Vault Audit Action Codes
The following tables list the action codes (audits) available to monitor the Vault and to highlight any operational failures.
The action codes are available in the User and Safe Activities report. For details, see Reports and Audits.
-
The report can also be exported using the Export Vault Data (EVD) utility.
-
The action codes can be integrated and sent to a SIEM solution using a Syslog protocol. For more information, see Security Information and Event Management (SIEM) Applications.
|
Recommended Action Codes for Monitoring
The Vault has a large number of action codes that can be used to monitor different behaviors. For general monitoring, we recommend monitoring the action codes listed in the table below.
| Code | Description |
|---|---|
|
4 |
User Authentication |
|
22 |
CPM Verify Password |
|
24 |
CPM Change Password |
|
31 |
CPM Reconcile Password |
|
38 |
CPM Verify Password Failure |
|
57 |
CPM Change Password Failure |
|
60 |
CPM Reconcile Password Failure |
|
130 |
CPM Disable Password |
|
295 |
Retrieve Password |
|
300 |
PSM Connect |
|
302 |
PSM Disconnect |
|
308 |
Use Password |
|
319 |
Retrieve Password (from Provider) |
|
344 |
Privileged Command Initiated |
|
346 |
Privileged Command Completed |
|
359 |
PSM SQL Command |
|
360 |
PSM SQL Command Failure |
|
361 |
PSM Keystrokes |
|
362 |
PSM Keystrokes Failure |
|
378 |
PSM Secure Connect Session Start |
|
380 |
PSM Secure Connect Session End |
|
411 |
PSM Window Title |
|
412 |
PSM Windows Title Failure |
All Action Codes
|
Code |
Description |
Info1 |
Info2 |
Info3 |
File Cat. for Syslog |
Alert |
Ver. |
|---|---|---|---|---|---|---|---|
| 0 | Delete Directory Map (Unauthorized) |
Username (map name) |
ü |
||||
| 1 | Delete Directory Map |
Username (map name) |
|||||
| 2 | Add External User | Username | |||||
| 3 | Get LDAP configuration data (Unauthorized) |
ü |
|||||
| 4 | User Authentication Failure | Network area |
ü |
||||
| 5 | Unauthorized Station | Network area |
ü |
||||
| 6 | External Audit (Unauthorized Safe) |
ü |
|||||
| 7 | Logon | Network area | Network area | ||||
| 8 | Logoff | Network area | |||||
| 9 | External Audit (Unauthorized User) |
ü |
|||||
| 10 | Update user station (Unauthorized) | Username |
ü |
||||
| 11, 12 | Update Safe Share (Unauthorized) |
ü |
|||||
| 13, 14 | Safe Access through Gateway (Unauthorized) |
ü |
|||||
| 15 | Impersonation not by an agent |
ü |
|||||
| 16 | Update Your Trusted Network Areas (Unauthorized) | Username |
ü |
||||
| 17 | Add Safe (Unauthorized) |
ü |
|||||
| 18 | Non authorized impersonation | Username |
ü |
||||
| 19 | Full Gateway Connection | Username | |||||
| 20 | Partial Gateway Connection | Username | |||||
| 21 | Partial Gateway Connection (Incorrect Client Address) | Username |
ü |
||||
| 22 | CPM Verify Password | Filename | Additional Info |
ü |
|||
| 23 | Action On Closed Safe | Filename |
ü |
||||
| 24 | CPM Change Password | Filename | Additional Info |
ü |
|||
| 25, 26 | Open/Close Safe (Unauthorized) |
ü |
|||||
| 27 | Open Safe (Unsecured Station) |
ü |
|||||
| 28, 29, 30 | Add/Update Owner (Unauthorized) | Username |
ü |
||||
| 31 | CPM Reconcile Password | Filename | Additional Info |
ü |
|||
| 32 | Add Owner | Username | |||||
| 33 | Update Owner | Username | |||||
| 34, 35 | Rename Safe (Unauthorized) |
ü |
|||||
| 36 | Confirm Open Safe | Username | |||||
| 37 | Confirm Get File | Filename | Username |
