Vault Audit Action Codes
The following table lists the action codes available in the User and Safe Activities (LogList) report that can be exported to a SIEM solution using Syslog protocol.
Alerts indicate that an unauthorized operation was performed, such as performing a task without permission, authentication failure, etc. |
Recommended Action Codes for Monitoring
The Vault has a large number of action codes that can be used to monitor different behaviors. For general monitoring, we recommend monitoring the action codes listed in the table below.
Code | Action |
---|---|
4 | User Authentication |
22 | CPM Verify Password |
24 | CPM Change Password |
31 | CPM Reconcile Password |
38 | CPM Verify Password Failed |
57 | CPM Change Password Failed |
60 | CPM Reconcile Password Failed |
130 | CPM Disable Password |
295 | Retrieve Password succeeded |
300 | PSM Connect |
302 | PSM Disconnect |
308 | Use Password |
319 | Retrieve Password (from Provider) |
344 | Privileged Command Initiated |
346 | Privileged Command Completed |
359 | PSM SQL Command |
360 |
PSM SQL Command Failure |
361 | PSM Keystrokes |
362 |
PSM Keystrokes failure |
378 | PSM Secure Connect Session Start |
380 | PSM Secure Connect Session End |
411 | PSM Window Title |
412 |
PSM Windows Title Failure |
All Action Codes
Code |
Action |
Info1 |
Info2 |
Info3 |
File Cat. for Syslog |
Alert |
Ver. |
---|---|---|---|---|---|---|---|
0 | Delete Directory Map |
Username (map name) |
ü |
||||
1 | Delete Directory Map |
Username (map name) |
|||||
2 | Add External User | Username | |||||
3 | Get LDAP configuration data |
ü |
|||||
4 | User Authentication | Network area |
ü |
||||
5 | Unauthorized Station | Network area |
ü |
||||
6 | External Audit |
ü |
|||||
7 | Logon | Network area | Network area | ||||
8 | Logoff | Network area | |||||
9 | External Audit |
ü |
|||||
10 | Update user station failed, not authorized | Username |
ü |
||||
11, 12 | Update Safe Share |
ü |
|||||
13, 14 | Safe Access through Gateway |
ü |
|||||
15 | Impersonation not by an agent |
ü |
|||||
16 | Update Your Trusted Network Areas | Username |
ü |
||||
17 | Add Safe |
ü |
|||||
18 | Non authorized impersonation | Username |
ü |
||||
19 | Full Gateway Connection | Username | |||||
20 | Partial Gateway Connection | Username | |||||
21 | Partial Gateway Connection | Username |
ü |
||||
22 | CPM Verify Password | Filename | Additional Info |
ü |
|||
23 | Action On Closed Safe | Filename |
ü |
||||
24 | CPM Change Password | Filename | Additional Info |
ü |
|||
25, 26 | Open/Close Safe |
ü |
|||||
27 | Open Safe (Unsecured Station) |
ü |
|||||
28, 29, 30 | Add/Update Owner | Username |
ü |
||||
31 | CPM Reconcile Password | Filename | Additional Info |
ü |
|||
32 | Add Owner | Username | |||||
33 | Update Owner | Username | |||||
34, 35 | Rename Safe |
ü |
|||||
36 | Confirm Open Safe | Username | |||||
37 | Confirm Get File | Filename | Username |
ü |
|||
38 | CPM Verify Password | Filename | Additional Info |
ü |
ü |
||
39 | Rename Safe | ||||||
40, 41 | List Files | Filename |
ü |
||||
42, 43 | Retrieve File | Filename |
ü |
ü |
|||
44, 45 | Store File | Filename |
ü |
||||
46, 47 | Delete File | Filename |
ü |
||||
48, 49 | Add Note |
ü |
|||||
50 | Store File | Filename |
Code |
Action |
Info1 |
Info2 |
Info3 |
File Cat. for Syslog |
Alert |
Ver. |
---|---|---|---|---|---|---|---|
51 | Retrieve File succeeded | Filename |
ü |
||||
52 | Delete File | Filename | |||||
53, 54 | Get Notes | ||||||
55, 56 | Find Files | Filename |
ü |
||||
57 | CPM Change Password | Filename | Additional Info |
ü |
ü |
||
58 | Clear User History | ||||||
59 | Clear Safe History | ||||||
