Contents x
    User Audit Log in CEF Format
    • 8 Minutes to read
    • Print
    • PDF
    Contents

    User Audit Log in CEF Format

    • 8 Minutes to read
    • Print
    • PDF
    Article summary

    About this document

    SAFE records all the important user audit logs in the CEF format. This document contains the information about the user's audit log in the SAFE application.

    CEF Log Format


    DateTime hostname CEF:Version|Device Vendor|Device Product|Device Version|Signature ID|Name|Severity|Extension

    Definitions of Prefix Fields

    • hostname is a name of the system on which log is generated
    • Version is an integer and identifies the version of the CEF format. This should be set to 0.
    • Device Vendor, Device Product, and Device Versionare strings that uniquely identify the type of sending device. No two products may use the same device-vendor and device-product pair. There is no central authority managing these pairs. Event producers have to ensure that they assign unique name pairs.
      • DeviceVendor = SAFE Security
      • DeviceProduct = SAFE
      • DeviceVersion = current cycle version
    • Signature ID is a unique identifier per event type. This can be a string or an integer. The signature ID identifies the type of event reported.
    • Name is a string representing a human-readable and understandable description of the event. The event name should not contain information that is specifically mentioned in other fields. For example: “Port scan from 10.0.0.1 targeting 20.1.1.1” is not a good event name. It should be: “port scan”. The other information is redundant and can be picked up from the other fields.
    • Severity is an integer and reflects the importance of the event. Only numbers from 0 to 10 are allowed, where 10 indicates the most important event. We can
    • Extension is a collection of key-value pairs. The keys are part of a predefined set.

    Log format

    Log format
    <timestamp> <hostname> CEF:<version>|<device vendor>|<device product>|<DeviceVersion>|<signature id>|<signature name>|<severity>| <extra key=value> src=<user ip> suser=<email id> suserrole=<role> outcome=<success|failure>

    Note
    src , suser, suserrole, and outcome are mandatory key-value pairs and will get appended at the end of the logs

    Example

    The following example illustrates a CEF message for asset addition:

    Success
    Mar 09 2021 13:56:29 localhost CEF:0|SAFE Security|SAFE|1.2.9.6|302|<signature name>|2| assetGroupName=smart list54 src=10.105.0.1 suser=shubhi.a@lucideustech.com suserrole=Admin outcome=success
    Failure
    Mar 09 2021 13:54:36 localhost CEF:0|SAFE Security|SAFE|1.2.9.6|302|<signature name>|2| assetGroupName=smart list src=10.105.0.1 suser=shubhi.a@lucideustech.com suserrole=Admin outcome=failure reason=<reason>

    Event Taxonomy

    Signature Name

    Example Log

    Application Log

    This signature ID is strictly reserved for internal logs and will not go on client Syslog

    Control Status Changed To Qualified

    Sep 19 2020 08:26:10 localhost CEF:0|SAFE Security|SAFE|1.7|1000|Control Status Changed To Qualified |2|log_level=info controlid=14120001 dvchost=MANOJMAC dvc=192.168.100.12 suser=XXXXX@lucideustech.com suserrole=Admin

    Control Status Changed To Failed

    Sep 19 2020 08:26:10 localhost CEF:0|SAFE Security|SAFE|1.7|1001|Control Status Changed To Failed|4|log_level=info controlid=14120001 dvchost=MANOJMAC dvc=192.168.100.12 suser= XXXXX@lucideustech.com suserrole=Admin

    Control Status Changed To Not Applicable

    Sep 19 2020 08:26:10 localhost CEF:0|SAFE Security|SAFE|1.7|1002|Control Status Changed To Not Applicable|4|log_level=info controlid=14120001 dvchost=MANOJMAC dvc=192.168.100.12 suser= XXXXX @lucideustech.com suserrole=Admin

