search
Book a demo

auditLog

Represents a detailed audit log entry capturing system events and user actions.

hashtag
Examples

type AuditLog {
  id: String!
  date: DateTime!
  logType: LogType!
  logName: LogName!
  userId: String!
  userEmail: String!
  name: String
  appId: String
  appName: String
  registry: String
  dockerfile: String
  connector: String
  credentialsType: String
  resourceCount: Float
  resources: [String!]
  branches: [MultipliedBranchWithReason!]
  repoName: String
  reposCount: Float
  hostUrl: String
  monitorAllResources: Boolean
  scanId: String
  enabledConnectors: [String!]
  loginType: String
  domain: String
  memberEmail: String
  disclaimerType: String
  memberRoles: [String!]
  memberScopes: String
  appNames: [String]
  businessPriority: Float
  owners: [String!]
  ownersWithRoles: [Owner!]
  roles: [String!]
  generatedForOrg: Boolean
  downloadFormat: String
  generatedFrom: String
  comment: String
  excluded: Boolean
  removed: Boolean
  issueName: String
  issueId: String
  profileId: String
  profileName: String
  activeProfile: Boolean
  settingsType: String
  disabled: Boolean
  configured: Float
  textArr: String
  policies: [LogPolicy!]
  slackUser: String
  channel: String
  key: String
  ticketId: String
  ticketingVendor: String
  messagingVendor: String
  user: String
  link: String
  categoryName: String
  categoryId: Float
  expiredAt: DateTime
  prId: String
  prURL: String
  sourceControlType: String
  aggItems: String
  excludedIssues: [ExcludedIssue!]
  fixTitle: String
  severity: String
  oldSeverity: String
  tagsAdded: [String!]
  tagsRemoved: [String!]
  workflowType: String
  workflowName: String
  nodeName: String
  nodeType: String
  workflowId: String
  description: String
  enabled: Boolean
  monitorAllNewlyCreatedRepositories: Float
  monitoredApps: [String!]
  secretName: String
  filterName: String
  pageName: String
  apiKeyName: String
  apiKeyType: String
  createdBy: String
  apiKeyCreatedAt: DateTime
  apiKeyExpiredAt: DateTime
  orgUnitName: String
  orgUnitId: ID
  tags: [String!]
  pipelineSettingsV2: PipelineSettingsV2
  children: [ID!]
  updateSlaSettings: String
  irrelevantComment: String
  sla: Float
  emailType: String
  emailSubject: String
  triageStatus: String
  actionType: String
  changes: [String!]
  fileName: String
  fileType: String
  title: String
  domainType: String
  targetUrl: String
  env: String
  authMethod: String
  previousValues: PreviousTargetValues
}

hashtag
Fields

Field
Description
Supported fields

id String!

Unique identifier of the audit log entry

date DateTime!

Timestamp when the event occurred. Records are automatically expired after 365 days

logType LogType!

Category of the event (e.g., Authentication, Login, Scan)

logName LogName!

Specific action or event name within the category

userId String!

Unique identifier of the user who performed the action

userEmail String!

Email address of the user who performed the action

name String

Name of the container or organization involved in the event

appId String

Unique identifier of the application associated with the container

appName String

Name of the application associated with the container

registry String

Container registry information

dockerfile String

Path or content of the Dockerfile used

connector String

Name or identifier of the external service connector

credentialsType String

Type of credentials used for authentication

resourceCount Float

Number of resources affected or monitored

resources [String!]

List of resource identifiers being monitored

branches [MultipliedBranchWithReason!]

List of branches selected for scanning with their selection reasons

branch String! reason String!

repoName String

Name of the repository being scanned

reposCount Float

Total number of repositories affected

hostUrl String

URL of the external service or repository host

monitorAllResources Boolean

Whether all available resources are being monitored

scanId String

Unique identifier of the security scan

enabledConnectors [String!]

List of connectors enabled for the scan

loginType String

Authentication method used for login

domain String

Domain associated with the authentication or login event

memberEmail String

Email address of the member involved in the event

disclaimerType String

Type of disclaimer that was accepted

memberRoles [String!]

Roles assigned to the member

memberScopes String

Permission scopes granted to the member

appNames [String]

Names of applications involved in the event

businessPriority Float

Business priority level assigned to the application

owners [String!]

