Vault Discover New Users

this log contains logs of new users created by another user connected to the device on kron pam the packets are sent to the server in the following format time time of the new user's found log deviceip ip of the device used to create the new user devicehostname name of the device used to create the new user tenantid tenant that the new user was created usedloginusername the username of the user who created the new user status if there is a new user is created newuser name of the new user log activity status is shown if there is an error during the process instancename the instance by which the new user was created permissions permission assigned to the newly created user sapmaccount sapm account, if the newly created user has been added to an sapm account the test user creates a new user named adm 10 10 10 10, and kron pam detects it, resulting in the following log {time=2025 04 24 16 54 23 73, deviceip='10 10 10 10', devicehostname='10 10 10 10', tenantid='krontech', usedloginusername='test', status=found, newuser='adm', log=' used account for checking new users, could not determine sudo status ', instancename='localhost localdomain', permissions=null, sapmaccount=sapmaccount{dbid=188, device=10 10 10 10 10 10 10 10, secretname='xxxx', config=com kron sc sapm api pojo sapmconfig\@605dbbe2, changeperiod=null, username='test', password='{"key id" "ce379d23 f0d2 41a0 a7da a56ebddc0c3d","iv" "zir7/gdq43hpduenvmfrca==","encrypted data" "1rbpjpm9yhcslrurzrzuha=="}', previouspassword='null', lastchangetime=2025 04 24 16 38 14 86, nextchangetime=null, nextchangetimestart4search=null, nextchangetimeend4search=null, passwordseenstatus=unseen, validationstatus=valid, changestatus='null', lastattemptstatus=null, masteraccountid=null, permissions=\[], identicalsapmaccounts=\[], recordlimit4search=null, validationstatus4search=null, checkpermission4search=true, exactmatch4search=false, accountwithdynamicstrategy=false, acceptedsapmconfiglist=null, masteraccountid4search=null, searchonlymasteraccounts=false, searchonlyownregion=false, deviceip4search='null', secondpartseenusername='null', firstpartseenusername='null', errormessage='null', successful=true, parentsapmgroup=null, parentsapmname4search='null', secrettype=static, owner='admin', managers=\[], userpermissionlevel= 2147483648, privatetype=yes, notificationgroups=\[]}}