    Control Status Changed To Not Assessed

    Sep 19 2020 08:26:10 localhost CEF:0|SAFE Security|SAFE|1.7|1003|Control Status Changed To Not Assessed|4|log_level=info controlid=14120001 dvchost=MANOJMAC dvc=192.168.100.12 suser= XXXXX @lucideustech.com suserrole=Admin

    Control Marked As Accepted Failed

    Sep 19 2020 08:26:10 localhost CEF:0|SAFE Security|SAFE|1.7|1004|ControlStatus Changed To Accepted Failed|4|log_level=info controlid=14120001 dvchost=MANOJMAC dvc=192.168.100.12 suser= XXXXX @lucideustech.com suserrole=Admin

    Control Policy Added

    Sep 19 2020 08:26:10 localhost CEF:0|SAFE Security|SAFE|1.7|1051|Control Policy Added|2| src=10.0.0.1 suser= XXXXX@lucideustech.com suserrole=Admin ccp=hr_policy outcome=success

    Control Policy Deleted

    Sep 19 2020 08:26:10 localhost CEF:0|SAFE Security|SAFE|1.7|1052|Control Policy Deleted|2| src=10.0.0.1 suser= XXXXX@lucideustech.com suserrole=Admin ccp=hr_policy outcome=success

    Control Policy 

    Updated

    Sep 19 2020 08:26:10 localhost CEF:0|SAFE Security|SAFE|1.7|1053|Control Policy Updated|2| src=10.0.0.1 suser= XXXXX@lucideustech.com suserrole=Admin ccp=hr_policy outcome=success

    Control Policy 

    Assigned

    Sep 19 2020 08:26:10 localhost CEF:0|SAFE Security|SAFE|1.7|1054|Control Policy Assigned|4| src=10.0.0.1 suser= XXXXX @lucideustech.com suserrole=Admin ccp=hr_policy dvcgroup=puneassetsgroup outcome=success

    Control Policy 

    Unassigned

    Sep 19 2020 08:26:10 localhost CEF:0|SAFE Security|SAFE|1.7|1055|Control Policy Unassigned|4| src=10.0.0.1 suser= XXXXX @lucideustech.com suserrole=Admin ccp=hr_policy dvcgroup=puneassetsgroup outcome=success

    Manual VA Report Upload

    Sep 19 2020 08:26:10 localhost CEF:0|SAFE Security|SAFE|1.7|1200|Manual VA Report Upload |2|log_level=info dvchost=MANOJMAC dvc=192.168.100.12 suser= XXXXX@lucideustech.com suserrole=Admin

    Nessus Report Upload

    Sep 19 2020 08:26:10 localhost CEF:0|SAFE Security|SAFE|1.7|1220|Nessus Report Upload|2|log_level=info suser= XXXXX@lucideustech.com suserrole=Admin

    Qualys Report Upload

    Sep 19 2020 08:26:10 localhost CEF:0|SAFE Security|SAFE|1.7|1240|Qualys Report Upload|2|log_level=info suser= XXXXX@lucideustech.com suserrole=Admin

    Burp Report Upload

    Sep 19 2020 08:26:10 localhost CEF:0|SAFE Security|SAFE|1.7|1260| Burp Report Upload |2|log_level=info suser= XXXXX @lucideustech.com suserrole=Admin

    Asset Deleted

    Sep 19 2020 08:26:10 localhost CEF:0|SAFE Security|SAFE|1.7|200|Asset Deleted|5|log_level=info dvchost=MANOJMAC dvc=192.168.100.12 suser= XXXXX@lucideustech.com suserrole=Admin

    Asset Added

    Sep 19 2020 08:26:10 localhost CEF:0|SAFE Security|SAFE|1.7|200|Asset Added|5|log_level=info dvchost=MANOJMAC dvc=192.168.100.12 suser= XXXXX@lucideustech.com suserrole=Admin

