BEYONDTRUST MC¶
About¶
The BeyondTrust Management Console is a web-based tool that you can use to: • Run multiple instances of the console and point them at different domains. • Run the console with a different user account. • Upgrade your Active Directory schema. • Obtain status information about your Active Directory forests and domains. • Migrate Unix and Linux users and groups by importing passwd and group files and mapping the information to users and groups in Active Directory. • Remove orphaned objects. • Generate reports about users, groups, and computers. • Start Active Directory Users and Computers (ADUC), Cell Manager, and the Migration tool.
Product Details¶
Product Type: IAM
Product Tier: Tier III
Integration Method: JSON
Integration URL: Use the BeyondTrust Management Console
Parser Details¶
Log Format: JSON
Expected Normalization Rate: 90%-100%
Data Label: BEYONDTRUST_MC
UDM Fields (list of all UDM fields leveraged in the Parser):
| Log File Field | UDM Field |
|---|---|
| ActionName | additional.fields |
| ActionId | additional.fields |
| Configuration.Application.Description | additional.fields |
| Configuration.Application.Type | additional.fields |
| Configuration.ApplicationGroup.Description | additional.fields |
| Configuration.ApplicationGroup.Identifier | additional.fields |
| Configuration.ApplicationGroup.Name | additional.fields |
| Configuration.Identifier | additional.fields |
| Configuration.RevisionNumber | additional.fields |
| Configuration.Rule.Identifier | additional.fields |
| Configuration.Token.Identifier | additional.fields |
| Configuration.Token.Name | additional.fields |
| Configuration.Workstyle.Name | additional.fields |
| Configuration.Workstyle.Description | additional.fields |
| Configuration.Workstyle.Identifier | additional.fields |
| ConnectionId | additional.fields |
| DomainIdentifier | principal.user.windows_sid |
| DomainNetBIOSName | principal.domain.name |
| event_details | additional.fields |
| Event.Type | additional.fields |
| GroupId | additional.fields |
| hostname | principal.hostname |
| json00 | additional.fields |
| json01 | additional.fields |
| json02 | additional.fields |
| json03 | additional.fields |
| json04 | additional.fields |
| json05 | additional.fields |
| json06 | additional.fields |
| json07 | additional.fields |
| json08 | additional.fields |
| json09 | additional.fields |
| json10 | additional.fields |
| json11 | additional.fields |
| json12 | additional.fields |
| json13 | additional.fields |
| json99 | additional.fields |
| machine_name | additional.fields |
| name | principal.hostname |
| Processes.parent_process_exec | principal.process.parent_process.file.names |
| Processes.process_exec | principal.process.parent_process.file.names |
| Processes.process_name | principal.resource.name |
| process | principal.process.file.names |
| process_0 | principal.process.file.names |
| process_1 | principal.process.file.names |
| RequestPath | additional.fields |
| SalesforceId | additional.fields |
| ServiceName | additional.fields |
| SchemaVersion | additional.fields |
| security_action | additional.fields |
| security_result | additional.fields |
| service_name | additional.fields |
