# auditLog
Represents a detailed audit log entry capturing system events and user actions.
### Examples
```graphql
type AuditLog {
id: String!
date: DateTime!
logType: LogType!
logName: LogName!
userId: String!
userEmail: String!
name: String
appId: String
appName: String
registry: String
dockerfile: String
connector: String
credentialsType: String
credentialName: String
resourceCount: Float
resources: [String!]
branches: [MultipliedBranchWithReason!]
repoName: String
reposCount: Float
hostUrl: String
monitorAllResources: Boolean
scanId: String
enabledConnectors: [String!]
loginType: String
domain: String
memberEmail: String
disclaimerType: String
memberRoles: [String!]
memberScopes: String
appNames: [String]
isDastOnlyScan: Boolean
dastTargetIds: [String!]
dastTargetNames: [String!]
businessPriority: Float
owners: [String!]
ownersWithRoles: [Owner!]
roles: [String!]
generatedForOrg: Boolean
downloadFormat: String
generatedFrom: String
comment: String
commentId: String
excluded: Boolean
removed: Boolean
issueName: String
issueId: String
profileId: String
profileName: String
activeProfile: Boolean
settingsType: String
disabled: Boolean
configured: Float
textArr: [String!]
policies: [LogPolicy!]
slackUser: String
channel: String
key: String
ticketId: String
ticketingVendor: String
messagingVendor: String
user: String
link: String
categoryName: String
categoryId: Float
expiredAt: DateTime
prId: String
prURL: String
sourceControlType: String
aggItems: String
excludedIssues: [ExcludedIssue!]
issues: [JiraIssueDetailType!]
fixTitle: String
severity: String
oldSeverity: String
newOwnerName: String
newOwnerEmail: String
oldOwnerName: String
oldOwnerEmail: String
tagsAdded: [String!]
tagsRemoved: [String!]
workflowType: String
workflowName: String
nodeName: String
nodeType: String
workflowId: String
description: String
enabled: Boolean
monitorAllNewlyCreatedRepositories: Float
monitoredApps: [String!]
secretName: String
filterName: String
pageName: String
apiKeyName: String
apiKeyType: String
createdBy: String
apiKeyCreatedAt: DateTime
apiKeyExpiredAt: DateTime
orgUnitName: String
orgUnitId: ID
tags: [String!]
pipelineSettingsV2: PipelineSettingsV2
children: [ID!]
updateSlaSettings: String
irrelevantComment: String
sla: Float
emailType: String
emailSubject: String
triageStatus: String
actionType: String
changes: [String!]
fileName: String
fileType: String
title: String
domainType: String
targetUrl: String
env: String
authMethod: String
previousValues: PreviousTargetValues
branch: String
customRoleLogData: customRoleLogData
tableRowsChanges: TableRowsChangeSet
notificationSettings: [NotificationSettingItem!]
}
```
### Fields
| Field | Description | Supported fields |
| ------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| id `String!` | Unique identifier of the audit log entry | |
| date `DateTime!` | Timestamp when the event occurred. Records are automatically expired after 365 days | |
| logType [`LogType!`](/api-documentation/api-reference/api--audit/types/enums/log-type.md) | Category of the event (e.g., Authentication, Login, Scan) | |
| logName [`LogName!`](/api-documentation/api-reference/api--audit/types/enums/log-name.md) | Specific action or event name within the category | |
| userId `String!` | Unique identifier of the user who performed the action | |
| userEmail `String!` | Email address of the user who performed the action | |
| name `String` | Name of the container or organization involved in the event | |
| appId `String` | Unique identifier of the application associated with the container | |
| appName `String` | Name of the application associated with the container | |
| registry `String` | Container registry information | |
| dockerfile `String` | Path or content of the Dockerfile used | |
| connector `String` | Name or identifier of the external service connector | |
| credentialsType `String` | Type of credentials used for authentication | |
| credentialName `String` | Name of the credential used for the connector | |
| resourceCount `Float` | Number of resources affected or monitored | |
| resources `[String!]` | List of resource identifiers being monitored | |
| branches [`[MultipliedBranchWithReason!]`](/api-documentation/api-reference/api--audit/types/objects/multiplied-branch-with-reason.md) | List of branches selected for scanning with their selection reasons | branch String!
reason String!