List of application owner identifiers

ownersWithRoles [Owner!]

Detailed information about application owners including their roles

owner String email String roles [String!]

roles [String!]

List of roles associated with the event

generatedForOrg Boolean

Indicates if the file was generated for the entire organization

downloadFormat String

Format of the downloaded file (e.g., JSON, CSV)

generatedFrom String

Source or context from which the file was generated

comment String

User-provided comment or explanation for the action

excluded Boolean

Indicates if an issue was marked as a false positive

removed Boolean

Indicates if a resolved issue was marked as incorrectly resolved

issueName String

Name or title of the security issue

issueId String

Unique identifier of the security issue

profileId String

Identifier of the security policy profile

profileName String

Name of the security policy profile

activeProfile Boolean

Indicates if this is the active security policy profile

settingsType String

Type of system settings being modified

disabled Boolean

Indicates if the feature or setting is disabled

configured Float

Configuration value or count

textArr String

Array of text values in string format

policies [LogPolicy!]

List of security policies affected by the event

policyId String policyName String categoryName String enabled Boolean severity String oldIssues String newIssues String args String

slackUser String

Slack username associated with the event

channel String

Slack channel where the notification was sent

key String

Unique key or identifier in the external system

ticketId String

Ticket identifier in the external ticketing system

ticketingVendor String

Name of the ticketing system vendor (e.g., Jira, ServiceNow)

messagingVendor String

Name of the messaging system vendor

user String

Username in the external system

link String

URL or link to the external resource

categoryName String

Category name of the security issue or code fix

categoryId Float

Numeric identifier of the issue category

expiredAt DateTime

Expiration date of the exclusion

prId String

Pull request identifier

prURL String

URL of the pull request

sourceControlType String

Type of source control system (e.g., GitHub, GitLab)

aggItems String

Aggregated items in string format

excludedIssues [ExcludedIssue!]

List of issues excluded from security scanning

appNames [String!] issueId String! issueName String! categoryName String! comment String expiredAt String

fixTitle String

Title of the applied fix

severity String

Current severity level of the issue

oldSeverity String

Previous severity level of the issue

tagsAdded [String!]

Tags added to the application

tagsRemoved [String!]

Tags removed from the application

workflowType String

Type of the policy workflow

workflowName String

Name of the policy workflow

nodeName String

Name of the workflow node

nodeType String

Type of the workflow node

workflowId String

Unique identifier of the workflow

description String

Description of the workflow

enabled Boolean

Indicates if the workflow is enabled

monitorAllNewlyCreatedRepositories Float

Number of newly created repositories to monitor

monitoredApps [String!]

List of applications being monitored by the workflow

secretName String

Name of the secret

filterName String

Name of the saved filter

pageName String

Page where the filter is applied

apiKeyName String

Name of the API key

apiKeyType String

Type of the API key

createdBy String

User who created the API key

apiKeyCreatedAt DateTime

Creation date of the API key

apiKeyExpiredAt DateTime

Expiration date of the API key

orgUnitName String

Name of the organization unit

orgUnitId ID

Unique identifier of the organization unit

tags [String!]

Tags associated with the organization unit

pipelineSettingsV2 PipelineSettingsV2

Enhanced CI/CD pipeline configuration settings

isDefaultSettings Boolean! isGithubConnected Boolean isBitbucketConnected Boolean isGitlabConnected Boolean apps JSONObject settings JSONObject branchSettings JSONObject

children [ID!]

Child organization unit identifiers

updateSlaSettings String

Changes made to SLA settings

irrelevantComment String

Reason for marking an application as irrelevant

sla Float

SLA time value in hours

emailType String

Type of email notification sent

emailSubject String

Subject line of the email notification

triageStatus String

Triage status of the issue

actionType String

Action type of the audit logs export

changes [String!]

Changes made to the audit logs export

fileName String

Imported File Name

fileType String

Imported File Type

title String

Title or name of the DAST scanning target

domainType String

Type or classification of the domain being scanned

targetUrl String

URL of the target being scanned by DAST

env String

Environment classification of the target (e.g., production, staging, development)

authMethod String

Authentication method used to access the DAST target

previousValues PreviousTargetValues

Previous values of the target configuration before modification (used in Edit operations)

title String domainType String targetUrl String env String authMethod String

hashtag
References

hashtag
Queries using this object:

Last updated