60 | CPM Reconcile Password | Filename | Additional Info |
ü |
ü |
||
61 | Update Trusted Network Areas | Network area | |||||
62 | Create File Version | Filename | |||||
63, 65 | Rename User | Username | Username |
ü |
|||
64, 66 | Rename User | Username | Username | ||||
67 | CPM Auto Detection Add Password | Filename | Additional Info |
ü |
|||
68 | Update Trusted User | Username | |||||
69 | Add Location | Location | |||||
70 | Add Location | Location |
ü |
||||
71 | Update Location | Location | |||||
72 | Update Location | Location |
ü |
||||
73 | Delete Location | Location | |||||
74 | Delete Location | Location |
ü |
||||
75 | Take Quota Ownership | ||||||
76, 77 | Take Quota Ownership |
ü |
|||||
78 | Rename/Move Location | Location | Location |
ü |
|||
79 | Rename/Move Location | Location | Location | ||||
80 | Add External Group |
Username (group) |
|||||
81 | Update Address | Network area | |||||
82 | Clear User History | Username |
ü |
||||
83 | Clear User History | Username | |||||
84 | CPM Auto Detection Update Password | Filename | Additional Info |
ü |
|||
85 | Update Network Area | Network area |
ü |
||||
86 | Update Network Area | Network area | |||||
87 | Update Address | Network area |
ü |
||||
88 | Set Password | ||||||
89 | Set Password |
ü |
|||||
90 | Rename Network Area | Network area |
ü |
||||
91 | Rename Network Area | Network area | |||||
92 | Move Network Area | Network area |
ü |
||||
93 | Move Network Area | Network area | |||||
94 | Backup Safe | ||||||
95 | Restore Safe | ||||||
96, 97 | Backup Safe |
ü |
|||||
98 | Open File (Write Only) | Filename | |||||
99 | Open File | Filename | |||||
100, 101 | Open File | Filename |
ü |
Code |
Action |
Info1 |
Info2 |
Info3 |
File Cat. for Syslog |
Alert |
Ver. |
---|---|---|---|---|---|---|---|
102 | User Time Limit Restriction | Network area |
ü |
||||
103 | User Has Expired | Network area |
ü |
||||
104 | User Is Disabled | Network area |
ü |
||||
105 | Add File Category | Filename | Category | ||||
106 | Update File Category | Filename | Category | ||||
107 | Delete File Category | Filename | Category | ||||
108 | Open Safe Request | ||||||
109 | Get File Request | Filename |
ü |
||||
110 | Add Safe (More Secured Than Station) |
ü |
|||||
111 | Delete Open Safe Request | Username | |||||
112 | Delete Get File Request | Filename | Username | ||||
113 | Cannot use station because time limits | Network area |
ü |
||||
114 | Last Required Confirmation To Open Safe Given | Username | |||||
115 | Last Required Confirmation To Get File Given | Filename | Username | ||||
116, 117 | Confirmation Status |
ü |
|||||
118 | Reject Open Safe Request | Username | |||||
119 | Reject Get File Request | Filename | Username |
ü |
|||
120 | Add automatic location | Location | |||||
121 | Move File | Filename | |||||
122 | Undelete File | Filename | |||||
123 | Move File (Cont.) | Filename | |||||
124 | Rename File | Filename | |||||
125 | Rename File (Cont.) | Filename | |||||
126 | Unlock File | Filename | |||||
127 | Hide Open Safe Request | Username | |||||
128 | Hide Get File Request | Filename | Username | ||||
129 | CPM Auto Detection Archive Password | Filename | Additional Info |
ü |
|||
130 | CPM Disable Password | Filename | Additional Info |
ü |
ü |
||
131 | Update Safe (More Secured Than Station) |
ü |
|||||
132, 133 | Add Safe Event |
ü |
|||||
134, 135 | Get Safe Events List |
ü |
|||||
136 | CPM Release Password | Filename | Additional Info |
ü |
|||
137 | CPM Release Password Failed | Filename | Additional Info |
ü |
ü |
||
138 | Rename Folder |
Filename (folder) |
|||||
139 | Move Folder |
Filename (folder) |
