Audit Events
The audit events are listed below by category.
Add Events
Description |
API call (method name is same eventid) |
Parameters |
AER="ASSET02" ASA="AS_1105"Action=addAssetToAssetSet |
Description |
API call: associates a credential to a device. |
Parameters |
DID="11178" CID="11179"Action=addCredentialToDevice |
Description |
Server internal: generated by importdevices for each added device. Correlation ID matches the imports device correlation ID. |
Parameters |
Description |
API call |
Parameters |
ROC="R_1153" AGC="null" FPI="0" ATC="null" FSC="FS_SSPAADM"Action=addRoleAssetGroupFunctionSetPrivilege |
Description |
API call |
Parameters |
ROC="RL_HELPDESKTOP" FPI="0" ATC="OP_ATCODE" GRC="USG_SYS" FSC="FS_HELPDSK"Action=addRoleFunctionSetPrivilege |
Description |
API call |
Parameters |
ROC="RL_USERADM"Action=addRoleToUser |
Description |
API call |
Parameters |
PID="0" ATC="AT_SYSLOG" GRC="UG_TEST" FUC="D_USERATT"Action=addUserFunctionPrivilege |
Description |
API call |
Parameters |
GRC="REQAG003" FPI="0" ATC="OP_ATCODE" GRC="null" FSC="FS_ADFSA" GRC="REQAG003"Action=addUserSubGroupFunctionSetPrivileges |
Assign Events
Description |
API call: assignDevicetoUser with failure |
Parameters |
DID="11256"Action=assignDeviceToUser |
Description |
API call: assignDevicetoUser with success |
Parameters |
DID="11274"Action=assignDeviceToUser |
Change Events
Description |
API call: user changes its own password |
Parameters |
ATC="OP_ATCODE" ANS="false" ARP="" USN="null"Action=changeOwnExpiredPassword |
Description |
|
Parameters |
DID="11145" DTC="DT_MIN_OTP" ISN="null" DSD="04/06/2015" EXD="03/06/2017"Action=changeSoftPinDevice |
Description |
API call: direct user changes the expired password for a specified user |
Parameters |
ATC="OP_ATCODE" ANS="true" ARP="" USN="ftadmin"Action=changeUserExpiredPassword |
Description |
API call: direct user changes the password for a specified user |
Parameters |
ATC="AT_EMPEPWD"Action=changeUserPassword |
Create Events
Description |
API call: used by setup to define authentication process adapter parameters |
Parameters |
Action=createAdapterConfiguration |
Description |
API call |
Parameters |
AER="UG_1102_HW_DT" ASB="UG_1102_HW_DT" AGC="GroupConfig"Action=createAsset |
Description |
API call |
Parameters |
AGC="AG_1145" AGN="Copy of AG_ADD"Action=createAssetGroup |
Description |
API call |
Parameters |
ASA="AS_1105" ASN="testassetset" AGC="AG_ASSETTYPE1"Action=createAssetSet |
Description |
API call |
Parameters |
Action=createAttributeType |
Description |
API call |
Parameters |
Action=createAuthenticationType |
Description |
API call |
Parameters |
ATC="AT_EMPOTP" AUS="ENABLED" AVF="04/06/2015" AVT="04/06/2022"Action=createAuthenticator |
Description |
API call: assign a delivery gateway to authentication policy. For example, in the ActivID Management Console authentication policy definition screens. |
Parameters |
Action=createBindingOfEntityToAdapters |
Description |
API call: channel definition |
Parameters |
Action=createChannel |
Description |
API call: creation of new credential. |
Parameters |