| smb_timezone | additional.fields |
| TenantId | additional.fields |
| ThreadId | additional.fields |
| token_id | additional.fields |
| token_name | additional.fields |
| user.0 | principal.user.user_display_name |
| workstyle_description | additional.fields |
| workstyle_id | additional.fields |
| workstyle_name | additional.fields |
Product Event Types¶
| Event | UDM Event Classification |
|---|---|
| all | GENERIC_EVENT |
Log Sample¶
{"user":{"id":"S-1-5-21-2403180696-3858238681-2096967750-62097","DomainNetBIOSName":"CORPORATE","DomainIdentifier":"S-1-5-21-2403180696-3858238681-2096967750","domain":"CORPORATE","name":"USERNAME"},"EPMWinMac":{"COM":{},"Installer":{},"PrivilegedGroup":{},"GroupId":"3194d832-0076-407d-9329-787754bf6819","AuthorizationRequest":{},"TrustedApplication":{},"ServiceControl":{"Service":{}},"SchemaVersion":"4.4.0","Configuration":{"RuleScript":{"Outcome":{"RuleAffected":false}},"Workstyle":{"Name":"All Users","Description":"Default set of rules that apply to all users","Identifier":"4e0b71b9-0e4e-4dba-bd65-243f7aa574bc"},"Identifier":"e80c31eb-f7b2-4a8a-834c-538f3f11d4bb","Rule":{"Identifier":"a84b97a7-db2e-4eb3-acb4-08276664978e","OnDemand":false},"RevisionNumber":"101","Application":{"Description":"WindowsSearch","Type":"exe"},"Message":{"AuthMethods":[],"Authentication":{},"Authorization":{}},"Token":{"Identifier":"f30a3824-27af-4d69-9125-c78e44764ac1","Name":"Add Full Admin (Required for Installers)"},"ApplicationGroup":{"Name":"Add Admin - All Users (Windows Functions)","Description":"Admin OS Functions required by all users","Identifier":"9b74e2aa-450a-495d-ba72-cdcf9e52fc9e"}},"AuthorizingUser":{},"ActiveX":{},"TenantId":"d6c6c603-ca19-4fbe-84c8-12241f342df6","StoreApp":{},"Event":{"Type":"Process","Action":"Elevated"},"Session":{},"RemotePowerShell":{}},"agent":{"id":"4aefd956-1887-42b4-9ec3-8d96180c934f","version":"23.1.259.0"},"event":{"code":"100","id":"aca66bba-71c6-4605-800c-3ba4b74a032b","action":"process-start-add-admin"},"events":{"CompanyName":"Entrust Datacard Corporation","ActionName":"BT.EventGateway.Controllers.AuditEventController.Post (EventGateway)","ThreadId":13,"SalesforceId":"001f400000mXd3nAAC","ServiceName":"EventGateway","MachineName":"localhost","RequestPath":"/events/v1/audit","TenantId":"d6c6c603-ca19-4fbe-84c8-12241f342df6","ConnectionId":"0HMQL3243CSMK","@t":"2023-05-21T17:36:57.4915903Z","ActionId":"f088ea47-c302-4733-bb73-5ded2eac8bfd","eventJson":"{\"agent\":{\"version\":\"23.1.259.0\",\"id\":\"4aefd956-1887-42b4-9ec3-8d96180c934f\"},\"@timestamp\":\"2023-05-21T17:36:17.000Z\",\"client\":{},\"dll\":{\"pe\":{}},\"event\":{\"id\":\"aca66bba-71c6-4605-800c-3ba4b74a032b\",\"code\":\"100\",\"action\":\"process-start-add-admin\"},\"file\":{\"path\":\"c:\\\\windows\\\\syswow64\\\\searchprotocolhost.exe\",\"owner\":\"TrustedInstaller\",\"DriveType\":\"Fixed Disk\",\"ProductVersion\":\"7.0.19041.2673\",\"hash\":{\"md5\":\"0EEF77A658FC5AF46C0B77475F44D84C\",\"sha1\":\"A0CC880EAE49B57950030E0087659F73A72954DA\",\"sha256\":\"0975F875F8BB02DEAB42AE147B279DBD3BE1EA68B1F5A976626188684C48D437\"},\"pe\":{\"file_version\":\"7.0.19041.2673 (WinBuild.160101.0800)\",\"description\":\"Microsoft Windows Search Protocol