|||||
140 | Rename Folder (Cont.) |
Filename (folder) |
|||||
141 | Move Folder (Cont.) |
Filename (folder) |
|||||
142 | Delete Safe |
ü |
|||||
143 | Store Picture | Username | |||||
144 | Delete Picture | Username | |||||
145 | Delete Safe |
ü |
|||||
146, 147 | Update Safe |
ü |
|||||
148, 149 | Delete Safe |
ü |
|||||
150 | Restore Safe |
ü |
Code |
Action |
Info1 |
Info2 |
Info3 |
File Cat. for Syslog |
Alert |
Ver. |
---|---|---|---|---|---|---|---|
151 |
Add Folder |
|
|
|
|
|
|
152, 153 | Add Folder |
ü |
|||||
154, 155 | Delete Folder |
ü |
|||||
156 | Backup Safe | Network area |
ü |
||||
157 | Get License Information |
ü |
|||||
158, 159 | Move/Rename Folder |
ü |
|||||
160, 161 | Move File | Filename |
ü |
||||
162, 163 | Undelete File | Filename |
ü |
||||
164, 165 | Rename File | Filename |
ü |
||||
166, 167 | Unlock File | Filename |
ü |
||||
168, 169 | Clear Expired History |
ü |
|||||
170 | Delete Safe (Has Unexpired Files) |
ü |
|||||
171 | Update Picture | Username |
ü |
||||
172 | Update Your Picture | Username |
ü |
||||
173 | Add User |
ü |
|||||
174 | Update User | Username |
ü |
||||
175 | Update Your User | Username |
ü |
||||
176 | Delete User | Username |
ü |
||||
177 | Delete Your User | Username |
ü |
||||
178 | Get User's Details | Username |
ü |
||||
179 | Get Your User's Details | Username |
ü |
||||
180 | Add User | Username | |||||
181 | Update Safe | ||||||
182 | Update User | Username | |||||
183 | Delete Safe | ||||||
184 | Delete User | Username | |||||
185 | Add Safe | ||||||
186 | Get UserDetails By Identifier |
ü |
|||||
187 | Add Folder |
Filename (folder) |
|||||
188 | Delete Folder |
Filename (folder) |
|||||
189 | Delete Folder (Has Unexpired Files) |
Filename (folder) |
ü |
||||
190 | Lock As Draft | Filename | |||||
191 | Lock As Draft | Filename |
ü |
||||
192 | Unlock Draft | Filename | |||||
193 | Unlock Draft | Filename |
ü |
||||
194 | Backup Safe | ||||||
195 | Object content validated | Filename | |||||
196, 197 | Update Owners |
ü |
|||||
198 | Delete Folder (Has Locked Files) |
Filename (folder) |
ü |
||||
199 | Object content invalidated | Filename | |||||
200, 201 | Monitoring old backup files |
Code |
Action |
Info1 |
Info2 |
Info3 |
File Cat. for Syslog |
Alert |
Ver. |
---|---|---|---|---|---|---|---|
202, 203 | Deleting old backup files | ||||||
204 | Retrieve File (Wrong Key) | Filename |
ü |
||||
205 | Store File (Wrong Key) | Filename |
ü |
||||
206 | External Object Operation | Username |
ü |
||||
207, 208 | Compress Safe |
ü |
|||||
209 | Compress Safe | ||||||
211 | Update User Detailed Information | Additional Info | |||||
214 | Add Directory Map LDAP Branch |
Username (map name) |
ü |
||||
215 | Update Directory Map LDAP Branch |
Username (map name) |
ü |
||||
216 | Delete Directory Map LDAP Branch |
Username (map name) |
ü |
||||
217 | Add Directory Map LDAP Branch |
Username (map name) |
|||||
218 | Update Directory Map LDAP Branch |
Username (map name) |
|||||
219 | Delete Directory Map LDAP Branch |
Username (map name) |
|||||
220 |
Protect Local Folder |
|
|
|
|
|
|
221 | Ownership Expired |
ü |
|||||
222 | List Directory Map LDAP Branches |
Username (map name) |
ü |
||||
223 |
Unprotect Local Folder |
|
|
|
|
|
|
224 | Load metadata to backup | ||||||
229 | Object content status pending | Filename | |||||
236 | Metadata backup file fetched | ||||||
237, 238 | Rules List |
ü |
|||||
239 | Update Directory Map Detailed Information | Additional Info | |||||
240 | Release Gw Locks | ||||||
241 | Prepare Backup Metadata |
|
|||||
243 | Update user safe options failed |
ü |
|
||||
244 | Update user safe options failed |
ü |
|