CTC="CT_CRTCHK1" CCO="INDIRECT_PKICERT" ATA="X509CERT" ATV="MIIB8TCCAVoCCQDOHCW5SCFFnzANBgkqhkiG9w0BAQUFADBmMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMR8wHQYDVQQDExZ3d3cuY2Fycy5leGFtcGxlLmNvLnVrMB4XDTExMDcxMzEyNDYxMFoXDTIxMDcxMDEyNDYxMFowFDESMBAGA1UEAxMJc2ViYXN0aWVuMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4+gDvQFSsf7LSrsW7KQKJk26daAkwvqNGHAbIbrJcgMkdgYFRwNhyw5Uh8AUNvNUn4VJ7JN/syms4nzNMnns0tlxwDYmdTZ1AYgR1q6El5aMJJgdsxwmcPHQp5a5C+40pUbea8k7jhAmhxZjZVrULGp6rbGJW1ZsgPJikxCag3QIDAQABMA0GCSqGSIb3DQEBBQUAA4GBALjEWZpoHm4MFR+dEDeaSokX1rfRg1cKGrH5HEIRj9wQ1sjypFh/zOZm32VhmXpy0Mob3mPXylqVXecxvZTho7SU/YZCqk9ZMU07M+arr9qB5gOhyBdLMwPA0s74pIZ93uEKDdTgAxWFVJw/3cOEmLJSCFMcnpg7A6XBWtH5x/qX" DSD="13/07/2011" EXD="10/07/2021"Action=createCredential |
Description |
API call: definition of a new credential type. For example, in the ActivID Management Console credential type definition screens. |
Parameters |
Action=createCredentialType |
Description |
Action=createDatasource |
Parameters |
API call: Definition of new user repository. For example, used by the ActivID Management Console on user repositories definition screen. |
Description |
|
Parameters |
DTC="DT_TDS"Action=createDeviceIssuanceRequest |
Description |
API call: Definition of a new device type. For example, ActivID Management Console on configuration device type definition screens. |
Parameters |
Action=createDeviceType |
Description |
API call: definition of new permission set. |
Parameters |
FSC="FS_USRREAD" FSN="myPermSet02" FUC="R_AS" FUC="R_AUDIT" FUC="R_CR" FUC="R_DEVICE" FUC="I_REF_DATA" FUC="R_ROLE" FUC="R_TRANS_USERS" FUC="R_TA_U_BY_GRP" FUC="R_USER_ASSET" FUC="R_USER_DETAILS" FUC="R_UG_AS_TS_PRV" FUC="R_UG_AG_FS_PRV" FUC="R_UG_TS_PRIVS" FUC="R_UG_FS_PRIVS"Action=createFunctionSet |
Description |
API call: creation of security questions authenticator for a user. |
Parameters |
ATC="AT_EMPQA" AUS="ENABLED" AVF="04/06/2012" AVT="04/06/2022" AVF="04/06/2015" AVT="02/06/2020" MDP="PR_1ST_JOB" MDP="PR_MEMWRD" MDP="PR_PLACE" MDP="PR_PHONE" MDP="PR_NICK" MDP="PR_E_SCHL" MDP="PR_TOWN" MDP="PR_CAR_CLR" MDP="PR_MEET" MDP="PR_BR_BDAY"Action=createMDAuthenticator |
Description |
API call: definition of new security question. |
Parameters |
Action=createMemorableDataPrompt |
Description |
API call: definition of new authorization profile |
Parameters |
Action=createProfile |
Description |
API call: definition of new RADIUS server |
Parameters |
Action=createRadiusServer |
Description |
API call: definition of new role |
Parameters |
ROC="R_1103" RON="TEST_ROLE"Action=createRole |
Description |
|
Parameters |
EXP="null" LEN="null" VAF="null" TRA="wyJUexvN"Action=createSessionTransferCode |
Description |
API call :definition of new external permission |
Parameters |
Action=createTransaction |
Description |
API call :definition of new external permission set |
Parameters |
TSC="REQPERM003" TSN="REQPERM003_Name" TSN="REQPERM003_Name"Action=createTransactionSet |
Description |
API call :creation of login authenticator for a user |
Parameters |
ATC="OP_ATCODE" AUS="ENABLED" AVF="04/06/2015" AVT="02/06/2020" USN="ou1user1"Action=createUPAuthenticator |
Description |
API call :add new user |
Parameters |
GRC="FTINIT" STD="null"Action=createUser |
Description |
API call :add new user group |
Parameters |
GRN="TESTUT001_Name" GRC="TESTUT001" PGC="null" ATC="AT_EMPQA" ATC="AT_EMPEPWD" ATC="AT_EMPOTP" ATC="AT_EMPSMS" ATC="AT_EMPPKI" ATC="AT_EMPPWD" ATC="AT_LDAP" ATC="AT_MCOTP" ATC="AT_MCPKI" ATC="AT_MCQA" ATC="OP_ATCODE"Action=createUserGroup |
