Skip Navigation
  1. BlackBerry Docs
  2. Cylance Endpoint Security
  3. Administration
  4. Cylance Endpoint Security Administration Guide
  5. Auditing administrator actions
  6. Audit log information: CylanceAVERT

Audit log information:
CylanceAVERT

The following table lists the information that is added to the audit log for
CylanceAVERT
administrative actions. You can use the filtering options in the console to filter the audit log results.
Category
Action
Details
Data Entity
Add
{
    "id": "
<ID>
",
    "tenantId": "
<Tenant ID>
",
    "occurred": "
<Date/Time>
",
    "traceId": "
<Trace ID>
",
    "spanId": "
<Span ID>
",
    "source": "com.blackberry.dlp",
    "type": "AUDIT",
    "category": "Entity",
    "subcategory": "created",
    "message": "admin created DataEntity named 
<Policy name>
"
    },
    "admin": {
        "ecoId": "
<Eco ID>
"
    },
    "entity": {
        "id": "
<ID>
",
        "type": "DATAENTITY",
        "displayName": "
<Entity display name>
"
    },
    "changes": {
        "regions": {
            "new": "
<Region>
"
        },
        "name":{
            "new": "
<Data entity name>
"
        "description": {
            "new": "
<Description>
"
        },
        "infoTypes": {
            "new": "
<Info types>
"
        },
        "Type": {
            "new": "
<Data type>
"
        },
        "Parameters": {
            "new": "
<parameters>
"
        },
        "algorithm":{
            "new":
<Algorithm>
    
     }
}
Data Entity
Edit
{
    "id": "
<ID>
",
    "tenantId": "
<Tenant ID>
",
    "occurred": "
<Date/Time>
",
    "traceId": "
<Trace ID>
",
    "spanId": "
<Span ID>
",
    "source": "com.blackberry.dlp",
    "type": "AUDIT",
    "category": "ENTITY",
    "subcategory": "UPDATED",
    "message": "admin updated DataEntity named 
<Data entity name>
",
    "crud": {
        "admin": {
            "ecoId": "
<Eco ID>
"
        },
        "entity": {
            "id": "
<ID>
",
            "type": "DATAENTITY",
            "displayName": "
<Data entity display name>
"
        },
        "changes": {
            "description": {
                "new": "
<New description>
",
                "old": "
<Old description>
"
            }
        }
    }
}
Data Entity
Remove
{
    "id": "
<ID>
",
    "tenantId": "
<Tenant ID>
",
    "occurred": "
<Date/Time>
",
    "traceId": "
<Trace ID>
",
    "spanId": "
<Span ID>
",
    "source": "com.blackberry.dlp",
    "type": "AUDIT",
    "category": "ENTITY",
    "subcategory": "DELETED",
    "message": "admin deleted DataEntity named 
<Data entity name>
",
    "crud": {
        "admin": {
            "ecoId": "
<Eco ID>
"
        },
        "entity": {
            "id": "
<ID>
",
            "type": "DATAENTITY",
            "displayName": "
<Data entity display name>
"
        }
    }
}
Evidence File
Download
{
    "id": "
<ID>
",
    "tenantId": "
<Tenant ID>
",
    "occurred": "
<Date/Time>
",
    "traceId": "
<Trace ID>
",
    "spanId": "
<Span ID>
",
    "source": "com.blackberry.dlp",
    "type": "AUDIT",
    "category": "ENTITY",
    "subcategory": "READ",
    "message": "Evidence File is downloaded",
    "crud": {
        "admin": {
            "ecoId": "
<Eco ID>
"
        },
        "entity": {
            "id": "
<ID>
",
            "type": "
<Entity type>
"
        }
    }
}
Evidence File
Remove
{
    "id": "
<ID>
",
    "tenantId": "
<Tenant ID>
",
    "occurred": "
<Date/Time>
",
    "traceId": "
<Trace ID>
",
    "spanId": "
<Span ID>
",
    "source": "com.blackberry.dlp",
    "type": "AUDIT",
    "category": "ENTITY",
    "subcategory": "DELETED",
    "message": "Evidence File is DELETED",
    "crud": {
        "admin": {
            "ecoId": "
<Eco ID>
"
        },
        "entity": {
            "id": "
<ID>
",
            "type": "
<Entity type>
"
        }
    }
}
Policy
Add
{
    "common": {
        "id": "
<ID>
",
        "tenantId": "
<Tenant ID>
",
        "occurred": "
<Date/Time>
",
        "traceId": "
<Trace ID>
",
        "spanId": "
<Span ID>
",
        "source": "com.blackberry.dlp",
        "type": "AUDIT",
        "category": "Entity",
        "subcategory": "created",
        "message": "admin created Policy named 
<Policy name>
"
    },
    "admin": {
        "ecoId": "
<Eco ID>
"
    },
    "entity": {
        "id": "
<ID>
",
        "type": "PROFILE",
        "displayName": "
<Entity display name>
"
    },
    "changes": {
        "emailDomainsRule": {
            "new": "
<Domain rule>
"
        },
        "condition": {
            "new": "
<Condition>
"
        },
        "policyName": {
            "new": "
<Policy name>
"
        },
        "policyType": {
            "new": "
<Policy type>
"
        },
        "description": {
            "new": "
<Description>
"
        },
        "policyRules": {
            "new": "
<Policy rules>
"
        },
        "classification": {
            "new": "
<Classification>
"
        },
        "browserDomains": {
            "new": "
<Browser domains>
"
        }
    }
}
Policy
Edit
{
    "common": {
        "id": "
<ID>
",
        "tenantId": "
<Tenant ID>
",
        "occurred": "
<Date/Time>
",
        "traceId": "
<Trace ID>
",
        "spanId": "
<Span ID>
",
        "source": "com.blackberry.dlp",
        "type": "AUDIT",
        "category": "Entity",
        "subcategory": "Updated",
        "message": "admin created Policy named 
<Policy name>
"
    },
    "admin": {
        "ecoId": " "
    },
    "entity": {
        "id": "fbfa8366-e58c-4018-925f-2a536dce4c2d",
        "type": "PROFILE",
        "displayName": "policy-test-name-created-from-auto-test"
    },
    "changes": 
{
    "policyName":{
              "old" : "HIPAA",
              "new" : "HIPAA Compliance"
        },
 
