CEM is integrated with CyberArk's Audit service, to which it reports the following activities:

  • accountConnected: Workspace connected

  • workspaceDisconnected: Workspace disconnected

  • accountDeleted: Workspace deleted

  • pasIdentityUploadedToPendingAccounts: identity uploaded to pending accounts

  • Edit security rule severity: Severity of the security rule was changed

  • Edit security rule status: Activation status of the security rule was changed

  • All events are assigned to the edit action.

  • Where applicable, platform name and workspace ID are added to the event. For example: Workspace connected | gcp |project | com-p-md-cs-research.

For more information, see View system activities.