Description |
|
Parameters |
GRN="Test_Group" GRC="UG_1102" PGC="USG_CUST2"Action=createUserSubGroup |
Delete Events
Description |
|
Parameters |
Action=deleteAdapterConfiguration |
Description |
|
Parameters |
AER="UG_1102_HW_AT"Action=deleteAsset |
Description |
|
Parameters |
AGC="AG_1145" AGN="Copy of AG_ADD"Action=deleteAssetGroup |
Description |
|
Parameters |
ASA="AS_1146" ASN="AS_NEW"Action=deleteAssetSet |
Description |
|
Parameters |
Action=deleteAttributeType |
Description |
|
Parameters |
ATC="AT_DEVICE"Action=deleteAuthenticationTypes |
Description |
|
Parameters |
ATC="AT_LDAP"Action=deleteAuthenticators |
Description |
|
Parameters |
CHC="CH_1140"Action=deleteChannel |
Description |
|
Parameters |
CID="11179"Action=deleteCredential |
Description |
|
Parameters |
CTC="CT_TEST"Action=deleteCredentialType |
Description |
|
Parameters |
Action=deleteDatasource |
Description |
|
Parameters |
Action=deleteDeviceIssuanceRequests |
Description |
|
Parameters |
DTC="DT_TEST"Action=deleteDeviceType |
Description |
|
Parameters |
DID="11240"Action=deleteDevices |
Description |
|
Parameters |
FSC="FS_USRREAD" FSC="FS_USRREAD" FSN="myPermSet02"Action=deleteFunctionSet |
Description |
|
Parameters |
Action=deleteMemorableDataPrompt |
Description |
|
Parameters |
Action=deleteProfile |
Description |
|
Parameters |
Action=deleteRadiusServer |
Description |
|
Parameters |
ROC="RL_HELPDESKTOP"Action=deleteRole |
Description |
|
Parameters |
TRC="T_TEST"Action=deleteTransaction |
Description |
|
Parameters |
TSC="REQPERM003" TSN="REQPERM003_Name"Action=deleteTransactionSet |
Description |
|
Parameters |
Action=deleteUser |
Description |
|
Parameters |
GRC="TESTUT001" GRN="TESTUT001_Name" PGC="null"Action=deleteUserGroup |
Description |
|
Parameters |
GRC="UG_1102" GRN="Test_Group" PGC="USG_CUST1"Action=deleteUserSubGroup |
Description |
|
Parameters |
Action=deleteUsers |
Device Events
Description |
API call: imports a set of devices using an import file. For example used by MC on help desk import device screen. An event "addDevice" is generated internally for each device and correlationID is used to link devices on same batch. |
Parameters |
Action=importDevices |
Description |
API call: synchronization of a device |
Parameters |
DID="11240" DTC="DT_MIN_OT" ISN="null" DSD="04/06/2015" EXD="03/06/2017"Action=synchroniseDeviceAuto |
Description |
|
Parameters |
DID="11139" DTC="DT_TK1V2" ISN="null" DSD="04/06/2015" EXD="03/06/2017"Action=synchroniseDeviceAuto |
Description |
|
Parameters |
DID="11139" DTC="DT_TK1V2" ISN="null" DSD="04/06/2015" EXD="03/06/2017"Action=synchroniseDeviceManual |
Description |
API call: unassign a device from a user. |
Parameters |
DID="11145"Action=unassignDevice |
Indirect Events
Description |
API call: used by external application to check external permissions for specific user and asset. Also used by SSP for user token activation process. |
Parameters |
TRC="TC_HW"Action=indirectAuthoriseTransaction |
Description |
API call: used by Banking application to deliver transactions to mobiles devices (Transaction signing) |
Parameters |
DID="12332" ATC="AT_TDS"Action=indirectDeliverChallenge |
Description |
API call: indirectDeliverChallenge failed, here delivery gateway to send transaction to mobile device is missing. |