Host\",\"product\":\"Windows® Search\"},\"Bundle\":{},\"Owner\":{\"Identifier\":\"S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464\",\"Name\":\"TrustedInstaller\",\"DomainIdentifier\":\"S-1-5-80\",\"DomainName\":\"NT SERVICE\",\"DomainNetBIOSName\":\"NT SERVICE\"},\"code_signature\":{\"subject_name\":\"Microsoft Windows\"}},\"group\":{},\"host\":{\"hostname\":\"HOSTNAME\",\"name\":\"HOSTNAME\",\"ip\":[],\"domain\":\"corporate.datacard.com\",\"DomainIdentifier\":\"S-1-5-21-2403180696-3858238681-2096967750\",\"NetBIOSName\":\"HOSTNAME\",\"DomainNetBIOSName\":\"CORPORATE\",\"geo\":{},\"os\":{\"type\":\"windows\"}},\"process\":{\"pid\":644,\"entity_id\":\"a251e415-32be-4a34-ba4f-1123136a31a9\",\"command_line\":\"\\\"C:\\\\WINDOWS\\\\SysWOW64\\\\SearchProtocolHost.exe\\\" Global\\\\UsGthrFltPipeMssGthrPipe_S-1-5-21-2403180696-3858238681-2096967750-6209795_ Global\\\\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-2403180696-3858238681-2096967750-6209795 1 -2147483646 \\\"Software\\\\Microsoft\\\\Windows Search\\\" \\\"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)\\\" \\\"C:\\\\ProgramData\\\\Microsoft\\\\Search\\\\Data\\\\Temp\\\\usgthrsvc\\\" \\\"DownLevelDaemon\\\" \\\"1\\\"\",\"executable\":\"c:\\\\windows\\\\syswow64\\\\searchprotocolhost.exe\",\"start\":\"2023-05-21T17:36:17.000Z\",\"ElevationRequired\":false,\"hash\":{},\"pe\":{},\"code_signature\":{},\"HostedFile\":{\"hash\":{},\"pe\":{},\"Owner\":{},\"code_signature\":{}},\"user\":{\"id\":\"S-1-5-21-2403180696-3858238681-2096967750-62097\",\"name\":\"USERNAME\",\"domain\":\"CORPORATE\",\"DomainIdentifier\":\"S-1-5-21-2403180696-3858238681-2096967750\"},\"parent\":{\"pid\":9028,\"executable\":\"c:\\\\windows\\\\system32\\\\searchindexer.exe\"}},\"related\":{\"ip\":[],\"user\":[\"USERNAME\"],\"hash\":[\"A0CC880EAE49B57950030E0087659F73A72954DA\",\"0975F875F8BB02DEAB42AE147B279DBD3BE1EA68B1F5A976626188684C48D437\",\"0EEF77A658FC5AF46C0B77475F44D84C\"],\"hosts\":[\"HOSTNAME\"]},\"user\":{\"id\":\"S-1-5-21-2403180696-3858238681-2096967750-62097\",\"name\":\"USERNAME\",\"domain\":\"CORPORATE\",\"DomainIdentifier\":\"S-1-5-21-2403180696-3858238681-2096967750\",\"DomainNetBIOSName\":\"CORPORATE\"},\"EPMWinMac\":{\"SchemaVersion\":\"4.4.0\",\"GroupId\":\"3194d832-0076-407d-9329-787754bf6819\",\"TenantId\":\"d6c6c603-ca19-4fbe-84c8-12241f342df6\",\"ActiveX\":{},\"AuthorizationRequest\":{},\"AuthorizingUser\":{},\"COM\":{},\"Configuration\":{\"Identifier\":\"e80c31eb-f7b2-4a8a-834c-538f3f11d4bb\",\"RevisionNumber\":\"101\",\"Application\":{\"Type\":\"exe\",\"Description\":\"WindowsSearch\"},\"ApplicationGroup\":{\"Name\":\"Add Admin - All Users (Windows Functions)\",\"Description\":\"Admin OS Functions required by all users\",\"Identifier\":\"9b74e2aa-450a-495d-ba72-cdcf9e52fc9e\"},\"Message\":{\"AuthMethods\":[],\"Authorization\":{},\"Authentication\":{}},\"Rule\":{\"Identifier\":\"a84b97a7-db2e-4eb3-acb4-08276664978e\",\"OnDemand\":false},\"RuleScript\":{\"Outcome\":{\"RuleAffected\":false}},\"Token\":{\"Name\":\"Add Full Admin (Required for Installers)\",\"Identifier\":\"f30a3824-27af-4d69-9125-c78e44764ac1\"},\"Workstyle\":{\"Name\":\"All Users\",\"Description\":\"Default set of rules that apply to all