ü |
|||
| 38 | CPM Verify Password Failure | Filename | Additional Info |
ü |
ü |
||
| 39 | Rename Safe | ||||||
| 40, 41 | List Files (Unauthorized) | Filename |
ü |
||||
| 42, 43 | Retrieve File (Unauthorized) | Filename |
ü |
ü |
|||
| 44, 45 | Store File (Unauthorized) | Filename |
ü |
||||
| 46, 47 | Delete File (Unauthorized) | Filename |
ü |
||||
| 48, 49 | Add Note (Unauthorized) |
ü |
|||||
| 50 | Store File | Filename |
|
Code |
Description |
Info1 |
Info2 |
Info3 |
File Cat. for Syslog |
Alert |
Ver. |
|---|---|---|---|---|---|---|---|
| 51 | Retrieve File succeeded | Filename |
ü |
||||
| 52 | Delete File | Filename | |||||
| 53, 54 | Get Notes | ||||||
| 55, 56 | Find Files (Unauthorized) | Filename |
ü |
||||
| 57 | CPM Change Password Failure | Filename | Additional Info |
ü |
ü |
||
| 58 | Clear User History | ||||||
| 59 | Clear Safe History | ||||||
| 60 | CPM Reconcile Password Failure | Filename | Additional Info |
ü |
ü |
||
| 61 | Update Trusted Network Areas | Network area | |||||
| 62 | Create File Version | Filename | |||||
| 63, 65 | Rename User (Unauthorized) | Username | Username |
ü |
|||
| 64, 66 | Rename User | Username | Username | ||||
| 67 | CPM Auto Detection Add Password | Filename | Additional Info |
ü |
|||
| 68 | Update Trusted User | Username | |||||
| 69 | Add Location | Location | |||||
| 70 | Add Location (Unauthorized) | Location |
ü |
||||
| 71 | Update Location | Location | |||||
| 72 | Update Location (Unauthorized) | Location |
ü |
||||
| 73 | Delete Location | Location | |||||
| 74 | Delete Location (Unauthorized) | Location |
ü |
||||
| 75 | Take Quota Ownership | ||||||
| 76, 77 | Take Quota Ownership (Unauthorized) |
ü |
|||||
| 78 | Rename/Move Location (Unauthorized) | Location | Location |
ü |
|||
| 79 | Rename/Move Location | Location | Location | ||||
| 80 | Add External Group |
Username (group) |
|||||
| 81 | Update Address | Network area | |||||
| 82 | Clear User History (Unauthorized) | Username |
ü |
||||
| 83 | Clear User History | Username | |||||
| 84 | CPM Auto Detection Update Password | Filename | Additional Info |
ü |
|||
| 85 | Update Network Area (Unauthorized) | Network area |
ü |
||||
| 86 | Update Network Area | Network area | |||||
| 87 | Update Address (Unauthorized) | Network area |
ü |
||||
| 88 | Set Password | ||||||
| 89 | Set Password (Incorrect Password) |
ü |
|||||
| 90 | Rename Network Area (Unauthorized) | Network area |
ü |
||||
| 91 | Rename Network Area | Network area | |||||
| 92 | Move Network Area (Unauthorized) | Network area |
ü |
||||
| 93 | Move Network Area | Network area | |||||
| 94 | Backup Safe | ||||||
| 95 | Restore Safe | ||||||
| 96, 97 | Backup Safe (Unauthorized) |
ü |
|||||
| 98 | Open File (Write Only) | Filename | |||||
| 99 | Open File | Filename | |||||
| 100, 101 | Open File (Unauthorized) | Filename |
ü |
|
Code |
Description |
Info1 |
Info2 |
Info3 |
File Cat. for Syslog |
Alert |
Ver. |
|---|---|---|---|---|---|---|---|
| 102 | Logon Failed, User Time Limit Restriction | Network area |
ü |
||||
| 103 | Logon Failed, User Has Expired | Network area |
ü |
||||
| 104 | Logon Failed, User Is Disabled | Network area |
ü |
||||
| 105 | Add File Category | Filename | Category | ||||
| 106 | Update File Category | Filename | Category | ||||
| 107 | Delete File Category | Filename | Category | ||||
| 108 | Open Safe Request | ||||||
| 109 | Get File Request | Filename |
