Skip to main content
Skip table of contents

V 2.0 : Admin Audit Logs

Vendor Documentation


Rule NameRule TypeCommon EventClassification
V 2.0 : Admin Audit LogsBase RuleGeneral Audit MessagesInformation
V 2.0 : Audit Logs CreatedSub RuleObject CreatedAccess Success
V 2.0 : Audit Logs DeletedSub RuleObject Deleted/RemovedAccess Success
V 2.0 : Audit Logs UpdatedSub RuleObject ModifiedAccess Success

Mapping with LogRhythm Schema

Device Key in Log Message

LogRhythm Schema

Data Type

Schema Description

IDN/AN/AA unique identifier of the audit event.
TimestampN/AN/AThe date and time when this request was made, in UTC. This is different than the Umbrella dashboard, which converts the time to your specified time zone.
Email<account>Text/StringThe email of the user that triggered the event.
User<login>Text/StringThe account name of the user who created the change.
Type<object>Text/StringWhere the change was made, such as settings or a policy.



Text/StringThe type of change made, such as Create, Update, or Delete.
Logged in from<sip>IP AddressThe user's IP source.
BeforeN/AN/AThe policy or setting before the change was made.
AfterN/AN/AThe policy or setting after the change was made.
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.