

name=deleted secret data vault name, ipAddress=deleted secret data vault IP address, description=deleted secret data vault description, type=deleted secret data vault type

Deleting group of secret data vault event in the Secret Data Vault page

{groupName=test}

groupName=deleted secret data vault group name

Creating/Editing secret data vault event in the Secret Data Vault page

{name=test, ipAddress=0.0.0.0, description=asd, type=Other}

name=saved secret data vault name, ipAddress=saved secret data vault IP address, description=saved secret data vault description, type=saved secret data vault type

Searching secret data vault event in the Secret Data Vault page

{}

No parameter

Showing secret data vault event in the Secret Data Vault page

{name=tested, comment=request, type=Other}

name=Name of the secret data vault selected to show secret, comment=Comment for viewing the secret, type=Type of secret data vault selected to show secret

Setting list of approvers of an SAPM account event via API

{sapmDbId=452373, managers=[24ad7d47-aa17-4cf9-89c2-0a07f55bc7f4]}

sapmDbId= DB ID of SAPM account to which approval managers were assigned, managers=User ID of users assigned as approval managers on the SAPM account

Setting a list of approval managers of an SAPM group event via API

{DbId=451986}

dbId= DB ID of SAPM group to which approval managers were assigned

Setting SAPM group's permissions event via API

{DbId=452064, newPermission={6b91ccd6-3fd3-4275-b7e1-1b1acfb09d48=FULL_CONTROL}}

DbId=DbId of SAPM group with the new permissions assigned, newPermission= Given permissions to the SAPM accounts with the value {User Group ID=Permission Type}

Showing old password record of each SAPM account event via API

{dbId=452636}

dbId= DB ID of SAPM account whose password history was shown

Showing old password record of each SAPM account event

{endDate=Sat Oct 24 09:35:00 GMT-03:00 2020, sapmDbId=452373, startDate=Thu Oct 22 09:05:00 GMT-03:00 2020}

endDate=End time limit of showing old password records, sapmDbId= DB ID of SAPM account whose password record has been shown, startDate=Start time limit of showing password records

Deleting system configuration parameter event

{parameterValue=false, parameterName=sapm.admin.manage.all.accounts}

parameterValue=deleted parameter value, parameterName= Deleted parameter name

Creating/Editing system configuration parameter event

{parameterValue=0, parameterName=aioc.users.default.password.strength}

parameterValue=saved system config parameter value, parameterName=Saved parameter name

Searching system configuration parameters event

{parameterValue=en_US, parameterName=aioc.languages}

parameterName=characters to search by parameter name, parameterValue=characters to search by parameter value

Checking user’s last OTP used time event (this event occurs when the OTP cache time is set on the related application)

{endUserIp=10.20.42.27, applicationName=rdp-proxy}

endUserIp=end user IP, applicationName=Name of the application whose OTP cache time was being checked when using two-factor authentication

Checking if 2FA is enabled event for the user

{authDb=false, endUserIp=10.20.41.123, user=admin, applicationName=SC-LOGIN-UI, clientIp=10.20.41.123}

{authDb=has default value as false, endUserIp=Ip of end user, user=username whose OTP status was checked, applicationName=Name of the application that was checked for activation status of two-factor authentication , clientIp= IP that sent the request for OTP}

Applying OTP validation event for a user

{Token=****, applicationName=scproxy} 

Token=used token (shown as masked), applicationName=Name of the application that used two-factor authentication

Updating password event

{dbId=652242}

dbId= DB ID of the user whose password was updated

Deleting user event in the User Management/User Account page

{userName=joe.doe}

userName = Deleted user's name

Locking user event in the User Management/User Account page

{lockedUser=testuser, lockReason=Locked by admin}

lockedUser=Locked user's username, lockReason=Shows lock reason

Changing user’s password event in the User Management/User Account page

{userName=admin, password=****}

userName=Username of the user whose password has been changed, password=new password (shown as masked)

Resetting user's password event in the User Management/User Account page

{userName=tested7, password=****}

userName=Username of the user whose password was reset, password= new password (shown as masked)

Creating/Editing user event in the User Management/User Account page

{isInternal=true, password=****, surname=111, name=os.expert1, userName=os.expert1, [email protected], addedGroups=[System.users]}

isInternal=Value indicating the saved user is an internal user or an external (LDAP) user, password=new password (shown as masked), surname=saved new user surname, name=saved user name, userName=saved user username, email=saved user email, addedGroups= User groups to which the saved user was added

Searching user event in the User Management/User Account page

{internal=true, keepUserGroups=true, tempUser=false, recordLimit=1001, isPasswordAutoGenerated=false}

internal=default value is true, keepUserGroups=default value is true, tempUser=Value of temporary users selection to search by temporary users, recordLimit=Search limitation to be listed (has default value), isPasswordAutoGenerated=default value is false

Unlocking user event in API

{unlockedUser=testuser}

unlockedUser=Unlocked user's username

Updating user event in the User Management/User Account page

{userName=admin}

userName=Updated user's name

Searching user approval requests event

{status=WAIT}

status=Selected user approval status to search

Deleting Portal Function user realm event

{realmName=test}

realmName=deleted realm name

Creating/Editing Portal Function user realm event

{userGroups=hw-experts,os-experts,, functionGroups=Policy Control,AAPM Management,SAPM Group Module Visibility,SAPM Management,2fa,, realmName=sapm-users}

userGroups= Name of the user groups added to the saved realm,  functionGroups= Selected function groups to assign the saved realm to, realmName=saved realm name

Searching Windows Audit Report event in the Audit Report page

{}