|
| repoName `String` | Name of the repository being scanned | |
| reposCount `Float` | Total number of repositories affected | |
| hostUrl `String` | URL of the external service or repository host | |
| monitorAllResources `Boolean` | Whether all available resources are being monitored | |
| scanId `String` | Unique identifier of the security scan | |
| enabledConnectors `[String!]` | List of connectors enabled for the scan | |
| loginType `String` | Authentication method used for login | |
| domain `String` | Domain associated with the authentication or login event | |
| memberEmail `String` | Email address of the member involved in the event | |
| disclaimerType `String` | Type of disclaimer that was accepted | |
| memberRoles `[String!]` | Roles assigned to the member | |
| memberScopes `String` | Permission scopes granted to the member | |
| appNames `[String]` | Names of applications involved in the event | |
| isDastOnlyScan `Boolean` | Indicates whether the scan was an Agentic Pentester scan | |
| dastTargetIds `[String!]` | IDs of Agentic Pentester targets included in the scan. Empty when the scan covers all targets. | |
| dastTargetNames `[String!]` | Human-readable names of Agentic Pentester targets included in the scan. Empty when the scan covers all targets. | |
| businessPriority `Float` | Business priority level assigned to the application | |
| owners `[String!]` | List of application owner identifiers | |
| ownersWithRoles [`[Owner!]`](/api-documentation/api-reference/api--audit/types/objects/owner.md) | Detailed information about application owners including their roles | owner String
email String
roles \[String!]
|
| roles `[String!]` | List of roles associated with the event | |
| generatedForOrg `Boolean` | Indicates if the file was generated for the entire organization | |
| downloadFormat `String` | Format of the downloaded file (e.g., JSON, CSV) | |
| generatedFrom `String` | Source or context from which the file was generated | |
| comment `String` | User-provided comment or explanation for the action | |
| commentId `String` | Unique identifier of a specific comment on an issue | |
| excluded `Boolean` | Indicates if an issue was marked as a false positive | |
| removed `Boolean` | Indicates if a resolved issue was marked as incorrectly resolved | |
| issueName `String` | Name or title of the security issue | |
| issueId `String` | Unique identifier of the security issue | |
| profileId `String` | Identifier of the security policy profile | |
| profileName `String` | Name of the security policy profile | |
| activeProfile `Boolean` | Indicates if this is the active security policy profile | |
| settingsType `String` | Type of system settings being modified | |
| disabled `Boolean` | Indicates if the feature or setting is disabled | |
| configured `Float` | Configuration value or count | |
| textArr `[String!]` | Array of text values in string format | |
| policies [`[LogPolicy!]`](/api-documentation/api-reference/api--audit/types/objects/log-policy.md) | List of security policies affected by the event | policyId String
policyName String
categoryName String
enabled Boolean
severity String
oldIssues String
newIssues String
args String
|
| slackUser `String` | Slack username associated with the event | |
| channel `String` | Slack channel where the notification was sent | |
| key `String` | Unique key or identifier in the external system | |
| ticketId `String` | Ticket identifier in the external ticketing system | |
| ticketingVendor `String` | Name of the ticketing system vendor (e.g., Jira, ServiceNow) | |
| messagingVendor `String` | Name of the messaging system vendor | |
| user `String` | Username in the external system | |
| link `String` | URL or link to the external resource | |
| categoryName `String` | Category name of the security issue or code fix | |
| categoryId `Float` | Numeric identifier of the issue category | |
| expiredAt `DateTime` | Expiration date of the exclusion | |
| prId `String` | Pull request identifier | |
| prURL `String` | URL of the pull request | |
| sourceControlType `String` | Type of source control system (e.g., GitHub, GitLab) | |
| aggItems `String` | Aggregated items in string format | |
| excludedIssues [`[ExcludedIssue!]`](/api-documentation/api-reference/api--audit/types/objects/excluded-issue.md) | List of issues excluded from security scanning | appNames \[String!]
issueId String!
issueName String!
categoryName String!
comment String
expiredAt String
|
| issues [`[JiraIssueDetailType!]`](/api-documentation/api-reference/api--audit/types/objects/jira-issue-detail-type.md) | List of issues for multi-issue Jira tickets | issueId String!
