Vai al contenuto principale

Catalogo degli Eventi di Audit

Questo catalogo elenca tutti i nomi degli eventi di audit di VaultPAM di livello pubblico e le relative categorie. È destinato agli ingegneri SIEM che creano regole di rilevamento e ai revisori della conformità che convalidano la copertura dell'audit — non per la creazione di integrazioni client rispetto allo schema completo dell'evento. Lo schema completo dei campi (attore, destinatario, metadati, conservazione) è disponibile nel riferimento API con accesso ristretto; contattare il supporto per richiedere l'accesso.

Questo catalogo viene generato automaticamente dal codice sorgente. Non modificare direttamente. Per rigenerare, eseguire scripts/docs/generate_audit_event_catalog.sh.

Eventi del Control-Plane

CostanteStringa WireCategoria
AGENT_PAIRING_INITIATEDAgent Pairing InitiatedAgent / Connectivity
AGENT_PAIRING_COMPLETEDAgent Pairing CompletedAgent / Connectivity
AGENT_PAIRING_FAILEDAgent Pairing FailedAgent / Connectivity
AGENT_HEARTBEAT_RECEIVEDAgent Heartbeat ReceivedAgent / Connectivity
AGENT_CONNECTIVITY_CHECKAgent Connectivity CheckAgent / Connectivity
CONNECTOR_REGISTRATIONConnector RegistrationAgent / Connectivity
CONNECTOR_UPGRADEConnector UpgradeAgent / Connectivity
CONNECTOR_DECOMMISSIONEDConnector DecommissionedAgent / Connectivity
USER_ACCESS_REQUEST_CREATEDUser Access Request CreatedIdentity / Access / Sharing
ACCESS_REQUEST_APPROVEDAccess Request ApprovedIdentity / Access / Sharing
ACCESS_REQUEST_REJECTEDAccess Request RejectedIdentity / Access / Sharing
ACCESS_DELEGATION_GRANTEDAccess Delegation GrantedIdentity / Access / Sharing
ACCESS_DELEGATION_REVOKEDAccess Delegation RevokedIdentity / Access / Sharing
ROLE_ASSIGNMENT_CHANGEDRole Assignment ChangedIdentity / Access / Sharing
POLICY_ASSIGNMENT_CHANGEDPolicy Assignment ChangedIdentity / Access / Sharing
MFA_CHALLENGE_TRIGGEREDMFA Challenge TriggeredIdentity / Access / Sharing
MFA_VERIFICATION_SUCCEEDEDMFA Verification SucceededIdentity / Access / Sharing
MFA_VERIFICATION_FAILEDMFA Verification FailedIdentity / Access / Sharing
MFA_SESSIONS_INVALIDATEDMFA Sessions InvalidatedIdentity / Access / Sharing
MFA_RECOVERY_REQUESTEDmfa.recovery.requestedIdentity / Access / Sharing
MFA_RECOVERY_VERIFIEDmfa.recovery.verifiedIdentity / Access / Sharing
MFA_RECOVERY_PENDING_ADMIN_APPROVALmfa.recovery.pending_admin_approvalIdentity / Access / Sharing
MFA_RECOVERY_APPROVEDmfa.recovery.approvedIdentity / Access / Sharing
MFA_RECOVERY_DENIEDmfa.recovery.deniedIdentity / Access / Sharing
MFA_RECOVERY_GRANT_ISSUEDmfa.recovery.grant_issuedIdentity / Access / Sharing
MFA_RECOVERY_GRANT_CONSUMEDmfa.recovery.grant_consumedIdentity / Access / Sharing
MFA_RECOVERY_EXPIREDmfa.recovery.expiredIdentity / Access / Sharing
MFA_RECOVERY_COMPLETEDmfa.recovery.completedIdentity / Access / Sharing
MFA_BACKUP_CODES_GENERATEDmfa.backup_codes.generatedIdentity / Access / Sharing
MFA_BACKUP_CODES_USEDmfa.backup_codes.usedIdentity / Access / Sharing
MFA_BACKUP_CODES_REGENERATEDmfa.backup_codes.regeneratedIdentity / Access / Sharing
PRIVILEGED_ACCOUNT_CREATEDPrivileged Account CreatedAccounts / Secrets / Credentials
PRIVILEGED_ACCOUNT_UPDATEDPrivileged Account UpdatedAccounts / Secrets / Credentials
PRIVILEGED_ACCOUNT_DISABLEDPrivileged Account DisabledAccounts / Secrets / Credentials
CREDENTIAL_CHECKOUT_STARTEDCredential Check-out StartedAccounts / Secrets / Credentials
CREDENTIAL_CHECKOUT_COMPLETEDCredential Check-out CompletedAccounts / Secrets / Credentials