ü |
||||
| 110 | Add Safe (More Secured Than Station) |
ü |
|||||
| 111 | Delete Open Safe Request | Username | |||||
| 112 | Delete Get File Request | Filename | Username | ||||
| 113 | Cannot use station due to time limits | Network area |
ü |
||||
| 114 | Last Required Confirmation To Open Safe Given | Username | |||||
| 115 | Last Required Confirmation To Get File Given | Filename | Username | ||||
| 116, 117 | Confirmation Status Failure |
ü |
|||||
| 118 | Reject Open Safe Request | Username | |||||
| 119 | Reject Get File Request | Filename | Username |
ü |
|||
| 120 | Add automatic location | Location | |||||
| 122 | Undelete File | Filename | |||||
| 123 | Move File | Original file name and path | New file name and path | ||||
| 125 | Rename File | Original file name and path | New file name | ||||
| 126 | Unlock File | Filename | |||||
| 127 | Hide Open Safe Request | Username | |||||
| 128 | Hide Get File Request | Filename | Username | ||||
| 129 | CPM Auto Detection Archive Password | Filename | Additional Info |
ü |
|||
| 130 | CPM Disable Password Failure | Filename | Additional Info |
ü |
ü |
||
| 131 | Update Safe (More Secured Than Station) |
ü |
|||||
| 132, 133 | Add Safe Event (Unauthorized ) |
ü |
|||||
| 134, 135 | Get Safe Events List (Unauthorized ) |
ü |
|||||
| 136 | CPM Release Password | Filename | Additional Info |
ü |
|||
| 137 | CPM Release Password Failure | Filename | Additional Info |
ü |
ü |
||
| 140 | Rename Folder | Original folder name and path | New folder name and path | ||||
| 141 | Move Folder | Original folder name and path | New folder path | ||||
| 142 | Delete Safe Failure |
ü |
|||||
| 143 | Store Picture | Username | |||||
| 144 | Delete Picture | Username | |||||
| 145 | Delete Safe (Has Locked Files) |
ü |
|||||
| 146, 147 | Update Safe (Unauthorized) |
ü |
|||||
| 148 | Delete Safe (Unauthorized ) |
ü |
|||||
| 150 | Restore Safe (Unauthorized ) |
ü |
|
Code |
Description |
Info1 |
Info2 |
Info3 |
File Cat. for Syslog |
Alert |
Ver. |
|---|---|---|---|---|---|---|---|
|
151 |
Add Folder |
|
|
|
|
|
|
| 152, 153 | Add Folder (Unauthorized) |
ü |
|||||
| 154, 155 | Delete Folder (Unauthorized) |
ü |
|||||
| 156 | Backup Safe (Unauthorized) | Network area |
ü |
||||
| 157 | Get License Information (Unauthorized) |
ü |
|||||
| 158, 159 | Move/Rename Folder (Unauthorized) |
ü |
|||||
| 160, 161 | Move File (Unauthorized) | Filename |
ü |
||||
| 162, 163 | Undelete File (Unauthorized) | Filename |
ü |
||||
| 164, 165 | Rename File (Unauthorized) | Filename |
ü |
||||
| 166, 167 | Unlock File (Unauthorized) | Filename |
ü |
||||
| 168, 169 | Clear Expired History (Unauthorized) |
ü |
|||||
| 170 | Delete Safe (Has Unexpired Files) |
ü |
|||||
| 171 | Update Picture (Unauthorized) | Username |
ü |
||||
| 172 | Update Your Picture (Unauthorized) | Username |
ü |
||||
| 173 | Add User (Unauthorized) |
ü |
|||||
| 174 | Update User (Unauthorized) | Username |
ü |
||||
| 175 | Update Your User (Unauthorized) | Username |
ü |
||||
| 176 | Delete User (Unauthorized) | Username |
ü |
||||
| 177 | Delete Your User (Unauthorized) | Username |
ü |
||||
| 178 | Get User's Details (Unauthorized) | Username |
ü |
||||
| 179 | Get Your User's Details (Unauthorized) | Username |
ü |
||||
| 180 | Add User | Username | |||||
| 181 | Update Safe | ||||||
| 182 | Update User | Username | |||||
| 183 | Delete Safe | ||||||