issueName String
|
| fixTitle `String` | Title of the applied fix | |
| severity `String` | Current severity level of the issue | |
| oldSeverity `String` | Previous severity level of the issue | |
| newOwnerName `String` | Name of the new issue owner | |
| newOwnerEmail `String` | Email of the new issue owner | |
| oldOwnerName `String` | Name of the previous issue owner | |
| oldOwnerEmail `String` | Email of the previous issue owner | |
| tagsAdded `[String!]` | Tags added to the application | |
| tagsRemoved `[String!]` | Tags removed from the application | |
| workflowType `String` | Type of the policy workflow | |
| workflowName `String` | Name of the policy workflow | |
| nodeName `String` | Name of the workflow node | |
| nodeType `String` | Type of the workflow node | |
| workflowId `String` | Unique identifier of the workflow | |
| description `String` | Description of the workflow | |
| enabled `Boolean` | Indicates if the workflow is enabled | |
| monitorAllNewlyCreatedRepositories `Float` | Number of newly created repositories to monitor | |
| monitoredApps `[String!]` | List of applications being monitored by the workflow | |
| secretName `String` | Name of the secret | |
| filterName `String` | Name of the saved filter | |
| pageName `String` | Page where the filter is applied | |
| apiKeyName `String` | Name of the API key | |
| apiKeyType `String` | Type of the API key | |
| createdBy `String` | User who created the API key | |
| apiKeyCreatedAt `DateTime` | Creation date of the API key | |
| apiKeyExpiredAt `DateTime` | Expiration date of the API key | |
| orgUnitName `String` | Name of the organization unit | |
| orgUnitId `ID` | Unique identifier of the organization unit | |
| tags `[String!]` | Tags associated with the organization unit | |
| pipelineSettingsV2 [`PipelineSettingsV2`](/api-documentation/api-reference/api--audit/types/objects/pipeline-settings-v2.md) | Enhanced CI/CD pipeline configuration settings | isDefaultSettings Boolean!
isGithubConnected Boolean
isBitbucketConnected Boolean
isGitlabConnected Boolean
apps JSONObject
settings JSONObject
branchSettings JSONObject
|
| children `[ID!]` | Child organization unit identifiers | |
| updateSlaSettings `String` | Changes made to SLA settings | |
| irrelevantComment `String` | Reason for marking an application as irrelevant | |
| sla `Float` | SLA time value in hours | |
| emailType `String` | Type of email notification sent | |
| emailSubject `String` | Subject line of the email notification | |
| triageStatus `String` | Triage status of the issue | |
| actionType `String` | Action type of the audit logs export | |
| changes `[String!]` | Changes made to the audit logs export | |
| fileName `String` | Imported File Name | |
| fileType `String` | Imported File Type | |
| title `String` | Title or name of the Agentic Pentest scanning target | |
| domainType `String` | Type or classification of the domain being scanned | |
| targetUrl `String` | URL of the target being scanned by Agentic Pentest | |
| env `String` | Environment classification of the target (e.g., production, staging, development) | |
| authMethod `String` | Authentication method used to access the Agentic Pentest target | |
| previousValues [`PreviousTargetValues`](/api-documentation/api-reference/api--audit/types/objects/previous-target-values.md) | Previous values of the target configuration before modification (used in Edit operations) | title String
domainType String
targetUrl String
env String
authMethod String
|
| branch `String` | Name of the branch being scanned | |
| customRoleLogData [`customRoleLogData`](/api-documentation/api-reference/api--audit/types/objects/custom-role-log-data.md) | Custom Role details | name String!
displayName String!
assignablePermissions \[AssignablePermission!]
previousDisplayName String
previousAssignablePermissions \[AssignablePermission!]
|
| tableRowsChanges [`TableRowsChangeSet`](/api-documentation/api-reference/api--audit/types/objects/table-rows-change-set.md) | Table rows changes | deleted \[TableRowChangeItem!]
added \[TableRowChangeItem!]
|
| notificationSettings [`[NotificationSettingItem!]`](/api-documentation/api-reference/api--audit/types/objects/notification-setting-item.md) | Notification settings configuration | type NotificationSettingsType!
enabled Boolean!
channels NotificationChannelSetting
|
### References
#### Queries using this object:
* [\ getLogs](/api-documentation/api-reference/api--audit/queries/get-logs.md)
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.ox.security/api-documentation/api-reference/api--audit/types/objects/audit-log.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.