auditLog
Represents a detailed audit log entry capturing system events and user actions.
Examples
type AuditLog {
id: String!
date: DateTime!
logType: LogType!
logName: LogName!
userId: String!
userEmail: String!
name: String
appId: String
appName: String
registry: String
dockerfile: String
connector: String
credentialsType: String
resourceCount: Float
resources: [String!]
branches: [MultipliedBranchWithReason!]
repoName: String
reposCount: Float
hostUrl: String
monitorAllResources: Boolean
scanId: String
enabledConnectors: [String!]
loginType: String
domain: String
memberEmail: String
disclaimerType: String
memberRoles: [String!]
memberScopes: String
appNames: [String]
businessPriority: Float
owners: [String!]
ownersWithRoles: [Owner!]
roles: [String!]
generatedForOrg: Boolean
downloadFormat: String
generatedFrom: String
comment: String
excluded: Boolean
removed: Boolean
issueName: String
issueId: String
profileId: String
profileName: String
activeProfile: Boolean
settingsType: String
disabled: Boolean
configured: Float
textArr: String
policies: [LogPolicy!]
slackUser: String
channel: String
key: String
ticketId: String
ticketingVendor: String
messagingVendor: String
user: String
link: String
categoryName: String
categoryId: Float
expiredAt: DateTime
prId: String
prURL: String
sourceControlType: String
aggItems: String
excludedIssues: [ExcludedIssue!]
fixTitle: String
severity: String
oldSeverity: String
tagsAdded: [String!]
tagsRemoved: [String!]
workflowType: String
workflowName: String
nodeName: String
nodeType: String
workflowId: String
description: String
enabled: Boolean
monitorAllNewlyCreatedRepositories: Float
monitoredApps: [String!]
secretName: String
filterName: String
pageName: String
apiKeyName: String
apiKeyType: String
createdBy: String
apiKeyCreatedAt: DateTime
apiKeyExpiredAt: DateTime
orgUnitName: String
orgUnitId: ID
tags: [String!]
pipelineSettingsV2: PipelineSettingsV2
children: [ID!]
updateSlaSettings: String
irrelevantComment: String
sla: Float
emailType: String
emailSubject: String
}Fields
id String!
Unique identifier of the audit log entry
date DateTime!
Timestamp when the event occurred. Records are automatically expired after 365 days
userId String!
Unique identifier of the user who performed the action
userEmail String!
Email address of the user who performed the action
name String
Name of the container or organization involved in the event
appId String
Unique identifier of the application associated with the container
appName String
Name of the application associated with the container
registry String
Container registry information
dockerfile String
Path or content of the Dockerfile used
connector String
Name or identifier of the external service connector
credentialsType String
Type of credentials used for authentication
resourceCount Float
Number of resources affected or monitored
resources [String!]
List of resource identifiers being monitored
branches [MultipliedBranchWithReason!]
List of branches selected for scanning with their selection reasons
branch String!
reason String!
repoName String
Name of the repository being scanned
reposCount Float
Total number of repositories affected
hostUrl String
URL of the external service or repository host
monitorAllResources Boolean
Whether all available resources are being monitored
scanId String
Unique identifier of the security scan
enabledConnectors [String!]
List of connectors enabled for the scan
loginType String
Authentication method used for login
domain String
Domain associated with the authentication or login event
memberEmail String
Email address of the member involved in the event
disclaimerType String
Type of disclaimer that was accepted
memberRoles [String!]
Roles assigned to the member
memberScopes String
Permission scopes granted to the member
appNames [String]
Names of applications involved in the event
businessPriority Float
Business priority level assigned to the application
owners [String!]
List of application owner identifiers
ownersWithRoles [Owner!]
Detailed information about application owners including their roles
owner String
email String
roles [String!]
roles [String!]
List of roles associated with the event
generatedForOrg Boolean
Indicates if the file was generated for the entire organization
downloadFormat String
Format of the downloaded file (e.g., JSON, CSV)
generatedFrom String
Source or context from which the file was generated
comment String
User-provided comment or explanation for the action
excluded Boolean
Indicates if an issue was marked as a false positive
removed Boolean
Indicates if a resolved issue was marked as incorrectly resolved
issueName String
Name or title of the security issue
issueId String
Unique identifier of the security issue
profileId String
Identifier of the security policy profile
profileName String
Name of the security policy profile
activeProfile Boolean
Indicates if this is the active security policy profile
settingsType String
Type of system settings being modified
disabled Boolean
Indicates if the feature or setting is disabled
configured Float
Configuration value or count
textArr String
Array of text values in string format
policies [LogPolicy!]
List of security policies affected by the event
policyId String
policyName String
categoryName String
enabled Boolean
severity String
oldIssues String
newIssues String
args String
slackUser String
Slack username associated with the event
channel String
Slack channel where the notification was sent
key String
Unique key or identifier in the external system
ticketId String
Ticket identifier in the external ticketing system
ticketingVendor String
Name of the ticketing system vendor (e.g., Jira, ServiceNow)
messagingVendor String
Name of the messaging system vendor
user String
Username in the external system
link String
URL or link to the external resource
categoryName String
Category name of the security issue or code fix
categoryId Float
Numeric identifier of the issue category
expiredAt DateTime
Expiration date of the exclusion
prId String
Pull request identifier
prURL String
URL of the pull request
sourceControlType String
Type of source control system (e.g., GitHub, GitLab)
aggItems String
Aggregated items in string format
excludedIssues [ExcludedIssue!]
List of issues excluded from security scanning
appNames [String!]
issueId String!
issueName String!
categoryName String!
comment String
expiredAt String
fixTitle String
Title of the applied fix
severity String
Current severity level of the issue
oldSeverity String
Previous severity level of the issue
tagsAdded [String!]
Tags added to the application
tagsRemoved [String!]
Tags removed from the application
workflowType String
Type of the policy workflow
workflowName String
Name of the policy workflow
nodeName String
Name of the workflow node
nodeType String
Type of the workflow node
workflowId String
Unique identifier of the workflow
description String
Description of the workflow
enabled Boolean
Indicates if the workflow is enabled
monitorAllNewlyCreatedRepositories Float
Number of newly created repositories to monitor
monitoredApps [String!]
List of applications being monitored by the workflow
secretName String
Name of the secret
filterName String
Name of the saved filter
pageName String
Page where the filter is applied
apiKeyName String
Name of the API key
apiKeyType String
Type of the API key
createdBy String
User who created the API key
apiKeyCreatedAt DateTime
Creation date of the API key
apiKeyExpiredAt DateTime
Expiration date of the API key
orgUnitName String
Name of the organization unit
orgUnitId ID
Unique identifier of the organization unit
tags [String!]
Tags associated with the organization unit
pipelineSettingsV2 PipelineSettingsV2
Enhanced CI/CD pipeline configuration settings
isDefaultSettings Boolean!
isGithubConnected Boolean
isBitbucketConnected Boolean
isGitlabConnected Boolean
apps JSONObject
settings JSONObject
branchSettings JSONObject
children [ID!]
Child organization unit identifiers
updateSlaSettings String
Changes made to SLA settings
irrelevantComment String
Reason for marking an application as irrelevant
sla Float
SLA time value in hours
emailType String
Type of email notification sent
emailSubject String
Subject line of the email notification
References
Queries using this object:
Last updated