Audit

CEM is integrated with CyberArk's Audit service, to which it reports the following activities:

accountConnected: Workspace connected
workspaceDisconnected: Workspace disconnected
accountDeleted: Workspace deleted
pasIdentityUploadedToPendingAccounts: identity uploaded to pending accounts
Edit security rule severity: Severity of the security rule was changed
Edit security rule status: Activation status of the security rule was changed

All events are assigned to the edit action.
Where applicable, platform name and workspace ID are added to the event. For example: Workspace connected | gcp |project | com-p-md-cs-research.

For more information, see View system activities.