||||
246 | LDAP Synchronization start |
|
|||||
247 |
LDAP Synchronization end |
|
|
|
|
|
|
248, 249 | Add Rule | Filename |
ü |
|
|||
250 | Restore metadata | Network area |
ü |
|
Code |
Action |
Info1 |
Info2 |
Info3 |
File Cat. for Syslog |
Alert |
Ver. |
---|---|---|---|---|---|---|---|
251 | Restore metadata | Network area | |||||
252 | Update Directory Map |
Username (map name) |
|||||
253 | Update Directory Map |
Username (map name) |
ü |
||||
254 | Add Directory Map |
Username (map name) |
|||||
255 | Add Directory Map |
Username (map name) |
ü |
||||
256 | Update External User | Username | |||||
257 | Update External Group |
Username (group) |
|||||
259 | Add/Update Group |
Username (group) |
|||||
260 | Add/Update Group |
Username (group) |
ü |
||||
261 | Add Group Member |
Username (group) |
ü |
||||
262 | Delete Group Member |
Username (group) |
ü |
||||
263 | Update Group |
Username (group) |
ü |
||||
264 | Update Group |
Username (group) |
|||||
265 | Add Group Member |
Username (group) |
Username | ||||
266 | Remove Group Member |
Username (group) |
Username | ||||
269 | Delete Group |
Username (group) |
ü |
||||
270 | Delete Group |
Username (group) |
|||||
271 | List Group Members |
Username (group) |
ü |
||||
272 | Delete Folder |
Filename (folder) |
ü |
||||
273 | Remove Owner | Username | |||||
276 | Delete External User | Username | |||||
277 | Delete External Group |
Username (group) |
|||||
278 | Add Rule | Filename | Username | ||||
279 | Delete Rule | Filename | Username | ||||
280, 281 | Delete Rule | Filename |
ü |
||||
282 |
Read email key |
|
|
|
|
|
|
283 |
Delete email key |
|
|
|
|
|
|
284 | Unauthorized Firewall Network Areas refresh |
ü |
|||||
285 | Firewall Network Areas refresh | ||||||
286 | Add Group Member - Sync From Ldap |
Username (group) |
|||||
287 | Delete Group Member - Sync From Ldap |
Username (group) |
|||||
288 | Auto Clear Users History start | ||||||
289 | Auto Clear Users History end | ||||||
290 | Auto Clear Safes History start | ||||||
291 | Auto Clear Safes History end | ||||||
292 | Auto Download Certificate Revocation List Data start | ||||||
293 | Auto Download Certificate Revocation List Data end | ||||||
294 | Store password | Filename |
ü |
||||
295 | Retrieve password | Filename |
ü |
||||
296 | Open Safe | ||||||
297, 298 | Rules List | Filename |
ü |
||||
300 | PSM Connect | Filename | Additional Info |
ü |
Code |
Action |
Info1 |
Info2 |
Info3 |
File Cat. for Syslog |
Alert |
Ver. |
---|---|---|---|---|---|---|---|
301 | PSM Connect Failed | Filename | Additional Info |
ü |
ü |
||
302 | PSM Disconnect | Filename | Additional Info |
ü |
|||
303 | PSM Disconnect Failed | Filename | Additional Info |
ü |
ü |
||
304 | PSM Upload Recording | Filename | Additional Info |
ü |
|||
305 | Run Report | ||||||
306, 307 | Use Password | Filename |
ü |
ü |
|||
308 | Use Password | Filename |
ü |
||||
309 | Undefined User Logon | Report Name |
ü |
||||
310 | Monitor DR Replication start | V5.50 | |||||
311 | Monitor DR Replication end | V5.50 | |||||
312 | Monitor Backup Replication start | V5.50 | |||||
313 | Monitor Backup Replication end | V5.50 | |||||
314 | Reset Password User | Username |
ü |
V5.50 | |||
315 | Reset Password Your User | Username |
ü |
V5.50 | |||
316 | Reset User Password Detailed Information | Username | Additional Info | V5.50 | |||
317 | Reset User Password | Username | V5.50 | ||||
318 | Activate/Deactivate Trusted Network Areas | Username | V5.50 | ||||
319 | Retrieve password (From Provider) | Filename |
ü |
V5.50 | |||
320 | Retrieve password (From Provider) | Filename |
ü |
ü |
V5.50 | ||
321 | Add Report Definition | V6.00 | |||||
