Censys · Schema
AuditLogEvent
AuditLogEvent schema from Censys Platform API
SecurityInternet IntelligenceAttack Surface ManagementThreat HuntingCyber Threat IntelligenceOSINTInternet ScanningCertificatesAsset Discovery
Properties
| Name | Type | Description |
|---|---|---|
| actor | object | Information about the entity that performed the action. |
| authentication_method | string | The method used by the actor to authenticate before performing the action. |
| event_type | string | The type of action that was audited. |
| metadata | object | Event-specific metadata. Contents vary by event type. |
| source | string | Where the audited action originated from. |
| source_ip | string | The IP address of the source of the audited action. |
| subject | object | Information about the resource that was affected by the audited action. |
| timestamp | string | The timestamp of the audit log event. |
| user_agent | string | The user agent of the source of the audited action. |
JSON Schema
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://raw.githubusercontent.com/api-evangelist/censys/refs/heads/main/json-schema/platform-auditlogevent-schema.json",
"title": "AuditLogEvent",
"description": "AuditLogEvent schema from Censys Platform API",
"type": "object",
"properties": {
"actor": {
"$ref": "#/components/schemas/ActorInfo",
"description": "Information about the entity that performed the action."
},
"authentication_method": {
"description": "The method used by the actor to authenticate before performing the action.",
"type": "string"
},
"event_type": {
"description": "The type of action that was audited.",
"enum": [
"user_created",
"user_login",
"user_login_failed",
"user_password_changed",
"user_password_reset",
"user_mfa_changed",
"user_settings_changed",
"user_enabled",
"user_disabled",
"invitation_created",
"invitation_resent",
"invitation_accepted",
"invitation_deleted",
"membership_created",
"membership_updated",
"membership_removed",
"org_created",
"org_updated",
"org_deleted",
"saml_config_created",
"saml_config_updated",
"saml_config_deleted",
"saml_config_domain_verified",
"pat_created",
"pat_deleted",
"global_data_search_executed",
"global_data_lookup_executed",
"global_data_aggregation_executed",
"asm_seed_created",
"asm_seed_deleted",
"asm_exclude_created",
"asm_exclude_deleted",
"asm_risk_instance_severity_changed",
"asm_risk_instance_accepted",
"asm_risk_instance_unaccepted",
"asm_risk_type_severity_changed",
"asm_risk_type_enabled",
"asm_risk_type_disabled",
"asm_risk_type_default_enabled",
"tag_created",
"tag_updated",
"tag_deleted",
"tag_assigned",
"tag_unassigned",
"tag_bulk_operation_started",
"tag_bulk_operation_completed",
"tag_bulk_operation_cancelled",
"comment_created",
"comment_updated",
"comment_deleted"
],
"type": "string"
},
"metadata": {
"additionalProperties": {},
"description": "Event-specific metadata. Contents vary by event type.",
"type": "object"
},
"source": {
"description": "Where the audited action originated from.",
"type": "string"
},
"source_ip": {
"description": "The IP address of the source of the audited action.",
"type": "string"
},
"subject": {
"$ref": "#/components/schemas/SubjectInfo",
"description": "Information about the resource that was affected by the audited action."
},
"timestamp": {
"description": "The timestamp of the audit log event.",
"format": "date-time",
"type": "string"
},
"user_agent": {
"description": "The user agent of the source of the audited action.",
"type": "string"
}
},
"required": [
"timestamp",
"event_type",
"actor",
"subject"
],
"additionalProperties": false
}