Hi Team,
We have seen EventID is being generated in Audit Trail reports whenever the action in Update/Show/Create in Object Type such as ENDPOINT, SECURITY_SYTEM, GLOBAL_CONFIGURATION, ECM_EMAIL_TEMPLATE, DATA_ANALYZER and few more.
We want to understand how are these EventID being generated in Audit trail and what is the significance of such event ID and how can they be interpreted to understand the action taken on some Objects in Saviynt.
We can see same thing being generated inside the DETAIL column of userlogin_access without the Letter S/U/C appended in the id value:
select ua.TYPEOFACCESS as 'Object Type',ua.ActionType as 'Action Taken',u.username as 'Accessed By', ua.IPADDRESS as 'IP Address',ua.ACCESSTIME as 'Event Time',ua.DETAIL as 'Message' from users u , userlogin_access ua, userlogins l where l.loginkey = ua.LOGINKEY and l.USERKEY = u.userkey
E:g:,
ua.DETAIL column data:
{"data":"actionType:Show, eventId:1695030396053, USERLOGINS_KEY:com.saviynt.ecm.utility.UserLogins : 350962, remoteHost:***.**.**.***, actionUri:\/endpoints\/show, remoteAddress:***.**.**.***,
objectType:ENDPOINT","objectName":" FircoDev","message":"Endpoint FircoDev viewed by user
suchetas"}
Regards,
Hitesh Sapkota