| 184 | Delete User | Username | |||||
| 185 | Add Safe | ||||||
| 186 | Get UserDetails By Identifier (Unauthorized User) |
ü |
|||||
| 187 | Add Folder |
Filename (folder) |
|||||
| 188 | Delete Folder |
Filename (folder) |
|||||
| 189 | Delete Folder (Has Unexpired Files) |
Filename (folder) |
ü |
||||
| 190 | Lock As Draft | Filename | |||||
| 191 | Lock As Draft (Unauthorized) | Filename |
ü |
||||
| 192 | Unlock Draft | Filename | |||||
| 193 | Unlock Draft (Unauthorized) | Filename |
ü |
||||
| 194 | Backup Safe | ||||||
| 195 | Object content validated | Filename | |||||
| 196, 197 | Update Owners (Unauthorized) |
ü |
|||||
| 198 | Delete Folder (Has Locked Files) |
Filename (folder) |
ü |
||||
| 199 | Object content invalidated | Filename | |||||
| 200, 201 | Monitoring old backup files |
|
Code |
Description |
Info1 |
Info2 |
Info3 |
File Cat. for Syslog |
Alert |
Ver. |
|---|---|---|---|---|---|---|---|
| 202, 203 | Deleting old backup files | ||||||
| 204 | Retrieve File (Wrong Key) | Filename |
ü |
||||
| 205 | Store File (Wrong Key) | Filename |
ü |
||||
| 206 | External Object Operation (Unauthorized) | Username |
ü |
||||
| 207, 208 | Compress Safe (Unauthorized) |
ü |
|||||
| 209 | Compress Safe | ||||||
| 211 | Update User Detailed Information | Additional Info | |||||
| 214 | Add Directory Map LDAP Branch (Unauthorized) |
Username (map name) |
ü |
||||
| 215 | Update Directory Map LDAP Branch (Unauthorized) |
Username (map name) |
ü |
||||
| 216 | Delete Directory Map LDAP Branch (Unauthorized) |
Username (map name) |
ü |
||||
| 217 | Add Directory Map LDAP Branch |
Username (map name) |
|||||
| 218 | Update Directory Map LDAP Branch |
Username (map name) |
|||||
| 219 | Delete Directory Map LDAP Branch |
Username (map name) |
|||||
|
220 |
Protect Local Folder |
|
|
|
|
|
|
| 221 | Ownership Expired |
ü |
|||||
| 222 | List Directory Map LDAP Branches (Unauthorized) |
Username (map name) |
ü |
||||
|
223 |
Unprotect Local Folder |
|
|
|
|
|
|
| 224 | Load metadata to backup | ||||||
|
225, 226 |
Copy File Between Safes (Unauthorized) |
|
|
|
|
ü |
|
|
227, 228 |
Move File Between Safes (Unauthorized) |
|
|
|
|
ü |
|
| 229 | Object content status pending | Filename | |||||
| 236 | Metadata backup file fetched | ||||||
| 237, 238 | Rules List (Unauthorized) |
ü |
|||||
| 239 | Update Directory Map Detailed Information | Additional Info | |||||
| 240 | Release Gw Locks | ||||||
| 241 | Prepare Backup Metadata |
|
|||||
| 243 | Update user safe options (Unauthorized) |
ü |
|
||||
| 244 | Update user safe options (Unauthorized) |
ü |
|
||||
| 246 | LDAP Synchronization start |
|
|||||
|
247 |
LDAP Synchronization end |
|
|
|
|
|
|
| 248, 249 | Add Rule Failure | Filename |
ü |
|
|||
| 250 | Restore metadata (Unauthorized) | Network area |
ü |
|
|
Code |
Description |
Info1 |
Info2 |
Info3 |
File Cat. for Syslog |
Alert |
Ver. |
|---|---|---|---|---|---|---|---|
| 251 | Restore metadata | Network area | |||||
| 252 | Update Directory Map |
Username (map name) |
|||||
| 253 | Update Directory Map (Unauthorized) |
Username (map name) |
ü |
||||
| 254 | Add Directory Map |
Username (map name) |
|||||
| 255 | Add Directory Map (Unauthorized) |
Username (map name) |
ü |
||||
| 256 | Update External User | Username | |||||
| 257 | Update External Group |
Username (group) |
|||||
| 259 | Add/Update Group |
Username (group) |
|||||
| 260 | Add/Update Group (Unauthorized) |