CREDENTIAL_CHECKIN_COMPLETEDCredential Check-in CompletedAccounts / Secrets / Credentials
CREDENTIAL_ROTATION_STARTEDCredential Rotation StartedAccounts / Secrets / Credentials
CREDENTIAL_ROTATION_COMPLETEDCredential Rotation CompletedAccounts / Secrets / Credentials
CREDENTIAL_ROTATION_FAILEDCredential Rotation FailedAccounts / Secrets / Credentials
SECRET_ACCESSEDSecret Accessed (Metadata-only)Accounts / Secrets / Credentials
CONNECTION_DEFINITION_CREATEDConnection Definition CreatedConnections / Sessions
CONNECTION_DEFINITION_UPDATEDConnection Definition UpdatedConnections / Sessions
CONNECTION_DEFINITION_DELETEDConnection Definition DeletedConnections / Sessions
SESSION_START_REQUESTEDSession Start RequestedConnections / Sessions
SESSION_ESTABLISHEDSession EstablishedConnections / Sessions
SESSION_RECORDING_STARTEDSession Recording StartedConnections / Sessions
SESSION_POLICY_ENFORCEDSession Policy EnforcedConnections / Sessions
SESSION_SUSPENDEDSession SuspendedConnections / Sessions
SESSION_TERMINATED_BY_USERSession Terminated by UserConnections / Sessions
SESSION_TERMINATED_BY_ADMINSession Terminated by AdminConnections / Sessions
SESSION_TERMINATED_BY_SYSTEMSession Terminated by SystemConnections / Sessions
SESSION_RECORDING_FINALIZEDSession Recording FinalizedConnections / Sessions
SESSION_PLAYBACK_ACCESSEDSession Playback AccessedConnections / Sessions
HTTP_SESSION_STARTEDHTTP_SESSION_STARTEDConnections / Sessions
HTTP_SESSION_ENDEDHTTP_SESSION_ENDEDConnections / Sessions
HTTP_URL_DENIEDHTTP_URL_DENIEDConnections / Sessions
HTTP_CREDENTIAL_INJECTEDHTTP_CREDENTIAL_INJECTEDConnections / Sessions
AUDIT_LOG_VIEWEDAudit Log ViewedAdmin / Platform / Audit
AUDIT_LOG_EXPORT_REQUESTEDAudit Log Export RequestedAdmin / Platform / Audit
AUDIT_LOG_EXPORT_COMPLETEDAudit Log Export CompletedAdmin / Platform / Audit
RETENTION_POLICY_CHANGEDRetention Policy ChangedAdmin / Platform / Audit
TENANT_SETTINGS_UPDATEDTenant Settings UpdatedAdmin / Platform / Audit
API_TOKEN_CREATEDAPI Token CreatedAdmin / Platform / Audit
API_TOKEN_REVOKEDAPI Token RevokedAdmin / Platform / Audit
SECURITY_INCIDENT_FLAGGEDSecurity Incident FlaggedAdmin / Platform / Audit
SYSTEM_ERROR_LOGGEDSystem Error LoggedAdmin / Platform / Audit
INVITATION_SENTInvitation SentInvitation Lifecycle
INVITATION_ACCEPTEDInvitation AcceptedInvitation Lifecycle
INVITATION_REVOKEDInvitation RevokedInvitation Lifecycle
INVITATION_RESENTInvitation ResentInvitation Lifecycle
INVITATION_EXPIREDInvitation ExpiredInvitation Lifecycle
INVITATION_ACCEPT_BLOCKEDInvitation Accept BlockedInvitation Lifecycle
INVITE_ACCEPT_STARTEDinvite_accept_startedInvitation Lifecycle
INVITE_TOKEN_INVALID_OR_EXPIREDinvite_token_invalid_or_expiredInvitation Lifecycle
INVITE_EMAIL_MISMATCH_BLOCKEDinvite_email_mismatch_blockedInvitation Lifecycle
INVITE_ACCEPTEDinvite_acceptedInvitation Lifecycle
ORG_SUBMISSION_STARTEDorg_submission_startedInvitation Lifecycle
ORG_SUBMISSION_SUBMITTEDorg_submission_submittedInvitation Lifecycle
ORG_SUBMISSION_APPROVEDorg_submission_approvedInvitation Lifecycle
ORG_SUBMISSION_REJECTEDorg_submission_rejectedInvitation Lifecycle
PROVIDER_FLOW_FAILEDprovider_flow_failedInvitation Lifecycle
PENDING_STATE_VIEWEDpending_state_viewedInvitation Lifecycle
PLATFORM_USER_INVITEDPlatform User InvitedPlatform Users Management
PLATFORM_USER_REMOVEDPlatform User RemovedPlatform Users Management
PLATFORM_USER_ROLE_CHANGEDPlatform User Role ChangedPlatform Users Management
