Vault Audit Action Codes

The following tables list the action codes (audits) available to monitor the Vault and to highlight any operational failures.

The action codes are available in the User and Safe Activities report. For details, see Reports and Audits.

  • The Alert column in the tables indicates that an unauthorized operation was performed, such as performing a task without permission or authentication failure.

  • The Version column in the tables indicates the version when the action code was introduced. If the version is not listed, the code was introduced before v11.0.

  • A specific action may be represented by a single action code or, because of technical reasons that are transparent to the user, by multiple action codes.

Recommended Action Codes for Monitoring

The Vault has a large number of action codes that can be used to monitor different behaviors. For general monitoring, we recommend monitoring the action codes listed in the table below.

Code Action
4 User Authentication
22 CPM Verify Password
24 CPM Change Password
31 CPM Reconcile Password
38 CPM Verify Password Failure
57 CPM Change Password Failure
60 CPM Reconcile Password Failure
130 CPM Disable Password
295 Retrieve Password
300 PSM Connect
302 PSM Disconnect
308 Use Password
319 Retrieve Password (from Provider)
344 Privileged Command Initiated
346 Privileged Command Completed
359 PSM SQL Command


PSM SQL Command Failure

361 PSM Keystrokes


PSM Keystrokes Failure

378 PSM Secure Connect Session Start
380 PSM Secure Connect Session End
411 PSM Window Title


PSM Windows Title Failure

All Action Codes