Username (group) |
ü |
||||
| 261 | Add Group Member (Unauthorized) |
Username (group) |
ü |
||||
| 262 | Delete Group Member (Unauthorized) |
Username (group) |
ü |
||||
| 263 | Update Group (Unauthorized) |
Username (group) |
ü |
||||
| 264 | Update Group |
Username (group) |
|||||
| 265 | Add Group Member |
Username (group) |
Username | ||||
| 266 | Remove Group Member |
Username (group) |
Username | ||||
| 269 | Delete Group (Unauthorized) |
Username (group) |
ü |
||||
| 270 | Delete Group |
Username (group) |
|||||
| 271 | List Group Members (Unauthorized) |
Username (group) |
ü |
||||
| 272 | Delete Folder (Folder not Empty) |
Filename (folder) |
ü |
||||
| 273 | Remove Owner | Username | |||||
| 276 | Delete External User | Username | |||||
| 277 | Delete External Group |
Username (group) |
|||||
| 278 | Add Rule | Filename | Username | ||||
| 279 | Delete Rule | Filename | Username | ||||
| 280, 281 | Delete Rule Failure | Filename |
ü |
||||
|
282 |
Read email key |
|
|
|
|
|
|
|
283 |
Delete email key |
|
|
|
|
|
|
| 284 | Unauthorized Firewall Network Areas refresh |
ü |
|||||
| 285 | Firewall Network Areas refresh | ||||||
| 286 | Add Group Member - Sync From Ldap |
Username (group) |
|||||
| 287 | Delete Group Member - Sync From Ldap |
Username (group) |
|||||
| 288 | Auto Clear Users History start | ||||||
| 289 | Auto Clear Users History end | ||||||
| 290 | Auto Clear Safes History start | ||||||
| 291 | Auto Clear Safes History end | ||||||
| 292 | Auto Download Certificate Revocation List Data start | ||||||
| 293 | Auto Download Certificate Revocation List Data end | ||||||
| 294 | Store password | Filename |
ü |
||||
| 295 | Retrieve password | Filename |
ü |
||||
| 296 | Open Safe | ||||||
| 297, 298 | Rules List Failure | Filename |
ü |
||||
| 300 | PSM Connect | Filename | Additional Info |
ü |
|
Code |
Description |
Info1 |
Info2 |
Info3 |
File Cat. for Syslog |
Alert |
Ver. |
|---|---|---|---|---|---|---|---|
| 301 | PSM Connect Failed | Filename | Additional Info |
ü |
ü |
||
| 302 | PSM Disconnect | Filename | Additional Info |
ü |
|||
| 303 | PSM Disconnect Failed | Filename | Additional Info |
ü |
ü |
||
| 304 | PSM Upload Recording | Filename | Additional Info |
ü |
|||
| 305 | Run Report | ||||||
| 306, 307 | Use Password (Unauthorized) | Filename |
ü |
ü |
|||
| 308 | Use Password | Filename |
ü |
||||
| 309 | Undefined User Logon | Report Name |
ü |
||||
| 310 | Monitor DR Replication start | ||||||
| 311 | Monitor DR Replication end | ||||||
| 312 | Monitor Backup Replication start | ||||||
| 313 | Monitor Backup Replication end | ||||||
| 314 | Reset Password User (Unauthorized) | Username |
ü |
||||
| 315 | Reset Password Your User (Unauthorized) | Username |
ü |
||||
| 316 | Reset User Password Detailed Information | Username | Additional Info | ||||
| 317 | Reset User Password | Username | |||||
| 318 | Activate/Deactivate Trusted Network Areas | Username | |||||
| 319 | Retrieve password (From Provider) | Filename |
ü |
||||
| 320 | Retrieve password (From Provider) Failure | Filename |
ü |
ü |
|||
| 321 | Add Report Definition | ||||||
| 322 | Edit Report Definition | ||||||
| 323 | Delete Report Definition | ||||||
| 324 | Hide Report | ||||||
| 325 | Send Report | ||||||
| 326 | CPM Auto Detection Start Automatic Detection | ||||||
| 327 | CPM Auto Detection End Automatic Detection | ||||||
| 328 | CPM Auto Detection Add Usage | Filename | Additional Info |