    Asset Retired

    Sep 19 2020 08:26:10 localhost CEF:0|SAFE Security|SAFE|1.7|200|Asset Retired|5|log_level=info dvchost=MANOJMAC dvc=192.168.100.12 suser= XXXXX@lucideustech.com suserrole=Admin

    Asset Group Added

    Sep 19 2020 08:26:10 localhost CEF:0|SAFE Security|SAFE|1.7|2050|Asset Group Added|2|dvcgroup=puneassetsgroup src=10.0.0.1 suser= XXXXX@lucideustech.com suserrole=Admin outcome=success

    Asset Group Deleted

    Sep 19 2020 08:26:10 localhost CEF:0|SAFE Security|SAFE|1.7|2051|Asset Group Deleted|2|dvcgroup=puneassetsgroup src=10.0.0.1 suser= XXXXX@lucideustech.com suserrole=Admin outcome=success

    Asset Group Updated

    Sep 19 2020 08:26:10 localhost CEF:0|SAFE Security|SAFE|1.7|2052|Asset Group Updated|2|src=10.0.0.1 suser= XXXXX@lucideustech.com suserrole=Admin dvcgroup=puneassetsgroup outcome=success

    Login

    Sep 19 2020 08:26:10 preview.lucideus.com CEF:0|SAFE Security|SAFE|1.7|3001|Login|2|log_level=info suser=manoj.m@lucideustech.com outcome=failure reason=captcha failed

    Sep 19 2020 08:26:10 preview.lucideus.com CEF:0|SAFE Security|SAFE|1.7|3001|Login|2|log_level=info suser=manoj.m@lucideustech.com suserrole=Admin outcome=failure reason=Two factor authentication failed

    Sep 19 2020 08:26:10 preview.lucideus.com CEF:0|SAFE Security|SAFE|1.7|3001|Login|2|log_level=info suser=manoj.m@lucideustech.com outcome=failure reason=invalid credentials

    Sep 19 2020 08:26:10 preview.lucideus.com CEF:0|SAFE Security|SAFE|1.7|3001|Login|2|log_level=info suser= XXXXX @lucideustech.com suserrole=Admin outcome=success

    Logout

    Sep 19 2020 08:26:10 preview.lucideus.com CEF:0|SAFE Security|SAFE|1.7|3002|Logout|2|log_level=info suser= XXXXX @lucideustech.com suserrole=Admin outcome=success

    Login via SSO

    Failure: Mar 09 2021 13:54:36 localhost CEF:0|SAFE Security|SAFE|1.2.9.6|3003|Login via SSO|2| src=10.105.0.1 suser= XXXXX @lucideustech.com suserrole=Admin outcome=failure reason=<reason>

    Success: Mar 09 2021 13:54:36 localhost CEF:0|SAFE Security|SAFE|1.2.9.6|3003|Login via SSO|2| src=10.105.0.1 suser= XXXXX @lucideustech.com suserrole=Admin outcome=success

    SSO User Added

    Success: Mar 09 2021 13:54:36 localhost CEF:0|SAFE Security|SAFE|1.2.9.6|4001|SSO User Added|2| src=10.105.0.1 suser= XXXXX @lucideustech.com suserrole=Admin outcome=success

    SSO User Uploaded

    Success: Mar 09 2021 13:54:36 localhost CEF:0|SAFE Security|SAFE|1.2.9.6|4002|SSO User Uploaded|2| src=10.105.0.1 suser= XXXXX @lucideustech.com suserrole=Admin outcome=success

    User Added

    Sep 19 2020 08:26:10 localhost CEF:0|SAFE Security|SAFE|1.7|4010|User Added|2|src=10.0.0.1 duser=abc@safe.security duserrole=Viewer suser= XXXXX @safe.security suserrole=Admin outcome=success

    User Deleted

    Sep 19 2020 08:26:10 localhost CEF:0|SAFE Security|SAFE|1.7|4011|User Deleted|2|src=10.0.0.1 duser=abc@safe.security duserrole=Viewer suser= XXXXX @safe.security suserrole=Admin outcome=success