Parameters |
DID="11274" ATC="AT_TDS" FAC="Unable to find valid delivery adapter for this authentication type:<Domain: ONLINEBANK>"Action=indirectDeliverChallenge |
Description |
API call: direct user verifying authentication for a user using a device. Here indirectPrimaryAuthenticateDevice failed. Parameters indicate reason of failure |
Parameters |
ATC="AT_EMPSMS" ANS="true" ARP="HOSTADDRESS[xx.xx.xxx.xx]" DAM="1" DTC="DT_OOB" ISN="null" DSD="null" FAC="Reason indicating that PIN did not match"Action=indirectPrimaryAuthenticateDevice |
Description |
API call: indirectPrimaryAuthenticateDevice success |
Parameters |
ATC="AT_EMPSMS" ANS="true" ARP="HOSTADDRESS[xx.xx.xxx.xx]" DAM="1" DTC="DT_OOB" ISN="null" DSD="null"Action=indirectPrimaryAuthenticateDevice |
Description |
API call: direct user verifying security questions answers for a user. |
Parameters |
ATC="AT_EMPQA" ANS="false" ARP="" PSA="PR_1ST_JOB PR_MEMWRD PR_PLACE"Action=indirectPrimaryAuthenticateMD |
Description |
API call: direct user verifying authentication for a user using his password.indirectPrimaryAuthenticateUP success. |
Parameters |
ATC="DYNMC_AUTH" ANS="false" ARP="HOSTADDRESS[xx.xx.xxx.xx]" USN="null"Action=indirectPrimaryAuthenticateUP |
Description |
API call: direct user verifying authentication for a user using his password. indirectPrimaryAuthenticateUP failed. Parameters indicate reason of failure (here "Password does not match") |
Parameters |
ATC="DYNMC_AUTH" ANS="false" ARP="HOSTADDRESS[xx.xx.xxx.xx]" USN="null" FAC="Password does not match"Action=indirectPrimaryAuthenticateUP |
Key Events
Description |
Server internal: Audit of security keys used on this security domain, following events are generated internally by ActivID authentication server. Current Key used for AUDIT signature on this domain. |
Parameters |
KEY=HID-IA-4T.AUDIT.1 Action=auditKeys |
Description |
Current Key used for credentials encryption on this domain. |
Parameters |
KEY=HID-IA-4T.CREDS.1 Action=auditKeys |
Description |
Current Key used for DB rows signature on this domain. |
Parameters |
KEY=HID-IA-4T.DSIGN.1 Action=auditKeys |
Description |
Current Key used for Sessions (ALSI transfer) encryption on this domain. |
Parameters |
KEY=HID-IA-4T.SESSION.1 Action=auditKeys |
Description |
Current Key used for Configuration entries encryption on this domain. |
Parameters |
KEY=HID-IA-4T.SYS.1 Action=auditKeys |
Move Events
Description |
When user is moved from one group to another. |
Parameters |
GRC="UG_1102" GRC="USG_CUST1" GRN="Test_Group"Action=moveUserSubGroup |
Description |
|
Parameters |
GRC="USG_CUST1"Action=moveUserToSubGroup |
OOB Events
Description |
API call: register an OOB. |
Parameters |
ATC="AT_EMPSMS"Action=registerUserForOutOfBand |
Description |
API call: remove OOB credential and device from a user. |
Parameters |
ATC="AT_EMPSMS"Action=unregisterUserForOutOfBand |
Other Events
Description |
API call: method audit () : External event creation. Used by external applications to insert their own events on the auditlog database. |
Parameters |
param=NOTMatched |
Description |
|
Parameters |
Action=audit |
Description |
|
Parameters |
Action=executeProcessWithAdapterConfiguration |
Description |
|
Parameters |
Action=generateEntityCode |
Description |
