The Keyfactor Command audit logs are a record of historical changes that have been made within the product to key systems. The following shows the full list of currently audited areas (areas of the product) and operations (types of activity). The equivalent numeric codes are included for those interested in viewing or analyzing raw log data.
Audit Log Operations
The type of operation performed.
Table 65: Audit Operations
|
Value |
Description |
|---|---|
|
1 |
Created |
|
2 |
Updated |
|
3 |
Deleted |
|
4 |
Approved |
|
5 |
Denied |
|
6 |
Revoked |
|
7 |
Downloaded |
|
8 |
Deleted Private Key |
|
9 |
Renewed |
|
10 |
Encountered |
|
11 |
Scheduled Replacement |
|
12 |
Recovered |
|
13 |
Imported |
|
14 |
Removed from Hold |
| 15 | Scheduled Add |
| 16 | Scheduled Removal |
| 17 | Download with Private Key |
| 18 | Scheduled |
| 19 | Reset |
| 20 | Disapproved |
| 21 | Restarted |
| 22 | Sent |
| 23 | Failed |
| 24 | Completed |
| 25 | Rejected |
| 26 | Revoked from Revoke All Operation |
| 27 | Login |
| 28 | Logout |
Audit Log Categories
The area of the product in which the auditable activity occurred.
Table 66: Audit Categories
|
Value |
Category |
Description |
|---|---|---|
|
2001 |
Certificate (including Certificate Request and Certificate Scheduled Replacement) |
Tracks creation and lifecycle events for certificates, including pending certificate requests. |
|
2002 |
API Application |
Logs events for legacy API requests (Classic API). Note: This audit category has been deprecated and is no longer being generated.
|
|
2003 |
Template |
Records changes to certificate template configuration. |
|
2004 |
Certificate Collection (including Certificate Query) |
Captures activity related to creation and modification of certificate collections. |
|
2005 |
Expiration Alert (including Expiration Alert Definition and Expiration Alert Definition Context Model) |
Logs creation, modification, and deletion of certificate legacy expiration alerts. |
|
2006 |
Pending Alert (including Pending Alert Definition and Pending Alert Definition Context Model) |
Tracks creation, modification and triggering of legacy alerts for certificates pending approval for issuance. |
|
2007 |
Application Setting |
Records changes to application (configuration) settings. |
|
2008 |
Issued Alert (including Issued Alert Definition Context Model) |
Captures creation, modification, and deletion of legacy alerts generated when certificates are successfully issued. |
|
2009 |
Denied Alert (including Denied Alert Definition Context Model) |
Logs creation, modification, and deletion of legacy alerts generated when certificate requests are denied. |
|
2010 |
Security Identity (including AD Identity Model) |
Tracks creation and modification of user and service identities. Note: This audit category has been deprecated and is no longer being generated.
|
|
2011 |
Security Role |
Records creation, modification, or deletion of security roles. |
|
2012 |
Authorization Failure |
Logs failed authorization attempts. |
|
2013 |
CSR (including Certificate Signing Request) |
Captures events related to creation of certificate signing requests. |
|
2014 |
Server Group |
Records creation and management of SSH server groups managed with the Keyfactor Bash Orchestrator. |
|
2015 |
Server |
Tracks registration, configuration, and status changes for Keyfactor Bash Orchestrator servers. |
| 2016 | SSH Key (including Key and Discovered Key) | Logs discovery or management of SSH keys, including rogue key detection for logons. |
|
2017 |
SSH Service Account (including Service Account) |
Tracks configuration and updates to SSH service accounts. |
|
2018 |
SSH Logon (including Logon) |
Captures SSH logons managed with the Keyfactor Bash Orchestrator. |
|
2019 |
SSH User |
Logs management of SSH user identities. |
|
2020 |
Key Rotation Alert (including Key Rotation Alert Definition Context Model) |
Tracks creation, modification, and deletion of key rotation alerts. |
| 2021 | Certificate Store | Logs creation, modification, and deletion of certificate stores. |
| 2022 | Orchestrator Job Type (including Job Type) | Records definition or modification of custom orchestrator job types. |
| 2023 | Orchestrator Job (including Agent Schedule) | Captures scheduling details for custom orchestrator jobs. |
| 2024 | Bulk Orchestrator Job | Logs creation and execution of bulk custom orchestrator job operations. |
| 2025 | Certificate Store Container |
Tracks activity for containers associated with certificate stores (see Applications). Note: This audit category has been deprecated and is no longer being generated.
|
| 2026 | Orchestrator (including Agent) | Records approval and disapproval events for orchestrators. |
| 2027 | Monitoring (including Revocation Monitoring) | Captures creation, modification, and deletion of revocation monitoring alerts. |
| 2028 | License | Logs license validation, activation, or configuration changes. |
| 2029 | Workflow Definition | Records creation and updates to workflow definitions. |
| 2030 | Workflow Instance | Tracks execution and status changes for workflow instances. |
| 2031 | Workflow Signal (including Workflow Instance Signal) | Logs signal events associated with workflow instances. |
| 2032 | Identity Provider | Captures configuration or state changes for identity providers. |
| 2033 | Claim Definition (including Role Claim Definition) | Records creation and modification of claim definitions. |
| 2034 | Permission Set | Logs updates to permission sets and assigned permissions. |
| 2035 | Enrollment Pattern | Tracks creation, modification, or deletion of enrollment patterns. |
| 2036 | SMTP (including SMTP Audit) | Captures configuration or authentication updates for SMTP settings. |
| 2037 | Application | Records events related to general configuration and management of certificate store applications (formerly known as containers). |
Was this page helpful? Provide Feedback