    "condition": {
          "old": "
<Old condition>
",
          "new":"
<New condition>
"
      },
 
    "policyRules": {
            "old":[{
<Old policy rules>
}],
            "new":[{
<New policy rules>
}]
      },
   
    "policyConfigs": {
            "old":[{
<Old policy rules>
}],
            "new":[{
<New policy rules>
}]
      },
   
    "browserDomains":{
            "old":
<Old browser domains>
,
            "new":
<New browser domains>

      },
   
    "emailDomainsRule": {
            "old":
<Old domain rule>
,
            "new":
<New domain rule>

      }
    }
}
Policy
Remove
{
    "id": "
<ID>
",
    "tenantId": "
<Tenant ID>
",
    "occurred": "
<Date/Time>
",
    "traceId": "
<Trace ID>
",
    "spanId": "
<Span ID>
",
    "source": "com.blackberry.dlp",
    "type": "AUDIT",
    "category": "ENTITY",
    "subcategory": "DELETED",
    "message": "admin DELETED Policy named 
<Policy name>
",
    "crud": {
        "admin": {
            "ecoId": "
<Eco ID>
"
        },
        "entity": {
            "id": "
<ID>
",
            "type": "PROFILE",
            "displayName": "
<Entity display name>
"
        }
    }
}
Setting
Update
{
    "id": "
<ID>
",
    "tenantId": "
<Tenant ID>
",
    "occurred": "
<Date/Time>
",
    "traceId": "
<Trace ID>
",
    "spanId": "
<Span ID>
",
    "source": "com.blackberry.dlp",
    "type": "AUDIT",
    "category": "SETTING",
    "subcategory": "UPDATED",
    "message": "admin UPDATED DLP settings",
    "crud": {
        "admin": {
            "ecoId": "
<Eco ID>
"
        },
        "changes": {
            "ui.tenant.setting.emailRecipients": {
                "new": "
<New email recipients>
",
                "old": "
<Old email recipients>
"
            }
        }
    }
}
Template
Remove
{
    "id": "
<ID>
",
    "tenantId": "
<Tenant ID>
",
    "occurred": "
<Date/Time>
",
    "traceId": "
<Trace ID>
",
    "spanId": "
<Span ID>
",
    "source": "com.blackberry.dlp",
    "type": "AUDIT",
    "category": "ENTITY",
    "subcategory": "DELETED",
    "message": "Template 
<Template name>
 was deleted",
    "crud": {
        "admin": {
            "ecoId": "
<Eco ID>
"
        },
        "entity": {
            "id": "
<ID>
",
            "type": "TEMPLATE",
            "displayName": "
<Template name>
"
        }
    }
}
Template
Add
{
    "id": "
<ID>
",
    "tenantId": "
<Tenant ID>
",
    "occurred": "
<Date/Time>
",
    "traceId": "
<Trace ID>
",
    "spanId": "
<Span ID>
",
    "source": "com.blackberry.dlp",
    "type": "AUDIT",
    "category": "ENTITY",
    "subcategory": "CREATED",
    "message": "Template 
<Template name>
 was created",
    "crud": {
        "admin": {
            "ecoId": "
<Eco ID>
"
        },
        "entity": {
            "id": "
<ID>
",
            "type": "TEMPLATE",
            "displayName": "
<Template name>
"
        },
        "changes": {
            "condition": {
                "new": "
<Condition>
"
            },
            "regions": {
                "new": "
<Region>
"
            },
            "name": {
                "new": "
<Template name>
"
            },
            "description": {
                "new": 
<Description>
"
            },
            "infoTypes": {
                "new": "
Info type>
"
            },
            "type": {
                "new": "
<Template type>
"
            }
        }
    }
}