By default, getXXX with success are not audited, in case of no function privilege exception, event is audited |
Parameters |
Action=getUser |
Description |
Search User in LDAP found user with invalid attribute, to avoid return user with suspicious attribute, user is removed from list of users found. |
Parameters |
UGC="USG_FTEMP" ERI="DS_1101" USN="cd c__" Action=searchUsers |
Description |
|
Parameters |
Action=logout |
Description |
This event comes from Feedback Service of delivery gateway. When found invalid tokens, the token are automatically revoked. This event is generated for each token revoked. |
Parameters |
STS="REVOKED" DID="12162" DTC="DT_TDS" Action=setDeviceStatus |
Description |
|
Parameters |
AER="A_1103" ASA="AS_1102"Action=removeAssetFromAssetSet |
Description |
|
Parameters |
Action=testConnection |
Description |
Internal, generated by authentication methods. During authenticate process, the ActivID Appliance automatically creates an authenticator (if not already there) based on authentication request AuthenticationType (if allowed on the channel and not blocked for the user). |
Parameters |
Primary Events
Description |
API call: (Direct) user authentication using a device credential. Here API primaryAuthenticateDevice failed. Parameters indicate reason of failure. (This is case of transaction signing, cannot verify signature from client mobile, or wrong counter from client mobile.) |
Parameters |
ATC="AT_TDS" ANS="true" ARP="HOSTADDRESS[xx.xx.xxx.xx]" DAM="4" DID="11274" FAC="Response is incorrect"Action=primaryAuthenticateDevice |
Description |
API call: (Direct) user authentication using a device credential: success. Here ActivID Application (MC) direct user performing PKI authentication to ActivID authentication server. |
Parameters |
ATC="AT_SYSPKI" ANS="false" ARP="" DAM="2" DAC="39511351" DTC="DT_SERVER" ISN="null" DSD="02/06/2015" EXD="02/06/2020"Action=primaryAuthenticateDevice |
Description |
API call: (Direct) user authentication using a login credential (password). Here user "spl-api" authenticates by CH_DIRECT channel using AT_SYSLOG authentication policy. |
Parameters |
ATC="AT_SYSLOG" ANS="false" ARP="" USN="null"Action=primaryAuthenticateUP |
Description |
primaryAuthenticateUP success. |
Parameters |
ATC="OP_ATCODE" ANS="false" ARP="" USN="null" FAC="Password does not match"Action=primaryAuthenticateUP |
Description |
primaryAuthenticateUP failed. Parameters indicate reason of failure. |
Parameters |
ATC="AT_SYSLOG" ANS="false" ARP="" USN="null"Action=primaryAuthenticateUP |
Reset Events
Description |
API call: registerUserForOutOfBand specific call to reset the activation code of an OOB credential. |
Parameters |
ATC="AT_EMPSMS"Action=registerUserForOutOfBand |
Description |
|
Parameters |
ATC="AT_EMPSMS"Action=resetAuthenticatorFailedAuthenticationCount |
Description |
API call: registerUserForOutOfBand specific call to reset counter of an OOB credential. |
Parameters |
ATC="AT_EMPSMS"Action=registerUserForOutOfBand |
Retrieve Events
Description |
|
Parameters |
TRA="0194951045786064656351831456325940730319"Action=retrieveALSIBySessionTransferCode |
Description |
|
Parameters |
Action=retrieveDeviceIssuanceRequests |
Search Events
Description |
By default (but configurable), search methods are now audited, except in case of privilege escalation. |