PLATFORM_USER_MFA_RESETPlatform User MFA ResetPlatform Users Management
PLATFORM_INVITATION_ACCEPTEDPlatform Invitation AcceptedPlatform Users Management
PLATFORM_USER_INVITE_REJECTEDPlatform User Invite RejectedPlatform Users Management
PLATFORM_SELF_REMOVAL_BLOCKEDPlatform Self Removal BlockedPlatform Users Management
PLATFORM_LAST_ADMIN_REMOVAL_BLOCKEDPlatform Last Admin Removal BlockedPlatform Users Management
PLATFORM_LAST_ADMIN_MFA_RESET_BLOCKEDPlatform Last Admin MFA Reset BlockedPlatform Users Management
PLATFORM_USERS_LISTEDPlatform Users ListedPlatform Users Management
PLATFORM_INVITATIONS_LISTEDPlatform Invitations ListedPlatform Users Management
GROUP_CREATEDgroup.createdGroups / Safe Access
GROUP_UPDATEDgroup.updatedGroups / Safe Access
GROUP_DELETEDgroup.deletedGroups / Safe Access
GROUP_MEMBER_ADDEDgroup.member.addedGroups / Safe Access
GROUP_MEMBER_REMOVEDgroup.member.removedGroups / Safe Access
SAFE_GROUP_ASSIGNMENT_CREATEDsafe.group_assignment.createdGroups / Safe Access
SAFE_GROUP_ASSIGNMENT_UPDATEDsafe.group_assignment.updatedGroups / Safe Access
SAFE_GROUP_ASSIGNMENT_REMOVEDsafe.group_assignment.removedGroups / Safe Access
SAFE_MEMBER_ADDEDsafe.member.addedGroups / Safe Access
SAFE_MEMBER_ROLE_UPDATEDsafe.member.role_updatedGroups / Safe Access
SAFE_MEMBER_REMOVEDsafe.member.removedGroups / Safe Access
SAFE_DERIVED_ACCESS_GRANTEDsafe.derived_access.grantedGroups / Safe Access
SAFE_DERIVED_ACCESS_REVOKEDsafe.derived_access.revokedGroups / Safe Access
SAFE_DERIVED_ACCESS_ROLE_CHANGEDsafe.derived_access.role_changedGroups / Safe Access
GROUP_MUTATION_DENIEDgroup.mutation.deniedGroups / Safe Access
ORG_GOVERNANCE_ACTION_REQUESTEDorg_governance.action_requestedOrg-Scoped Governance Actions
ORG_GOVERNANCE_ACTION_APPROVEDorg_governance.action_approvedOrg-Scoped Governance Actions
ORG_GOVERNANCE_ACTION_REJECTEDorg_governance.action_rejectedOrg-Scoped Governance Actions
PLATFORM_CROSS_ORG_GOVERNANCE_VIEWEDplatform.cross_org_governance_viewedCross-Org Governance
ORG_GOVERNANCE_QUEUE_EXPORTEDorg_governance.queue_exportedCross-Org Governance
ORG_GOVERNANCE_SELF_APPROVAL_BLOCKEDorg_governance.self_approval_blockedCross-Org Governance
PHONE_VERIFICATION_CODE_SENTphone_verification_code_sentPhone / SMS Verification
PHONE_VERIFICATION_SUCCEEDEDphone_verification_succeededPhone / SMS Verification
PHONE_VERIFICATION_FAILEDphone_verification_failedPhone / SMS Verification
PHONE_VERIFICATION_EXPIREDphone_verification_expiredPhone / SMS Verification
PHONE_CHANGE_REQUESTEDphone_change_requestedPhone / SMS Verification
PHONE_CHANGE_COMMITTEDphone_change_committedPhone / SMS Verification
PHONE_CHANGE_ABANDONEDphone_change_abandonedPhone / SMS Verification
AUDIT_PHONE_DIGEST_KEY_ROTATEDaudit_phone_digest_key_rotatedPhone / SMS Verification
PHONE_VERIFICATION_CODE_SEND_BLOCKED_PROVIDER_UNAVAILABLEphone_verification_code_send_blocked_provider_unavailablePhone / SMS Verification
PHONE_VERIFICATION_BOOT_PROVIDER_GATE_PASSEDphone_verification_boot_provider_gate_passedPhone / SMS Verification
PHONE_VERIFICATION_CODE_SEND_BLOCKED_RATE_LIMITphone_verification_code_send_blocked_rate_limitPhone / SMS Verification
PHONE_CHANGE_CONCURRENT_MODIFICATIONphone_change_concurrent_modificationPhone / SMS Verification
PHONE_CHANGE_CANCELphone_change_cancelPhone / SMS Verification
USERS_PHONE_PROPAGATED_FROM_REGISTRATIONusers_phone_propagated_from_registrationPhone / SMS Verification
USERS_PHONE_PROPAGATION_SKIPPED_CONFLICTusers_phone_propagation_skipped_conflictPhone / SMS Verification