    Reset User Password

    Sep 19 2020 08:26:10 localhost CEF:0|SAFE Security|SAFE|1.7|4012|Reset User Password|2|src=10.0.0.1 duser=abc@safe.security duserrole=Viewer suser= XXXXX @safe.security suserrole=Admin outcome=success

    Reset Password

    Sep 19 2020 08:26:10 localhost CEF:0|SAFE Security|SAFE|1.7|4013|Reset Password |2|src=10.0.0.1 suser= XXXXX @safe.security suserrole=Admin outcome=success

    AWS Account Confirmed

    Success: Mar 09 2021 13:54:36 localhost CEF:0|SAFE Security|SAFE|1.2.9.6|6001|AWS Account Confirmed|10| accountId=457429430701 src=10.105.0.1 suser= XXXXX @lucideustech.com suserrole=Admin outcome=success

    AWS Account Test Connection

    Failure: Mar 09 2021 13:54:36 localhost CEF:0|SAFE Security|SAFE|1.2.9.6|6003|AWS Account Test Connection|2| accountId=457429430701 src=10.105.0.1 suser= XXXXX @lucideustech.com suserrole=Admin outcome=failure reason=Incorrect Credentials

    Success: Mar 09 2021 13:54:36 localhost CEF:0|SAFE Security|SAFE|1.2.9.6|6003|AWS Account Test Connection|2| accountId=457429430701 src=10.105.0.1 suser= XXXXX@lucideustech.com suserrole=Admin outcome=success

    AWS Account Added

    Success: Mar 09 2021 13:54:36 localhost CEF:0|SAFE Security|SAFE|1.2.9.6|6004|AWS Account Added|10| accountId=457429430701 src=10.105.0.1 suser= XXXXX@lucideustech.com suserrole=Admin outcome=success

    AWS Account Edited

    Success: Mar 09 2021 13:54:36 localhost CEF:0|SAFE Security|SAFE|1.2.9.6|6005|AWS Account Edited|10| accountId=457429430701 src=10.105.0.1 suser= XXXXX @lucideustech.com suserrole=Admin outcome=success

    AWS Account Removed

    Success: Mar 09 2021 13:54:36 localhost CEF:0|SAFE Security|SAFE|1.2.9.6|6006|AWS Account Removed|10| accountId=457429430701 src=10.105.0.1 suser= XXXXX@lucideustech.com suserrole=Admin outcome=success

    AWS Account Linked Assets Auto-Retired

    Success: Mar 09 2021 13:54:36 localhost CEF:0|SAFE Security|SAFE|1.2.9.6|6007|AWS Account Linked Assets Auto-Retired|10| accountId=457429430701 src=10.105.0.1 suser= XXXXX@lucideustech.com suserrole=Admin outcome=success

    AWS Account Scan Initiated

    Success: Mar 09 2021 13:54:36 localhost CEF:0|SAFE Security|SAFE|1.2.9.6|6008|AWS Account Scan Initiated|3| accountId=457429430701 src=10.105.0.1 suser= XXXXX @lucideustech.com suserrole=Admin outcome=success

    AWS Auto-Scan Frequency Changed

    Success: Mar 09 2021 13:54:36 localhost CEF:0|SAFE Security|SAFE|1.2.9.6|6009|AWS Auto-Scan Frequency Changed|4| autoScanFrequency=2 src=10.105.0.1 suser= XXXXX @lucideustech.com suserrole=Admin outcome=success

    Hooks Azure Subscription Confirmed

    Sep 19 2020 08:26:10 localhost CEF:0|SAFE Security|SAFE|1.7|6101|Hooks Azure Subscription Confirmed|10|log_level=info Azure_Subscrition=Test-Subscription suser= XXXXX @lucideustech.com suserrole=Admin