322 | Edit Report Definition | V6.00 | |||||
323 | Delete Report Definition | V6.00 | |||||
324 | Hide Report | V6.00 | |||||
325 | Send Report | V6.00 | |||||
326 | CPM Auto Detection Start Automatic Detection | V6.00 | |||||
327 | CPM Auto Detection End Automatic Detection | V6.00 | |||||
328 | CPM Auto Detection Add Usage | Filename | Additional Info |
ü |
V6.00 | ||
329 | CPM Auto Detection Update Usage | Filename | Additional Info |
ü |
V6.00 | ||
330 | CPM Auto Detection Delete Usage | Filename | Additional Info |
ü |
V6.00 | ||
331 | Add User By Template | Username | V6.00 | ||||
333 | Add Privileged Command failed | Filename | Username |
ü |
V6.00 | ||
334 | Add Privileged Command succeeded | Filename | Username | Resource | V6.00 | ||
336 | Delete Privileged Command failed | Filename | Username |
ü |
V6.00 | ||
337 | Delete Privileged Command succeeded | Filename | Username | Resource | V6.00 | ||
338 |
Add Privileged Command failed |
Platform Name |
Username |
|
|
ü |
V6.00 |
339 | Add Privileged Command | Platform Name | Username |
ü |
V6.00 | ||
340 | Add Privileged Comman succeeded | Platform Name | Username | Resource | V6.00 | ||
342 | Delete Privileged Command | Platform Name | Username |
ü |
V6.00 | ||
343 | Delete Privileged Command succeeded | Platform Name | Username | Resource | V6.00 | ||
344 S | Privileged command initiated | Filename | Additional Info |
ü |
V6.00 | ||
345 S | Privileged command initiation failed | Filename | Additional Info |
ü |
ü |
V6.00 | |
346 S | Privileged command completed | Filename | Additional Info |
ü |
V6.00 | ||
347 S | OPM failed to execute privileged command | Filename | Additional Info |
ü |
ü |
V6.00 | |
348 S | PIMSu recording uploaded | Filename | Additional Info |
ü |
V6.00 | ||
349, 350 | Update Privileged Command | Filename | Username |
ü |
V6.00 |
Code |
Action |
Info1 |
Info2 |
Info3 |
File Cat. for Syslog |
Alert |
Ver. |
---|---|---|---|---|---|---|---|
351 | Update Privileged Command | Platform Name | Username | Resource | V6.00 | ||
352, 353 | Update Privileged Command | Platform Name | Username |
ü |
V6.00 | ||
354 | Update Privileged Command | Platform Name | Username | Resource | V6.00 | ||
355 | Monitor License Expiration Date start | Username | V6.00 | ||||
356 | Monitor License Expiration Date end | Username | V6.00 | ||||
357 | Monitor FW rules start | Username | V6.00 | ||||
358 | Monitor FW Rules end | Username | V6.00 | ||||
359 | SQL command | Username | Safe | File |
ü |
V7.00 | |
360 | SQL Command audit failed | Username | Account Safe | Account Object |
ü |
ü |
V7.10 |
361 | SSH Command | Username | Safe | File |
ü |
V7.00 | |
362 | Keystroke logging audit failed | Username | Account Safe | Account Object |
ü |
ü |
V7.10 |
363 | Ownership not yet active | Username | Safe |
ü |
V7.00 | ||
364 | LDAP Configuration Refresh success | Username | V7.00 | ||||
365 | LDAP Configuration Refresh failed | Username |
ü |
V7.00 | |||
366 | Object content validated failed | Username | Safename | File name |
ü |
V6.00 | |
367 | Update Email Notifications Configuration | Username | V7.00 | ||||
368 | Forget My Password Requested | Username | Username | Note | V6.00 | ||
369 | Forget My Password Requested | Username | Username | Note |
ü |
V6.00 | |
370 | Forget My Password Completed | Username | Username | Note | V6.00 | ||
371 | Forget My Password Completed | Username | Username | Note |
ü |
V6.00 | |
372 | Terminate Session | Username | Recordings Safe | Target Session File |
ü |
V7.10 | |
373 | Terminate Session Failed | Username | Recordings Safe | Target Session File |
ü |
ü |
V7.10 |