Eventi SSH Proxy-Shared

Re-esportati dal control-plane come tipi di evento PROXY_SSH_*.

CostanteStringa WireDescrizione
PROXY_SSH_SESSION_OPENEDproxy.ssh.session.openedSessione SSH aperta correttamente — verifica post-grant, connessione upstream, canale pronto.
PROXY_SSH_SESSION_CLOSEDproxy.ssh.session.closedSessione SSH chiusa — chiusura del canale, EOF upstream o disconnessione del client.
PROXY_SSH_AUTH_REJECTEDproxy.ssh.auth.rejectedAutenticazione SSH rifiutata al proxy — grant non valido, grant scaduto, replay o chiave non autorizzata.
PROXY_SSH_RECORDING_WRITTENproxy.ssh.recording.writtenArtefatto di registrazione SSH finalizzato e persistito nell'archivio delle registrazioni.

Livelli di Gravità

ValoreSignificato
DEBUGDiagnostica di basso livello; non inoltrata a SIEM per impostazione predefinita.
INFORegistro di normale funzionamento.
WARNCondizione recuperabile che potrebbe richiedere attenzione.
ERROROperazione non riuscita; potrebbe richiedere un'indagine.
CRITICALErrore significativo dal punto di vista della sicurezza; sempre inoltrato a SIEM.

Tipi di Attore

ValoreDescrizione
UserUtente finale che agisce per conto proprio.
TenantAdminAmministratore a livello di organizzazione.
SystemAzione di sistema automatizzata senza attivazione diretta dell'utente.
ServiceAccountToken API o account di macchina.
PlatformAdminOperatore della piattaforma cross-org.
OrgAdminRuolo di amministratore con ambito organizzativo.
ConnectorAgente Connector che agisce autonomamente.

Tipi di Destinatario

ValoreDescrizione
AccountAccount privilegiato o oggetto credenziale.
ConnectionDefinizione di connessione.
SessionSessione attiva o completata.
AgentAgente Connector o proxy.
PolicyPolicy di accesso o di sessione.
SecretSecret o payload di credenziale.
TenantEntità tenant/org.
API TokenOggetto token API.
InvitationRecord di invito.
AuditLogQuery o esportazione di audit log.
GovernanceActionRichiesta di approvazione della governance.
SafeContenitore Safe.