Password Safe Event Field Mappings

The table below provides the value type and description for each Password Safe field found in events.

Field Value Type Description
Event Date DateTime Event date (UTC)
Server Date DateTime DateTime of server event forwarding processing (UTC)
Agent ID String PBPS
Source Host String The machine name of BeyondInsight instance
Source IP String The IP address of BeyondInsight instance
Event Name String Role used
Event Desc String Object Type + Operation (for example, Functional Account Add)
Event Severity Integer 0 = failed, 1 = success
Event Subject String IP address of the browser that initiated the event
User String Username associated with the event
Workgroup ID String Where applicable, workgroup ID of the associated asset
Workgroup Desc String Where applicable, workgroup description of the associated asset
LogSystemID Integer PMMLogSytem table reference ID
LogTime DateTime MM/dd/yyyy HH:mm:ss
UserName String Username associated with the event
UserID String User ID associated with the event
RoleUsed String Role used
ObjectTypeID Integer Object Type reference ID
ObjectType String Object Type (i.e. Function Account)
ObjectID Integer Object reference ID
Operation String Operation (for example, Add, Update)
Failed Boolean True / False
Target String Describes the asset acted upon (for example, FAccount=testuser1 FAlias=testuser1 FDomain=testdomain1 PFid=25)
Details String Miscellaneous additional information

Event Triggers

Event Name and Event Type Values

The following are potential values that can be found in application audit messages for Event Name, in addition to their corresponding Event Type value shown in parentheses. Events are based on action taken.

This list may change over time and is not guaranteed to include every possible value.

“Event Name” (Event Type)

Default (0)

Login (1)

Logout (2)

Add (3)

Edit (4)

Delete (5)

Read (6)

Assign (11)

Rename (12)

Schedule (14)

Abort Job (17)

Delete Job (18)

Reset (19)

Import (20)

Copy (23)

Generate (24)

Session End (25)

Bulk Password Change (26) Bulk Domain Account Unlink (27) Validate (28)
Update (30)

Download (35)

Unlock (36)

Bulk Move Credential (37)

Event Category Values

The following are potential values that can be found for Category in application audit messages.

This list may change over time and is not guaranteed to include every possible value.

Account Lockout

Address Group

Application Session Assets Attribute
Attribute Type BeyondInsight Password Policy BeyondInsight Configuration Tool

Change Password

Client Certificate

Cloud Connector

Configure Credential Databases

Direct Connect

Direct Connect Failure

Directory Query

Domain Management

EPM Exclusion

EPM Policy Logout

EPM Policy User

EPM Rule

Event Forwarder

JIRA Ticket System

Login Failure

Managed Account Alias


Plugin Setting PMM Access Policy PMM Access Policy Schedule

PMM Account

PMM API Authentication Rule Failure

PMM API Registration


PMM Application

PMM Change Email Template

PMM Connection Profile

PMM Connection Profile Filter

PMM DSS Key Policies

PMM Functional Account

PMM Login

Pre-Login Banner

PMM Login Failure

PMM Managed Account PMM Managed System

PMM Mask Remedy Connector

PMM Oracle Internet Directory

PMM Password Rule

Propagation Action

Purging Options

Remedy Connector Mapping Sailpoint STI Scan SCIM

ServiceNow Connector

ServiceNow Export ServiceNow Export Mapping ServiceNow Import ServiceNow Ticket System Mapping ServiceNow Ticket System

Session Monitoring

Smart Rule

System Options Secrets Safe Secrets Safe Credential
Secrets Safe Folder

Third Party Connector


TOTP Authentication Failure

TOTP Device Enrolled


User Group

User Group - Smart Rule Role

Worker Node