users\",\"Identifier\":\"4e0b71b9-0e4e-4dba-bd65-243f7aa574bc\"}},\"Event\":{\"Type\":\"Process\",\"Action\":\"Elevated\"},\"Installer\":{},\"PrivilegedGroup\":{},\"RemotePowerShell\":{},\"ServiceControl\":{\"Service\":{}},\"Session\":{},\"StoreApp\":{},\"TrustedApplication\":{}}}","ProcessId":27010,"CorrelationId":"cec14c31-d57a-473f-855d-af36b8c61a85","@i":"2b2bccdf","AssemblyVersion":"23.3.256.0","RequestId":"0HMQL3243CSMK:00000001","@m":"\"{\\\"agent\\\":{\\\"version\\\":\\\"23.1.259.0\\\",\\\"id\\\":\\\"4aefd956-1887-42b4-9ec3-8d96180c934f\\\"},\\\"@timestamp\\\":\\\"2023-05-21T17:36:17.000Z\\\",\\\"client\\\":{},\\\"dll\\\":{\\\"pe\\\":{}},\\\"event\\\":{\\\"id\\\":\\\"aca66bba-71c6-4605-800c-3ba4b74a032b\\\",\\\"code\\\":\\\"100\\\",\\\"action\\\":\\\"process-start-add-admin\\\"},\\\"file\\\":{\\\"path\\\":\\\"c:\\\\windows\\\\syswow64\\\\searchprotocolhost.exe\\\",\\\"owner\\\":\\\"TrustedInstaller\\\",\\\"DriveType\\\":\\\"Fixed Disk\\\",\\\"ProductVersion\\\":\\\"7.0.19041.2673\\\",\\\"hash\\\":{\\\"md5\\\":\\\"0EEF77A658FC5AF46C0B77475F44D84C\\\",\\\"sha1\\\":\\\"A0CC880EAE49B57950030E0087659F73A72954DA\\\",\\\"sha256\\\":\\\"0975F875F8BB02DEAB42AE147B279DBD3BE1EA68B1F5A976626188684C48D437\\\"},\\\"pe\\\":{\\\"file_version\\\":\\\"7.0.19041.2673 (WinBuild.160101.0800)\\\",\\\"description\\\":\\\"Microsoft Windows Search Protocol Host\\\",\\\"product\\\":\\\"Windows® Search\\\"},\\\"Bundle\\\":{},\\\"Owner\\\":{\\\"Identifier\\\":\\\"S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464\\\",\\\"Name\\\":\\\"TrustedInstaller\\\",\\\"DomainIdentifier\\\":\\\"S-1-5-80\\\",\\\"DomainName\\\":\\\"NT SERVICE\\\",\\\"DomainNetBIOSName\\\":\\\"NT SERVICE\\\"},\\\"code_signature\\\":{\\\"subject_name\\\":\\\"Microsoft Windows\\\"}},\\\"group\\\":{},\\\"host\\\":{\\\"hostname\\\":\\\"HOSTNAME\\\",\\\"name\\\":\\\"HOSTNAME\\\",\\\"ip\\\":[],\\\"domain\\\":\\\"corporate.datacard.com\\\",\\\"DomainIdentifier\\\":\\\"S-1-5-21-2403180696-3858238681-2096967750\\\",\\\"NetBIOSName\\\":\\\"HOSTNAME\\\",\\\"DomainNetBIOSName\\\":\\\"CORPORATE\\\",\\\"geo\\\":{},\\\"os\\\":{\\\"type\\\":\\\"windows\\\"}},\\\"process\\\":{\\\"pid\\\":644,\\\"entity_id\\\":\\\"a251e415-32be-4a34-ba4f-1123136a31a9\\\",\\\"command_line\\\":\\\"\\\\\"C:\\\\WINDOWS\\\\SysWOW64\\\\SearchProtocolHost.exe\\\\\" Global\\\\UsGthrFltPipeMssGthrPipe_S-1-5-21-2403180696-3858238681-2096967750-6209795_ Global\\\\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-2403180696-3858238681-2096967750-6209795 1 -2147483646 \\\\\"Software\\\\Microsoft\\\\Windows Search\\\\\" \\\\\"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)\\\\\" \\\\\"C:\\\\ProgramData\\\\Microsoft\\\\Search\\\\Data\\\\Temp\\\\usgthrsvc\\\\\" \\\\\"DownLevelDaemon\\\\\" \\\\\"1\\\\\"\\\",\\\"executable\\\":\\\"c:\\\\windows\\\\syswow64\\\\searchprotocolhost.exe\\\",\\\"start\\\":\\\"2023-05-21T17:36:17.000Z\\\",\\\"ElevationRequired\\\":false,\\\"hash\\\":{},\\\"pe\\\":{},\\\"code_signature\\\":{},\\\"HostedFile\\\":{\\\"hash\\\":{},\\\"pe\\\":{},\\\"Owner\\\":{},\\\"code_signature\\\":{}},\\\"user\\\":{\\\"id\\\":\\\"S-1-5-21-2403180696-3858238681-2096967750-62097\\\",\\\"name\\\":\\\"USERNAME\\\",\\\"domain\\\":\\\"CORPORATE\\\",\\\"DomainIdentifier\\\":\\\"S-1-5-21-2403180