    Hooks Azure Subscription Removed

    Sep 19 2020 08:26:10 localhost CEF:0|SAFE Security|SAFE|1.7|6102|Hooks Azure Subscription Removed|10|log_level=info Azure_Subscrition=Test-Subscription suser= XXXXX @lucideustech.com suserrole=Admin

    Hooks Azure Test Connection

    Sep 19 2020 08:26:10 localhost CEF:0|SAFE Security|SAFE|1.7|6103|Hooks Azure Test Connection|2|log_level=info suser= XXXXX @lucideustech.com suserrole=Admin

    Hooks Azure Configuration Modified

    Sep 19 2020 08:26:10 localhost CEF:0|SAFE Security|SAFE|1.7|6104|Hooks Azure Configuration Modified|7|log_level=info aws_account= 457429430701 suser= XXXXX @lucideustech.com suserrole=Admin

    Activation Key Generated

    Success: Mar 09 2021 13:54:36 localhost CEF:0|SAFE Security|SAFE|1.2.9.6|7001|Activation Key Generated|4| friendlyName=My Activation Key 1 src=10.105.0.1 suser= XXXXX @lucideustech.com suserrole=Admin outcome=success

    Asset Score Simulated

    Success: Mar 09 2021 13:54:36 localhost CEF:0|SAFE Security|SAFE|1.2.9.6|9001|Asset Score Simulated|2| dvchost=MANOJMAC dvc=192.168.100.12 src=10.105.0.1 suser= XXXXX @lucideustech.com suserrole=Admin outcome=success

    Site Coordinator Name Changed

    Success: Mar 09 2021 13:54:36 localhost CEF:0|SAFE Security|SAFE|1.2.9.6|10001|Site Coordinator Name Changed|2| sitehost= sitecord.dev137 src=10.105.0.1 suser=XXXXX@lucideustech.com suserrole=Admin outcome=success

    Site Coordinator Deleted

    Success: Mar 09 2021 13:54:36 localhost CEF:0|SAFE Security|SAFE|1.2.9.6|10002|Site Coordinator Deleted|2| sitehost= sitecord.dev137 src=10.105.0.1 suser= XXXXX @lucideustech.com suserrole=Admin outcome=success

    Initiate first-party scan

    Failure:Mar 09 2021 13:56:29 localhost CEF:0|SAFE Security|SAFE|1.2.9.6|11001|Initiate first party scan|2|stenant={tenantid}| scanId=09d1176e-24b1-46fc-a18b-74acd2a2b7e5 suser= XXXXX @safe.security suserrole=Admin outcome=failure

    Success: Mar 09 2021 13:56:29 localhost CEF:0|SAFE Security|SAFE|1.2.9.6|1100|Initiate first party scan|2|stenant={tenantid}| scanId=09d1176e-24b1-46fc-a18b-74acd2a2b7e5 suser= XXXXX@safe.security suserrole=Admin outcome=success

    Abort first-party scan

    Failure:Mar 09 2021 13:56:29 localhost CEF:0|SAFE Security|SAFE|1.2.9.6|11002|Abort first party scan|2|stenant={tenantid}| scanId=09d1176e-24b1-46fc-a18b-74acd2a2b7e5 suser= XXXXX@safe.security suserrole=Admin outcome=failure

    Success: Mar 09 2021 13:56:29 localhost CEF:0|SAFE Security|SAFE|1.2.9.6|1100|Abort first party scan|2|stenant={tenantid}| scanId=09d1176e-24b1-46fc-a18b-74acd2a2b7e5 suser= XXXXX@safe.security suserrole=Admin outcome=success

    Download CSV for first-party

    Failure:Mar 09 2021 13:56:29 localhost CEF:0|SAFE Security|SAFE|1.2.9.6|11004|Download CSV for first party|2|stenant={tenantid}| suser= XXXXX@safe.security suserrole=Admin outcome=failure

