Audit Trail Events

In this topic:

    Message-EventType

    Audit parent type

    Audit child type

    Description

    AssessmentCompletionEvent

    A Dome9 Continuous Compliance assessment was completed

    AccountTrustCreatedEvent

    Account Trust relation

    Trust relation was created

    Trust relation between accounts was created

    AccountTrustDeletedEvent

    Account Trust relation

    Trust relation was deleted

    Trust relation between accounts was deleted

    AccountTrustUpdatedEvent

    Account Trust relation

    Trust relation was updated

    Trust relation between accounts was updated

    --------------------------------------

    Dome9 account

    Dome9 account created

    Dome9 Account was created

    ManagedAccountCreatedEvent

    Managed account event

    Dome9 managed account was created

    Dome9 Managed account was created

    ManagedAccountDeletedEvent

    Managed account event

    Dome9 managed account was deleted

    Dome9 Managed account was deleted

    ManagedAccountUpdatedEvent

    Managed account event

    Dome9 managed account was updated

    Dome9 Managed account was updated

    AccountLicenseUpdatedEvent

    Dome9 account

    Account license updated

    The license plan was updated.

    AccountNameUpdatedEvent

    Dome9 account

    Account name updated

    Dome9 Account name was updated

    CrossAccountIdentifierCreatedEvent

    Dome9 account

    Cross account identifier was generated

    A cross account identifer was generated for the account (for MSP)

    AccountBillingUpdatedEvent

    Dome9 account

    Account billing updated

    Billing details were updated.

    AccountLicenseStateChangedEvent

    Dome9 account

    Account license state changed

    License state changed (Active / Suspended)

    AuditDataExportEvent

    Audit data exported

    A user exported the Audit trail content.

    AlertTriggeredEvent

    Alerts events

    Alert triggered

    Alert was triggered on a security group

    AlertClosedEvent

    Alerts events

    Alert resolved

    Alert was resolved on a security group

    AlertUpdatedEvent

    Alerts events

    Alert updated

    Alert content was updated on a security group

    BillingCalculationEvent

    Billing calculation

    Obsolete

    AwsAccountAddEvent

    Cloud account

    Cloud account created

    New cloud account was added to Dome9 Console

    CloudAccountRenameEvent

    Cloud account

    Cloud account renamed

    Cloud account was renamed

    ProfileBehaviorChangedEvent

    Cloud account

    Region configuration updated

    Region configuration updated for a cloud account

    ProtectionModeChangedEvent

    Cloud account

    Protection mode updated

    Protection mode updated for cloud account

    InvalidAwsCredentialsEvent

    Cloud account

    Invalid cloud credentials

    The cloud account have invalid credentials

    AwsCredentialsValidatedEvent

    Cloud account

    Cloud credentials validated

    The cloud account that had invalid credentials is now valid

    NewAwsSecGroupCreatedEvent

    Cloud security groups

    Security group created

    Security group was created from Dome9 Console

    AwsSecGroupTagsUpdatedEvent

    Cloud security groups

    Security group updated

    Security group was updated from Dome9 Console

    AwsSecGroupDeletedEvent

    Cloud security groups

    Security group deleted

    Security group was deleted from Dome9 Console

    CloudSecGroupTamperDetectedEvent

    Cloud security groups

    Security group tamper detected and handled

    A change was detected on a full protected security group and it was reverted

    CloudSecGroupChangesDetectedEvent

    Cloud security groups

    Security group change detected

    A change was detected on a read only security group

    CloudSecGroupPushEvent

    Cloud security groups

    Security group push

    A Security group change was pushed to AWS

    ObsoletePermissionsDetectedEvent

    Cloud security groups

    Policy normalized

    The security group policy was normalized

    CloudSecGroupImportedEvent

    Cloud security groups

    Security group imported

    Security group was imported from your cloud account

    CloudSecGroupProtectionModeUpdateFailed

    Cloud security groups

    Security group protection mode update failed

    Failed to update protection mode of security group (Full protection / Read only)

    InstanceCreatedEvent

    Instance event

    New instance created

    New instance was created on your cloud account

    InstanceStateChanged

    Instance event

    Instance state changed

    Instance state changed

    InstanceTagsChangeDetectedEvent

    Instance event

    Instance updated

    A change was detected on an instance and updated in Dome9

    --------------------------------------

    Cloud security service (port)