696-3858238681-2096967750\\\"},\\\"parent\\\":{\\\"pid\\\":9028,\\\"executable\\\":\\\"c:\\\\windows\\\\system32\\\\searchindexer.exe\\\"}},\\\"related\\\":{\\\"ip\\\":[],\\\"user\\\":[\\\"USERNAME\\\"],\\\"hash\\\":[\\\"A0CC880EAE49B57950030E0087659F73A72954DA\\\",\\\"0975F875F8BB02DEAB42AE147B279DBD3BE1EA68B1F5A976626188684C48D437\\\",\\\"0EEF77A658FC5AF46C0B77475F44D84C\\\"],\\\"hosts\\\":[\\\"HOSTNAME\\\"]},\\\"user\\\":{\\\"id\\\":\\\"S-1-5-21-2403180696-3858238681-2096967750-62097\\\",\\\"name\\\":\\\"USERNAME\\\",\\\"domain\\\":\\\"CORPORATE\\\",\\\"DomainIdentifier\\\":\\\"S-1-5-21-2403180696-3858238681-2096967750\\\",\\\"DomainNetBIOSName\\\":\\\"CORPORATE\\\"},\\\"EPMWinMac\\\":{\\\"SchemaVersion\\\":\\\"4.4.0\\\",\\\"GroupId\\\":\\\"3194d832-0076-407d-9329-787754bf6819\\\",\\\"TenantId\\\":\\\"d6c6c603-ca19-4fbe-84c8-12241f342df6\\\",\\\"ActiveX\\\":{},\\\"AuthorizationRequest\\\":{},\\\"AuthorizingUser\\\":{},\\\"COM\\\":{},\\\"Configuration\\\":{\\\"Identifier\\\":\\\"e80c31eb-f7b2-4a8a-834c-538f3f11d4bb\\\",\\\"RevisionNumber\\\":\\\"101\\\",\\\"Application\\\":{\\\"Type\\\":\\\"exe\\\",\\\"Description\\\":\\\"WindowsSearch\\\"},\\\"ApplicationGroup\\\":{\\\"Name\\\":\\\"Add Admin - All Users (Windows Functions)\\\",\\\"Description\\\":\\\"Admin OS Functions required by all users\\\",\\\"Identifier\\\":\\\"9b74e2aa-450a-495d-ba72-cdcf9e52fc9e\\\"},\\\"Message\\\":{\\\"AuthMethods\\\":[],\\\"Authorization\\\":{},\\\"Authentication\\\":{}},\\\"Rule\\\":{\\\"Identifier\\\":\\\"a84b97a7-db2e-4eb3-acb4-08276664978e\\\",\\\"OnDemand\\\":false},\\\"RuleScript\\\":{\\\"Outcome\\\":{\\\"RuleAffected\\\":false}},\\\"Token\\\":{\\\"Name\\\":\\\"Add Full Admin (Required for Installers)\\\",\\\"Identifier\\\":\\\"f30a3824-27af-4d69-9125-c78e44764ac1\\\"},\\\"Workstyle\\\":{\\\"Name\\\":\\\"All Users\\\",\\\"Description\\\":\\\"Default set of rules that apply to all users\\\",\\\"Identifier\\\":\\\"4e0b71b9-0e4e-4dba-bd65-243f7aa574bc\\\"}},\\\"Event\\\":{\\\"Type\\\":\\\"Process\\\",\\\"Action\\\":\\\"Elevated\\\"},\\\"Installer\\\":{},\\\"PrivilegedGroup\\\":{},\\\"RemotePowerShell\\\":{},\\\"ServiceControl\\\":{\\\"Service\\\":{}},\\\"Session\\\":{},\\\"StoreApp\\\":{},\\\"TrustedApplication\\\":{}}}\""},"group":{},"tags":["AgentEventAudit"],"host":{"DomainNetBIOSName":"CORPORATE","ip":[],"domain":"corporate.datacard.com","name":"HOSTNAME","geo":{},"os":{"type":"windows"},"NetBIOSName":"HOSTNAME","DomainIdentifier":"S-1-5-21-2403180696-3858238681-2096967750","hostname":"HOSTNAME"},"related":{"user":["USERNAME"],"hosts":["HOSTNAME"],"hash":["A0CC880EAE49B57950030E0087659F73A72954DA","0975F875F8BB02DEAB42AE147B279DBD3BE1EA68B1F5A976626188684C48D437","0EEF77A658FC5AF46C0B77475F44D84C"],"ip":[]},"headers":{"content_type":"application/json; charset=utf-8","http_version":"HTTP/1.1","http_host":"pmc-infra-logstash:9611","http_user_agent":null,"request_method":"POST","request_path":"/","content_length":"62268","http_accept":null},"dll":{"pe":{}},"client":{},"@timestamp":"2023-05-21T17:36:17.000Z","file":{"path":"c:\\windows\\syswow64\\searchprotocolhost.exe","DriveType":"Fixed