ü |
|||
| 329 | CPM Auto Detection Update Usage | Filename | Additional Info |
ü |
|||
| 330 | CPM Auto Detection Delete Usage | Filename | Additional Info |
ü |
|||
| 331 | Add User By Template | Username | |||||
| 333 | Add Privileged Command failed on account | Filename | Username |
ü |
|||
| 334 | Add Privileged Command succeeded | Filename | Username | Resource | |||
| 336 | Delete Privileged Command failed on account | Filename | Username |
ü |
|||
| 337 | Delete Privileged Command succeeded | Filename | Username | Resource | |||
|
338, 339 |
Add Privileged Command failed on policy |
Platform Name |
Username |
|
|
ü |
|
| 340 | Add Privileged Command succeeded | Platform Name | Username | Resource | |||
| 342 | Delete Privileged Command on policy | Platform Name | Username |
ü |
|||
| 343 | Delete Privileged Command succeeded | Platform Name | Username | Resource | |||
| 344 S | Privileged command initiated | Filename | Additional Info |
ü |
|||
| 345 S | Privileged command initiation failed | Filename | Additional Info |
ü |
ü |
||
| 346 S | Privileged command completed | Filename | Additional Info |
ü |
|||
| 347 S | OPM failed to execute privileged command | Filename | Additional Info |
ü |
ü |
||
| 348 S | PIMSu recording uploaded | Filename | Additional Info |
ü |
|||
| 349, 350 | Update Privileged Command failed on account | Filename | Username |
ü |
|
Code |
Description |
Info1 |
Info2 |
Info3 |
File Cat. for Syslog |
Alert |
Ver. |
|---|---|---|---|---|---|---|---|
| 351 | Update Privileged Command | Platform Name | Username | Resource | |||
| 352, 353 | Update Privileged Command failed on policy | Platform Name | Username |
ü |
|||
| 354 | Update Privileged Command | Platform Name | Username | Resource | |||
| 355 | Monitor License Expiration Date start | Username | |||||
| 356 | Monitor License Expiration Date end | Username | |||||
| 357 | Monitor FW rules start | Username | |||||
| 358 | Monitor FW Rules end | Username | |||||
| 359 | SQL command | Username | Safe | File |
ü |
||
| 360 | SQL Command audit failed | Username | Account Safe | Account Object |
ü |
ü |
|
| 361 | SSH Command | Username | Safe | File |
ü |
||
| 362 | Keystroke logging audit failed | Username | Account Safe | Account Object |
ü |
ü |
|
| 363 | Ownership not yet active | Username | Safe |
ü |
|||
| 364 | LDAP Configuration Refresh success | Username | |||||
| 365 | LDAP Configuration Refresh failed | Username |
ü |
||||
| 366 | Object content validated failed | Username | Safename | File name |
ü |
||
| 367 | Update Email Notifications Configuration | Username | |||||
| 368 | Forget My Password Requested | Username | Username | Note | |||
| 369 | Forget My Password Requested failed | Username | Username | Note |
ü |
||
| 370 | Forget My Password Completed | Username | Username | Note | |||
| 371 | Forget My Password Completed failed | Username | Username | Note |
ü |
||
| 372 | Terminate Session | Username | Recordings Safe | Target Session File |
ü |
||
| 373 | Terminate Session Failed | Username | Recordings Safe | Target Session File |
ü |
ü |
|
| 374 | Monitor Session Start | Username | Recordings Safe | Target Session File |
ü |
||
| 375 | Monitor Session Start Failed | Username | Recordings Safe | Target Session File |
ü |
ü |
|
| 376 | Monitor Session End | Username | Recordings Safe | Target Session File |
ü |
||
