Events
Password Safe Event Field Mappings
The table below provides the value type and description for each Password Safe field found in events.
Field | Value Type | Description |
Event Date | DateTime | Event date (UTC) |
Server Date | DateTime | DateTime of server event forwarding processing (UTC) |
Agent ID | String | PBPS |
Source Host | String | The machine name of BeyondInsight instance |
Source IP | String | The IP address of BeyondInsight instance |
Event Name | String | Role used |
Event Desc | String | Object Type + Operation (for example, Functional Account Add) |
Event Severity | Integer | 0 = failed, 1 = success |
Event Subject | String | IP address of the browser that initiated the event |
User | String | Username associated with the event |
Workgroup ID | String | Where applicable, workgroup ID of the associated asset |
Workgroup Desc | String | Where applicable, workgroup description of the associated asset |
LogSystemID | Integer | PMMLogSytem table reference ID |
LogTime | DateTime | MM/dd/yyyy HH:mm:ss |
UserName | String | Username associated with the event |
UserID | String | User ID associated with the event |
RoleUsed | String | Role used |
ObjectTypeID | Integer | Object Type reference ID |
ObjectType | String | Object Type (i.e. Function Account) |
ObjectID | Integer | Object reference ID |
Operation | String | Operation (for example, Add, Update) |
Failed | Boolean | True / False |
Target | String | Describes the asset acted upon (for example, FAccount=testuser1 FAlias=testuser1 FDomain=testdomain1 PFid=25) |
Details | String | Miscellaneous additional information |
Event Triggers
Event Name and Event Type Values
The following are potential values that can be found in application audit messages for Event Name, in addition to their corresponding Event Type value shown in parentheses. Events are based on action taken.
This list may change over time and is not guaranteed to include every possible value.
“Event Name” (Event Type)
Default (0) |
Login (1) |
Logout (2) |
Add (3) |
Edit (4) |
Delete (5) |
Read (6) |
Assign (11) |
Rename (12) |
Schedule (14) |
Abort Job (17) |
Delete Job (18) |
Reset (19) |
Import (20) |
Copy (23) |
Generate (24) |
Session End (25) |
Bulk Password Change (26) | Bulk Domain Account Unlink (27) | Validate (28) |
Update (30) |
Download (35) |
Unlock (36) |
Bulk Move Credential (37) |
Event Category Values
The following are potential values that can be found for Category in application audit messages.
This list may change over time and is not guaranteed to include every possible value.
Account Lockout |
Address Group |
Application Session | Assets | Attribute |
Attribute Type | BeyondInsight Password Policy | BeyondInsight Configuration Tool |
Change Password |
Client Certificate |
Cloud Connector |
Configure | Credential | Databases |
Direct Connect |
Direct Connect Failure |
Directory Query |
Domain Management |
EPM Exclusion |
EPM Policy Logout |
EPM Policy User |
EPM Rule |
Event Forwarder |
JIRA Ticket System |
Login Failure |
Managed Account Alias |
Organization |
Plugin Setting | PMM Access Policy | PMM Access Policy Schedule |
PMM Account |
PMM API Authentication Rule Failure |
PMM API Registration |
PMM API SignOut |
PMM Application |
PMM Change Email Template |
PMM Connection Profile |
PMM Connection Profile Filter |
PMM DSS Key Policies |
PMM Functional Account |
PMM Login |
Pre-Login Banner |
PMM Login Failure |
PMM Managed Account | PMM Managed System |
PMM Mask Remedy Connector |
PMM Oracle Internet Directory |
PMM Password Rule |
Propagation Action |
Purging Options |
Remedy Connector Mapping | Sailpoint STI | Scan | SCIM |
ServiceNow Connector |
ServiceNow Export | ServiceNow Export Mapping | ServiceNow Import | ServiceNow Ticket System Mapping | ServiceNow Ticket System |
Session Monitoring |
Smart Rule |
System Options | Secrets Safe | Secrets Safe Credential |
Secrets Safe Folder |
Third Party Connector |
Ticket |
TOTP Authentication Failure |
TOTP Device Enrolled |
User |
User Group |
User Group - Smart Rule Role |
Worker Node |
Workgroup |