374 | Monitor Session Start | Username | Recordings Safe | Target Session File |
ü |
V7.10 | |
375 | Monitor Session Start Failed | Username | Recordings Safe | Target Session File |
ü |
ü |
V7.10 |
376 | Monitor Session End | Username | Recordings Safe | Target Session File |
ü |
V7.10 | |
377 | Monitor Session End Failed | Username | Recordings Safe | Target Session File |
ü |
ü |
V7.10 |
378 | PSM Secure Connect Session Start | Username | PSM Internal Accounts Safe | Secure Connect Internal Account Object name |
ü |
V7.10 | |
379 | PSM Secure Connect Session Start Failed | Username | PSM Internal Accounts Safe | Secure Connect Internal Account Object name |
ü |
ü |
V7.10 |
380 | PSM Secure Connect Session End | Username | PSM Internal Accounts Safe | Secure Connect Internal Account Object name |
ü |
V7.10 | |
381 | PSM Secure Connect Session End Failed | Username | PSM Internal Accounts Safe | Secure Connect Internal Account Object name |
ü |
ü |
V7.10 |
382 | Add App Authentication | Username | Target Application ID | [auth type] auth value | V7.1.7 | ||
383 | Delete App Authentication | Username | Target Application ID | [auth type] auth value | V7.1.7 | ||
384 | Avector Integration Audit | ||||||
385 |
Changes were made successfully to the Master Policy |
Action |
|
|
|
|
V9.6 |
386 | Changes to the Master Policy failed | Action |
ü |
V9.6 | |||
387 | Process has started with admin rights added to token | Filename | Additional Info |
ü |
V7.2.10 | ||
388 | Process has been started from the shell context menu with admin rights added to token | Filename | Additional Info |
ü |
V7.2.10 | ||
389 | Process has started with admin rights added to token, which were inherited from its parent. | Filename | Additional Info |
ü |
V7.2.10 | ||
390 | Process has started with admin rights dropped from token. | Filename | Additional Info |
ü |
V7.2.10 | ||
391 | Process has been started from the shell context menu with admin rights dropped from token. | Filename | Additional Info |
ü |
V7.2.10 | ||
392 | Process has started with admin rights dropped from token, which were inherited from its parent. | Filename | Additional Info |
ü |
V7.2.10 | ||
393 | Process has started with no change to the access token (passive mode). | Filename | Additional Info |
ü |
V7.2.10 | ||
394 | Process started from shell context menu with no change to the access token (passive mode). | Filename | Additional Info |
ü |
V7.2.10 | ||
395 | Process started with no change to the access token inherited from parent (passive mode). | Filename | Additional Info |
ü |
V7.2.10 | ||
396 | Process has started with user’s default rights enforced. | Filename | Additional Info |
ü |
V7.2.10 | ||
397 | Process has started from the shell context menu with user’s default rights enforced. | Filename | Additional Info |
ü |
V7.2.10 | ||
398 | Process has started with user’s default rights enforced, which were inherited from its parent. | Filename | Additional Info |
ü |
V7.2.10 | ||
399 | Process requires elevated rights to run. | Filename | Additional Info |
ü |
ü |
V7.2.10 | |
400 | Process has started with custom token applied. | Filename | Additional Info |
ü |
V7.2.10 |
Code |
Action |
Info1 |
Info2 |
Info3 |
File Cat. for Syslog |
Alert |
Ver. |
---|---|---|---|---|---|---|---|
401 | Process has started from the shell context menu with user’s custom token applied. | Filename | Additional Info |
ü |
V7.2.10 | ||
402 | Process has started with custom token applied, which was inherited from its parent. | Filename | Additional Info |
ü |
V7.2.10 | ||
403 | Process execution was blocked. | Filename | Additional Info |
ü |
ü |
V7.2.10 | |