    Cloud security group configuration change

    Cloud security groups configuration related audits

    AwsServiceCreatedEvent

    Cloud security group configuration change

    Security group service created

    Security group service created from Dome9 Console

    AwsServiceDeletedEvent

    Cloud security group configuration change

    Security group service deleted

    Security group service deleted from Dome9 Console

    AwsServiceUpdatedEvent

    Cloud security group configuration change

    Security group service updated

    Security group service modified from Dome9 Console

    AwsOutboundServiceCreatedEvent

    Cloud security group configuration change

    Security group outbound service created

    Security group outbound service created from Dome9 Console

    AwsOutboundServiceDeletedEvent

    Cloud security group configuration change

    Security group outbound service deleted

    Security group outbound service deleted from Dome9 Console

    AwsOutboundServiceUpdatedEvent

    Cloud security group configuration change

    Security group outbound service updated

    Security group outbound service modified from Dome9 Console

    AwsLeaseAcquiredEvent

    Cloud access leases

    Access lease acquired

    An access lease was acquired by a user

    AwsLeaseEndedEvent

    Cloud access leases

    Access lease ended

    An access lease was ended when the time period finished

    LeaseTerminatedEvent

    Cloud access leases

    Access lease terminated

    An access lease was terminated manually by the user

    BlacklistUpdatedEvent

    Blacklist

    Blacklist updated

    Blacklist for the Agents were updated with new content.

    BlacklistItemExpiredEvent

    Blacklist

    Blacklist item expired

    A blacklist item was expired

    EmergencyPolicyTimeoutUpdatedEvent

    Emergency policy

    Emergency timeout updated

    The timeout for Agents emergency policy was updated

    EmergencyPolicyUpdatedEvent

    Emergency policy

    Emergency policy updated

    The emergency policy for the Agents was updated.

    EventsIntegrationCreatedEvent

    Events integration

    Events integration created

    SNS integration created

    EventsIntegrationUpdatedEvent

    Events integration

    Events integration updated

    SNS integration updated

    EventsIntegrationDeletedEvent

    Events integration

    Events integration deleted

    SNS integration deleted

    NewIPListCreatedEvent

    IP List

    IP List created

    Created new IP List

    IPListDeletedEvent

    IP List

    IP List deleted

    Deleted IP List

    IPListUpdatedEvent

    IP List

    IP List updated

    An IP List was updated

    InvitationCreatedEvent

    Invitations

    Invitation created

    An access lease invitation was created

    InvitationUsedEvent

    Invitations

    Invitation used

    An access lease invitation was used

    InvitationExpiredUsageAttemptEvent

    Invitations

    Expired Invitation usage attempt

    An access lease expired invitation usage was detected

    UsedInvitationUsageAttemptEvent

    Invitations

    Used Invitation usage attempt

    An access lease used invitation usage was detected

    InvitationCancelledEvent

    Invitations

    Invitation canceled

    An access lease invitation was canceled

    NewSecurityGroupCreatedEvent

    Dome9 security groups

    Security group created

    New Agent security group was created

    SecurityGroupUpdatedEvent

    Dome9 security groups

    Security group updated

    Agent security group was updated

    SecurityGroupDeletedEvent

    Dome9 security groups

    Security group deleted

    Agent security group was deleted

    SecurityGroupFIMDisabledEvent

    Dome9 security groups

    Security group FIM policy disabled

    FIM policy disabled

    On an agent security group

    SecurityGroupFIMEnabledEvent

    Dome9 security groups

    Security group FIM policy enabled

    FIM policy enabled

    On an agent security group

    NewServerCreatedEvent

    Dome9 Agents

    Agent created

    New agent installed on an instance

    ServerUpdatedEvent

    Dome9 Agents

    Agent configuration updated

    Agent configuration was changed (Name / attached security groups)

    ServerStateChangedEvent

    Dome9 Agents

    Agent state changed

    Agent state changed from: state to: state

    ServerDeletedEvent

    Dome9 Agents

    Agent deleted

    Agent deleted from an instance

    ServerReinstallEvent

    Dome9 Agents

    Agent reinstalled

    Agent was reinstalled

    AgentUpgradedEvent

    Dome9 Agents

    Agent upgraded

    Agent was upgraded

    AgentObsoleteVersionEvent

    Dome9 Agents

    Agent has obsolete version

    The Agent version is obsolete and needs to be updated

    AllFIMAlertsAcknowledgedEvent

    FIM Alerts acknowledged

    FIM Alerts were acknowledged by the user

    FIMScannerStateChangedEvent

    --------------------------------------

    FIM Scan started or ended.