Parameters |
CTC="CT_SST_BB"Action=searchCredentials |
Description |
|
Parameters |
CTC="CT_SST_BB"Action=searchCredentialsPaginated |
Set Events
Description |
API call: definition of user attributes for a group. |
Parameters |
GRC="UT_CUST"Action=setGroupAttributes |
Description |
API call: set security question answers for a user. |
Parameters |
MDP="PR_MEET" MDP="PR_LICENCE" MDP="PR_NICK" MDP="PR_TOWN" MDP="PR_FRIEND" MDP="PR_E_SCHL" MDP="PR_CHILD" MDP="PR_SIBLING" MDP="PR_MEMWRD" MDP="PR_1ST_JOB" MDP="PR_SECRET" MDP="PR_ANIMAL" MDP="PR_MEMPHR" MDP="PR_BR_BDAY" MDP="PR_CAR_CLR" MDP="PR_PHONE" MDP="PR_PLACE"Action=setUserMDAnswers |
Update Events
Description |
|
Parameters |
Action=updateAdapterConfiguration |
Description |
|
Parameters |
AER="ASSET02"Action=updateAssetDetails |
Description |
|
Parameters |
AGC="AG_ASSETTYPE1" AGN="Asset Type 1"Action=updateAssetGroupDetails |
Description |
|
Parameters |
ASA="AS_1105" ASN="testassetset" AGC="AG_ASSETTYPE1"Action=updateAssetSetDetails |
Description |
|
Parameters |
Action=updateAttributeType |
Description |
|
Parameters |
Action=updateAuthenticationType |
Description |
|
Parameters |
ATC="AT_EMPPWD" CHC="CH_IIS"Action=updateAuthenticatorPrimaryBlockedChannels |
Description |
|
Parameters |
ATC="AT_EMPSMS" AVF="04/06/2015" AVT="02/06/2020"Action=updateAuthenticatorValidPeriod |
Description |
|
Parameters |
Action=updateChannel |
Description |
|
Parameters |
Action=updateCredentialType |
Description |
|
Parameters |
Action=updateDatasource |
Description |
|
Parameters |
DTC="DT_STW_OE" ISN="null" DSD="20/05/2015" EXD="20/05/2017"Action=updateDevice |
Description |
|
Parameters |
STP="setDeviceStatus" DTC="DT_TDS" DID="11274" STP="createAuthenticator" ATC="AT_TDS"Action=updateDeviceIssuanceRequest |
Description |
|
Parameters |
Action=updateDeviceType |
Description |
|
Parameters |
Action=updateMemorableDataPrompt |
Description |
|
Parameters |
ROC="RL_HELPDSK" RON="Help Desk"Action=updateRoleDetails |
Description |
|
Parameters |
Action=updateTransaction |
Description |
|
Parameters |
ATC="AT_EMPEPWD" AVF="04/06/2015" AVT="02/06/2020"Action=updateUPAuthenticatorValidPeriod |
Description |
|
Parameters |
ATA="FIRSTNAME" ATV="test" ATA="LASTNAME" ATV="OOB" ATA="TITLE" ATV="" ATA="ATR_EMAIL" ATV="test@company.com"Action=updateUserAttributes |
Description |
|
Parameters |
UER="REQUSER055_2"Action=updateUserExternalReference |
Description |
|
Parameters |
GRN="Customers User Type" GRC="UT_CUST" PGC="null" ATC="AT_CSTEPWD" ATC="AT_CUSTDID" ATC="AT_CUSTMW" ATC="AT_CUSTOTP" ATC="AT_CUSTPIN" ATC="AT_CUSTPKI" ATC="AT_CUSTPW" ATC="AT_CUSTQA" ATC="AT_CUSTSGN" ATC="AT_CUSTSMS" ATC="AT_LDAP"Action=updateUserGroupDetails |
Description |
When performing searchUser or getUser, if user is LDAP user, his enable status in LDAP and DN, and his corresponding roles in ActivID Appliance are checked, if there's change, his information will be automatically updated. This event is audited when update succeed. |
Parameters |
UGC="USG_CUST1" ERI="DS_1101" USN="ou1user1" ULS="ENABLED" ROC="Size 2 [0]=RL_HELPDSK [1]=R_1103" Action=getUser |
Description |
|
Parameters |
GRC="REQAG000" STD="04/06/2015"Action=updateUserStatus |
Description |
|
Parameters |
GRN="Consumer Online Banking" GRC="USG_CUST1" PGC="UT_CUST"Action=updateUserSubGroupDetails |