| 377 | Monitor Session End Failed | Username | Recordings Safe | Target Session File |
ü |
ü |
|
| 378 | PSM Secure Connect Session Start | Username | PSM Internal Accounts Safe | Secure Connect Internal Account Object name |
ü |
||
| 379 | PSM Secure Connect Session Start Failed | Username | PSM Internal Accounts Safe | Secure Connect Internal Account Object name |
ü |
ü |
|
| 380 | PSM Secure Connect Session End | Username | PSM Internal Accounts Safe | Secure Connect Internal Account Object name |
ü |
||
| 381 | PSM Secure Connect Session End Failed | Username | PSM Internal Accounts Safe | Secure Connect Internal Account Object name |
ü |
ü |
|
| 382 | Add App Authentication | Username | Target Application ID | [auth type] auth value | |||
| 383 | Delete App Authentication | Username | Target Application ID | [auth type] auth value | |||
| 384 | Avector Integration Audit | ||||||
|
385 |
Changes were made successfully to the Master Policy |
Action |
|
|
|
|
|
| 386 | Changes to the Master Policy failed | Action |
ü |
||||
| 387 | Process has started with admin rights added to token | Filename | Additional Info |
ü |
|||
| 388 | Process has been started from the shell context menu with admin rights added to token | Filename | Additional Info |
ü |
|||
| 389 | Process has started with admin rights added to token, which were inherited from its parent. | Filename | Additional Info |
ü |
|||
| 390 | Process has started with admin rights dropped from token. | Filename | Additional Info |
ü |
|||
| 391 | Process has been started from the shell context menu with admin rights dropped from token. | Filename | Additional Info |
ü |
|||
| 392 | Process has started with admin rights dropped from token, which were inherited from its parent. | Filename | Additional Info |
ü |
|||
| 393 | Process has started with no change to the access token (passive mode). | Filename | Additional Info |
ü |
|||
| 394 | Process started from shell context menu with no change to the access token (passive mode). | Filename | Additional Info |
ü |
|||
| 395 | Process started with no change to the access token inherited from parent (passive mode). | Filename | Additional Info |
ü |
|||
| 396 | Process has started with user’s default rights enforced. | Filename | Additional Info |
ü |
|||
| 397 | Process has started from the shell context menu with user’s default rights enforced. | Filename | Additional Info |
ü |
|||
| 398 | Process has started with user’s default rights enforced, which were inherited from its parent. | Filename | Additional Info |
ü |
|||
| 399 | Process requires elevated rights to run. | Filename | Additional Info |
ü |
ü |
||
| 400 | Process has started with custom token applied. | Filename | Additional Info |
ü |
|
Code |
Description |
Info1 |
Info2 |
Info3 |
File Cat. for Syslog |
Alert |
Ver. |
|---|---|---|---|---|---|---|---|
| 401 | Process has started from the shell context menu with user’s custom token applied. | Filename | Additional Info |
ü |
|||
| 402 | Process has started with custom token applied, which was inherited from its parent. | Filename | Additional Info |
ü |
|||
| 403 | Process execution was blocked. | Filename | Additional Info |
ü |
ü |
||
| 404 | Process has stopped (deprecated). | Filename | Additional Info |
ü |
ü |
||
| 405 | Process started in the context of the authorizing user. | Filename | Additional Info |
ü |
|||
| 406 | Process started from the shell menu in the context of the authorizing user. | Filename | Additional Info |