    Success: Mar 09 2021 13:56:29 localhost CEF:0|SAFE Security|SAFE|1.2.9.6|11004|Download CSV for first party|2|stenant={tenantid}| suser= XXXXX@safe.security suserrole=Admin outcome=success

    Download PDF for first-party

    Failure:Mar 09 2021 13:56:29 localhost CEF:0|SAFE Security|SAFE|1.2.9.6|11005|Download PDF for first party|2|stenant={tenantid}| suser= XXXXX@safe.security suserrole=Admin outcome=failure

    Success: Mar 09 2021 13:56:29 localhost CEF:0|SAFE Security|SAFE|1.2.9.6|11005|Download PDF for first party|2|stenant={tenantid}| suser= XXXXX@safe.security suserrole=Admin outcome=success

    Add Third-party

    Failure:Mar 09 2021 13:56:29 localhost CEF:0|SAFE Security|SAFE|1.2.9.6|11006|Add Third Party|2|stenant={tenantid}| suser= XXXXX@safe.security suserrole=Admin outcome=failure

    Success: Mar 09 2021 13:56:29 localhost CEF:0|SAFE Security|SAFE|1.2.9.6|11006|Addition of Third Party|2|stenant={tenantid}| suser= XXXXX@safe.security suserrole=Admin outcome=success

    Initiate Third-party scan

    Failure:Mar 09 2021 13:56:29 localhost CEF:0|SAFE Security|SAFE|1.2.9.6|11007|Initiate third party scan|2|stenant={tenantid}| suser= XXXXX@safe.security suserrole=Admin outcome=failure

    Success: Mar 09 2021 13:56:29 localhost CEF:0|SAFE Security|SAFE|1.2.9.6|11007|Third party scan initiated|2|stenant={tenantid}| suser= XXXXX@safe.security suserrole=Admin outcome=success

    Abort Third-party scan

    Failure:Mar 09 2021 13:56:29 localhost CEF:0|SAFE Security|SAFE|1.2.9.6|11008|Abort third party scan|2|stenant={tenantid}| suser=xxxx@safe.security suserrole=Admin outcome=failure

    Success: Mar 09 2021 13:56:29 localhost CEF:0|SAFE Security|SAFE|1.2.9.6|11008|Third party scan aborted|2|stenant={tenantid}| suser=xxxxx@safe.security suserrole=Admin outcome=success

    Download CSV for Third-party

    Failure:Mar 09 2021 13:56:29 localhost CEF:0|SAFE Security|SAFE|1.2.9.6|11010|Download CSV for third party|2|stenant={tenantid}| suser=xxxx@safe.security suserrole=Admin outcome=failure

    Success: Mar 09 2021 13:56:29 localhost CEF:0|SAFE Security|SAFE|1.2.9.6|11010|Download CSV for third party|2|stenant={tenantid}| suser=xxxxx@safe.security suserrole=Admin outcome=success

    Download PDF for Third-party

    Failure:Mar 09 2021 13:56:29 localhost CEF:0|SAFE Security|SAFE|1.2.9.6|11011| Download PDF for third party|2|stenant={tenantid}| suser=xxxxx@safe.security suserrole=Admin outcome=failure

    Success: Mar 09 2021 13:56:29 localhost CEF:0|SAFE Security|SAFE|1.2.9.6|11011| Download PDF for third party|2|stenant={tenantid}| suser=xxxxx@safe.security suserrole=Admin outcome=success

    Remove Third-Party

    Failure:Mar 09 2021 13:56:29 localhost CEF:0|SAFE Security|SAFE|1.2.9.6|11012|Remove Third Party|2|stenant={tenantid}| suser=manoj.m@safe.security suserrole=Admin outcome=failure

    Success: Mar 09 2021 13:56:29 localhost CEF:0|SAFE Security|SAFE|1.2.9.6|11012| Removal of Third Party|2|stenant={tenantid}| suser=xxxxxx@safe.security suserrole=Admin outcome=success