404 | Process has stopped (deprecated). | Filename | Additional Info |
ü |
ü |
V7.2.10 | |
405 | Process started in the context of the authorizing user. | Filename | Additional Info |
ü |
V7.2.10 | ||
406 | Process started from the shell menu in the context of the authorizing user. | Filename | Additional Info |
ü |
V7.2.10 | ||
407 | Process execution was cancelled by the user. | Filename | Additional Info |
ü |
V7.2.10 | ||
408 | Privileged group modification blocked. | Filename | Additional Info |
ü |
ü |
V7.2.10 | |
409 | Process execution was blocked, the maximum number of challenge/response failures was exceeded. | Filename | Additional Info |
ü |
ü |
V7.2.10 | |
410 | Unknown elevation-related operation performed on process. | Filename | Additional Info |
ü |
V7.2.10 | ||
411 | PSM Window Titles | V7.2.10 | |||||
412 | Keystroke logging | Filename | Additional Info |
ü |
V8.6 | ||
413 | Keystroke logging failed | Filename | Additional Info |
ü |
ü |
V8.6 | |
414 |
CPM Verify SSH Key |
|
|
|
|
|
|
415 |
CPM Verify SSH Key Failed |
|
|
|
|
|
|
416 |
CPM Rotate SSH Key |
|
|
|
|
|
|
417 |
CPM Rotate SSH Key Failed |
|
|
|
|
|
|
418 |
CPM Reconcile SSH Key |
|
|
|
|
|
|
419 |
CPM Reconcile SSH Key Failed |
|
|
|
|
|
|
420 |
CPM Release SSH Key |
|
|
|
|
|
|
421 |
CPM Release SSH Key Failed |
|
|
|
|
|
|
422 |
User creation success |
|
|
|
|
|
|
423 |
User creation failed |
|
|
|
|
|
|
424 |
User group assignment |
|
|
|
|
|
|
425 |
User group assignment failed |
|
|
|
|
|
|
426 |
CPM Disable SSH Key |
|
|
|
|
|
|
427 |
Store SSH Key |
|
|
|
|
|
|
428 |
Retrieve SSH Key |
|
|
|
|
|
|
429 |
User Deletion Success |
|
|
|
|
|
|
430 |
User Deletion Failed |
|
|
|
|
|
|
431 |
User De-Provision Failed |
|
|
|
|
|
|
432 |
UID Change Success |
|
|
|
|
|
|
433 |
UID Change Failed |
|
|
|
|
|
|
434 |
CPM has deleted the public SSH key |
|
|
|
|
|
|
435 |
CPM failed to delete the SSH key |
|
|
|
|
|
|
436 | SCP Command | Username | File |
ü |
|
V7.2.17 | |
440 |
Get SSH Public Keys Failed |
Username |
Username |
|
|
ü |
V9.6 |
441 |
Add SSH Public Keys Succeeded |
Username |
Username |
|
|
|
V9.6 |
442 |
Add SSH Public Keys Failed |
Username |
Username |
|
|
ü |
V9.6 |
443 |
Delete SSH Public Keys Succeeded |
Username |
Username |
|
|
|
V9.6 |
444 |
Delete SSH Public Keys Failed |
Username |
Username |
|
|
ü |
V9.6 |
Code |
Action |
Info1 |
Info2 |
Info3 |
File Cat. for Syslog |
Alert |
Ver. |
---|---|---|---|---|---|---|---|
460 |
Privileged Threat Analytics event for managed account |
Filename |
Anomaly name triggered in PTA |
Full PTA event details |
|
|
9.10 (external) / 9.99 (Internal) |
461 |
Privileged Threat Analytics event for Vault user |
|
|
Full PTA event details |
|
|
9.10 (external) / 9.99 (Internal) |
462 |
Password sent to endpoint |
|
|
|
|
|
10.2 |
463 |
Agent successfully changed the password for account |
|
|
|
|
|
10.2 |
464 |
Agent failed to change the password for account |
|
|
|
|
ü |
10.2 |
471 |
Grant Administrative Access Succeeded |
|
|
|
|
|
10.6 |
472 |
Grant Administrative Access Failed |
|
|
|
|
|
10.6 |
473 |
Remove Administrative Access Succeeded |
|
|
|
|
|
10.6 |
474 |
Remove Administrative Access Failed |
|
|
|
|
|
10.6 |
475 |
Security warning - Failed to rotate OpenID token keys
|
|
|
|
|
ü |
11.5 |
476 |
Security warning - Failed to rotate custom token keys
|
|
|
|
|
ü |
11.5 |
477 |
New DR or Satellite Vault registration succeeded
|
Username
|
Source Address
|
|
|
|
11.5 |
478 |
New DR or Satellite Vault registration failed
|
Username
|
Source Address
|
|
|
ü |
11.5 |
479 |
Security warning - The Signature Hash Algorithm of the Vault certificate is SHA1.
|
Vault Address |
|
|
|
ü |
11.5
|