ü |
|||
| 407 | Process execution was cancelled by the user. | Filename | Additional Info |
ü |
|||
| 408 | Privileged group modification blocked. | Filename | Additional Info |
ü |
ü |
||
| 409 | Process execution was blocked, the maximum number of challenge/response failures was exceeded. | Filename | Additional Info |
ü |
ü |
||
| 410 | Unknown elevation-related operation performed on process. | Filename | Additional Info |
ü |
|||
| 411 | PSM Window Titles | ||||||
| 412 | Keystroke logging | Filename | Additional Info |
ü |
|||
| 413 | Keystroke logging failed | Filename | Additional Info |
ü |
ü |
||
|
414 |
CPM Verify SSH Key |
|
|
|
|
|
|
|
415 |
CPM Verify SSH Key Failed |
|
|
|
|
|
|
|
416 |
CPM Rotate SSH Key |
|
|
|
|
|
|
|
417 |
CPM Rotate SSH Key Failed |
|
|
|
|
|
|
|
418 |
CPM Reconcile SSH Key |
|
|
|
|
|
|
|
419 |
CPM Reconcile SSH Key Failed |
|
|
|
|
|
|
|
420 |
CPM Release SSH Key |
|
|
|
|
|
|
|
421 |
CPM Release SSH Key Failed |
|
|
|
|
|
|
|
422 |
User creation success |
|
|
|
|
|
|
|
423 |
User creation failed |
|
|
|
|
|
|
|
424 |
User group assignment |
|
|
|
|
|
|
|
425 |
User group assignment failed |
|
|
|
|
|
|
|
426 |
CPM Disable SSH Key |
|
|
|
|
|
|
|
427 |
Store SSH Key |
|
|
|
|
|
|
|
428 |
Retrieve SSH Key |
|
|
|
|
|
|
|
429 |
User Deletion Success |
|
|
|
|
|
|
|
430 |
User Deletion Failed |
|
|
|
|
|
|
|
431 |
User De-Provision Failed |
|
|
|
|
|
|
|
432 |
UID Change Success |
|
|
|
|
|
|
|
433 |
UID Change Failed |
|
|
|
|
|
|
|
434 |
CPM has deleted the public SSH key |
|
|
|
|
|
|
|
435 |
CPM failed to delete the SSH key |
|
|
|
|
|
|
| 436 | SCP Command | Username | File |
ü |
|
||
|
440 |
Get SSH Public Keys Failed |
Username |
Username |
|
|
ü |
|
|
441 |
Add SSH Public Keys Succeeded |
Username |
Username |
|
|
|
|
|
442 |
Add SSH Public Keys Failed |
Username |
Username |
|
|
ü |
|
|
443 |
Delete SSH Public Keys Succeeded |
Username |
Username |
|
|
|
|
|
444 |
Delete SSH Public Keys Failed |
Username |
Username |
|
|
ü |
|
Code |
Description |
Info1 |
Info2 |
Info3 |
File Cat. for Syslog |
Alert |
Ver. |
|---|---|---|---|---|---|---|---|
|
460 |
Privileged Threat Analytics event for managed account |
Filename |
Anomaly name triggered in PTA |
Full PTA event details |
|
|
9.10 (external) / 9.99 (Internal) |
|
461 |
Privileged Threat Analytics event for Vault user |
|
|
Full PTA event details |
|
|
9.10 (external) / 9.99 (Internal) |
|
462 |
Password sent to endpoint |
|
|
|
|
|
10.2 |
|
463 |
Agent successfully changed the password for account |
|
|
|
|
|
10.2 |
|
464 |
Agent failed to change the password for account |
|
|
|
|
ü |
10.2 |
|
471 |
Grant Administrative Access Succeeded |
|
|
|
|
|
10.6 |
|
472 |
Grant Administrative Access Failed |
|
|
|
|
|
10.6 |
|
473 |
Remove Administrative Access Succeeded |
|
|
|
|
|
10.6 |
|
474 |
Remove Administrative Access Failed |
|
|
|
|
|
10.6 |
|
475 |
Security warning - Failed to rotate OpenID token keys
|
|
|
|
|
ü |
11.5 |
|
476 |
Security warning - Failed to rotate custom token keys
|
|
|
|
|
ü |
11.5 |
|
477 |
New DR or Satellite Vault registration succeeded
|
Username
|
Source Address
|
|
|
|
11.5 |
|
478 |
New DR or Satellite Vault registration failed
|
Username
|
Source Address
|
|
|
ü |
11.5 |
|
479 |
Security warning - The Signature Hash Algorithm of the Vault certificate is SHA1.
|
Vault Address |
|
|
|
ü |
11.5
|