    --------------------------------------

    Dome9 security group service (port)

    Agent security group configuration change

    Security group rule configuration was changed

    ServicePortCreatedEvent

    Agent security group configuration change

    Security group service created

    Security group service created from Dome9 Console

    ServicePortDeletedEvent

    Agent security group configuration change

    Security group service deleted

    Security group service deleted from Dome9 Console

    SecurityGroupUpdatedEvent

    Agent security group configuration change

    Security group service updated

    Security group service modified from Dome9 Console

    OutboundServicePortCreatedEvent

    Agent security group configuration change

    Security group outbound service created

    Security group outbound service created from Dome9 Console

    OutboundServicePortDeletedEvent

    Agent security group configuration change

    Security group outbound service deleted

    Security group outbound service deleted from Dome9 Console

    OutboundServicePortUpdatedEvent

    Agent security group configuration change

    Security group outbound service updated

    Security group outbound service modified from Dome9 Console

    AwsLeaseAcquiredEvent

    Dome9 access leases

    Access lease acquired

    An access lease was acquired by a user

    AwsLeaseEndedEvent

    Dome9 access leases

    Access lease ended

    An access lease was ended when the time period finished

    LeaseTerminatedEvent

    Dome9 access leases

    Access lease terminated

    An access lease was terminated manually by the user

    NewUserRegisteredEvent

    Users

    New user registered

    New user registered to the account

    UserForgotPasswordEvent

    Users

    Forgotten password

    The user reported forgotten password

    -----------------------------------

    Users

    Users management

    User management audits

    UserDisconnectedFromSSOEvent

    Users management

    User disconnected from SSO

    User was set to login with user and password and not with SSO

    UserConnectedToSSOEvent

    Users management

    User connected to SSO

    User was set to login with SSO authentication

    NewUserCreatedEvent

    Users management

    User created

    New user created on the account

    UserDeletedEvent

    Users management

    User deleted

    User was deleted

    UserPermissionsUpdatedEvent

    Users management

    Permissions changed

    User permissions were changed from - to

    AccountOwnerChanged

    Users management

    Account ownership transfer

    The account owner user was changed

    ApiKeyCreatedEvent

    Users management

    API Key created

    API key was created to a user

    ApiKeyDeletedEvent

    Users management

    API Key deleted

    API key was deleted

    AuthenticationProviderChangedEvent

    Users management

    Multi factor authentication

    MFA was set for a user

    UserChangedPasswordEvent

    Users

    Password change

    Password changed by a user

    UserResetPasswordEvent

    Users

    Password was reset

    Password was reset by a user

    UserEmailConfirmedEvent

    Users

    Email confirmation

    Email confirmation was sent to a user

    UserLogOnEvent

    Users

    User logged on

    User logged on to the system

    UserAssumeRoleEvent

    Users

    User switched role

    UserProvisionEvent

    Users

    SSO based on role

    UserLogOnFailureEvent

    Users

    Failed logon

    User failed to login to the system

    SSOUserLogOnFailureEvent

    Users

    SSO login failed

    SSO login failed by a user

    UserRoleDeletedEvent

    User role event

    User role deleted

    Role was deleted

    UserRoleCreatedEvent

    User role event

    User role created

    New role was created

    UserRoleUpdatedEvent

    User role event

    User role updated

    Role permissions were updated

    GoogleCloudAccountAddedEvent

    Google Cloud Account

    Google Cloud Account was added

    GoogleCloudAccountDeletedEvent

    Google Cloud Account

    Google Cloud Account was deleted

    AzureCloudAccountAddEvent

    Azure Cloud Account

    Azure Cloud Account created

    New Azure cloud account was added to Dome9 Console

    AzureCloudAccountDeleteEvent

    Azure Cloud Account

    Azure Cloud Account deleted

    Azure cloud account was deleted from Dome9 Console

    --------------------------------------

    D9 Azure base resource event

    D9 Azure security group event

    Azure NSG related audits

    AzureSecurityGroupImportedEvent

    D9 Azure security group event

    Azure network security group imported

    New Azure security group imported

    AzureSecurityGroupUpdatedEvent

    D9 Azure security group event

    Azure network security group change detected

    Change detected on network security group

    --------------------------------------

    D9 Azure base resource event

    D9 Azure security group policy event

    Azure NSG policy related audits

    AzureSgPolicyCreatedEvent

    D9 Azure security group policy event

    Azure network security group created

    New security group was created from Dome9 Console

    AzureSgPolicyDeletedEvent

    D9 Azure security group policy event

    Azure network security group deleted

    Network security group was deleted

    AzureSgPolicyServicesUpdatedEvent

    D9 Azure security group policy event

    Azure network security group updated

    Network security group was updated

    --------------------------------------

    D9 Azure base resource event

    Azure network security group service

    Azure NSG service related audits

    AzurePolicyServiceCreatedEvent

    Azure network security group service

    Azure network security group service created

    Service created on Azure NSG

    AzurePolicyServiceDeletedEvent

    Azure network security group service

    Azure network security group service deleted

    Service deleted on Azure NSG

    AzurePolicyServiceUpdatedEvent

    Azure network security group service

    Azure network security group service updated

    Service on Azure NSG was updated