    Save SAFE ID

    Success: Mar 09 2021 13:54:36 localhost CEF:0|SAFE Security|SAFE|1.2.9.6|12001| Save |2|suser=xxxxx@lucideustech.com suserrole=Admin outcome=success

    Failure: Mar 09 2021 13:54:36 localhost CEF:0|SAFE Security|SAFE|1.2.9.6|12001|Safe ID saved successfully|2|suser=xxxxx@lucideustech.com suserrole=Admin outcome=failure

    Key-Value Pairs

    Key Name

    Full Name

    Data Type

    Length

    Meaning

    dvchost

    deviceHostName

    String

    100

    Identifies the name of an asset Example: MANOJMAC

    dvc

    deviceAddress

    IPV4 Address

    16

    Identifies the IP address of an asset Example: 192.168.10.1

    dvcgroup

    deviceGroupName

    String

    100

    Identifies the asset group name 

    Example: PuneAssetGroup

    suser

    sourceUserName

    String

    1023

    Identifies the user who has initiated action. For example xxxxxxxx@lucideustech.com

    suserrole

    sourceUserRole

    String

    1023

    identifies the role of the user who has initiated action. 

    For example Admin

    duser

    destinationUserName

    String

    1023

    Identifies the user by destination. This is the user associated with the events destination.  Example: xyz@lucideustech.com

    duser

    destinationUserRole

    String

    1023

    Identifies the role of the destination user. Example: Admin/Viewer/Auditor

    controlid

    controlid

    Integer


    Identified the control id of the control 

    Example: 14120001

    outcome

    outcome

    String

    100

    The outcome of an event where required

    Example: Success or Failure

    reason

    reason

    string

    1024

    Captcha Failed

    container

    container

    string

    100

    Identifies the container id

    Example: php[300]

    src

    SourceAddress

    String


    Identifies the IP from which the request is made

    accountId

    awsAccountId

    String


    Identifies the AWS account ID

    Example: 457429430701

    autoScanFrequency

    awsAutoScanFrequency

    Integer


    Identifies the number of days set as Global AWS Auto Scan Frequency

    Example: 2

    friendlyName

    activationKeyFriendlyName

    String


    Identifies the Activation key by its friendly name

    Example: My Activation Key 1

    sitehost

    siteHostname



    Identifies the site coordinator hostname

    Example: sitecord.dev137

    from_scan_time

    fromScanTime



    Identifies the “from” value in scan time in agent global policy

    Example: 3:00pm

    to_scan_time

    toScanTime



    Identifies the “to” value in scan time in agent global policy

    Example: 4:00pm

    log_level

    logLevel



    Identifies the log level set in agent global policy

    Example: DEBUG

    udp

    udpHeartbeat



    Identifies the UDP heartbeat interval in agent global policy

    Example: 30

    http

    httpHeartbeat



    Identifies the HTTP heartbeat interval in agent global policy

    Example: 30

    syslog

    syslog



    Identifies Syslog value in agent global policy

    Example: enabled

    roaming

    roaming



    Identifies roaming value in agent global policy

    Example: enabled

    services

    servicesDetection



    Identifies services detection value in agent global policy

    Example: enabled

    agent_update

    agentUpdate



    Identifies automatic agent update value in agent global policy

    Example: enabled

    content_update

    contentUpdate



    Identifies automatic content update value in agent global policy

    Example: enabled

    stenant

    tenantId

    String

    32

    Identifies the user Id of the safe-enterprise API user.

    Example: safeentuseralphanumeric32

    scanId

    scanId

    String

    100

    Identifies the unique token for the assessment, which links to the associated AWS resources.

    Example: 09d1176e-24b1-46fc-a18b-74acd2a2b7

    ccp

    custom control policy 

    String

    32

    Identifies the name of custom control policy. 

    Example: HR_Policy, Dev_Policy



    Was this article helpful?
    What's Next