Disk","owner":"TrustedInstaller","Bundle":{},"ProductVersion":"7.0.19041.2673","hash":{"sha256":"0975F875F8BB02DEAB42AE147B279DBD3BE1EA68B1F5A976626188684C48D437","sha1":"A0CC880EAE49B57950030E0087659F73A72954DA","md5":"0EEF77A658FC5AF46C0B77475F44D84C"},"Owner":{"Name":"TrustedInstaller","DomainNetBIOSName":"NT SERVICE","Identifier":"S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464","DomainIdentifier":"S-1-5-80","DomainName":"NT SERVICE"},"code_signature":{"subject_name":"Microsoft Windows"},"pe":{"file_version":"7.0.19041.2673 (WinBuild.160101.0800)","description":"Microsoft Windows Search Protocol Host","product":"Windows® Search"}},"process":{"user":{"id":"S-1-5-21-2403180696-3858238681-2096967750-62097","DomainIdentifier":"S-1-5-21-2403180696-3858238681-2096967750","domain":"CORPORATE","name":"USERNAME"},"HostedFile":{"hash":{},"Owner":{},"code_signature":{},"pe":{}},"ElevationRequired":false,"command_line":"\"C:\\WINDOWS\\SysWOW64\\SearchProtocolHost.exe\" Global\\UsGthrFltPipeMssGthrPipe_S-1-5-21-2403180696-3858238681-2096967750-6209795_ Global\\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-2403180696-3858238681-2096967750-6209795 1 -2147483646 \"Software\\Microsoft\\Windows Search\" \"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)\" \"C:\\ProgramData\\Microsoft\\Search\\Data\\Temp\\usgthrsvc\" \"DownLevelDaemon\" \"1\"","start":"2023-05-21T17:36:17.000Z","code_signature":{},"entity_id":"a251e415-32be-4a34-ba4f-1123136a31a9","executable":"c:\\windows\\syswow64\\searchprotocolhost.exe","parent":{"pid":9028,"executable":"c:\\windows\\system32\\searchindexer.exe"},"hash":{},"pid":644,"pe":{}}}
Sample log line truncated due to length of sample
Sample Parsing¶
additional.fields.action_id = "f088ea47-c302-4733-bb73-5ded2eac8bfd"
additional.fields.action_name = "BT.EventGateway.Controllers.AuditEventController.Post (EventGateway)"
additional.fields.application_description = "WindowsSearch"
additional.fields.application_type = "exe"
additional.fields.applicationgroup_name = "Add Admin - All Users (Windows Functions)"
additional.fields.applicationgroup_description = "Admin OS Functions required by all users"
additional.fields.applicationgroup_id = "9b74e2aa-450a-495d-ba72-cdcf9e52fc9e"
additional.fields.configuration_id = "e80c31eb-f7b2-4a8a-834c-538f3f11d4bb"
additional.fields.revision_number = 101"
additional.fields.token_id = "f30a3824-27af-4d69-9125-c78e44764ac1"
additional.fields.token_name = "Add Full Admin (Required for Installers)"
additional.fields.workstyle_name = "All Users"
additional.fields.workstyle_description = "Default set of rules that apply to all users"
additional.fields.workstyle_id = "4e0b71b9-0e4e-4dba-bd65-243f7aa574bc"
additional.fields.connection_id = "0HMQL3243CSMK"
additional.fields.group_id = "3194d832-0076-407d-9329-787754bf6819"
additional.fields.request_path = "/events/v1/audit"
additional.fields.salesforce_id = "001f400000mXd3nAAC"
additional.fields.schema_version = "4.4.0"
additional.fields.service_name = "EventGateway"
additional.fields.tenant_id = "d6c6c603-ca19-4fbe-84c8-12241f342df6"
additional.fields.thread_id = "13"
principal.user.windows_sid = "S-1-5-21-2403180696-3858238681-2096967750"
principal.domain.name = "CORPORATE"
principal.hostname = "HOSTNAME"
principal.user.user_display_name = "USERNAME"
Rules¶
Coming Soon