Event Mappings

An event mapping is an association between an event ID and category combination and a QID record (referred to as an event categorization). Event ID and category values are extracted by DSMs from events and are then used to look up the mapped event categorization, or QID.

This table shows the high-level and low-level categories that are associated with each event.

Event Name	High-Level Category	Low-Level Category
Access restriction created	Audit	Create Activity Attempted
Access restriction deleted	Audit	Delete Activity Attempted
Access restriction updated	Audit	Update Activity Attempted
Agent clone activated	Audit	General Audit Event
Agent cloned detected	Audit	General Audit Event
Agent cloned detected	Audit	General Audit Event
Agent compatibility check report updated	Audit	General Audit Event
Agent compatibility report updated	Audit	Update Activity Succeeded
Agent disconnected	Audit	General Audit Event
Agent existing IP tables uploaded	Audit	General Audit Event
Agent fetched policy	System	Host-Policy Created
Agent firewall tampered	Suspicious Activity	Content Modified By Firewall
Agent interactive users updated	Audit	Update Activity Succeeded
Agent interfaces updated	Audit	General Audit Event
Agent machine identifiers updated	Audit	General Audit Event
Agent missed heartbeats	Audit	General Audit Event
Agent paired	Audit	General Audit Event
Agent properties updated	Audit	General Audit Event
Agent refreshed token	Audit	General Audit Event
Agent reported a service not running	Audit	General Audit Event
Agent request upgraded	Audit	General Audit Event
Agent service report updated	Audit	General Audit Event
Agent support report request created	Audit	General Audit Event
Agent support report request deleted	Audit	General Audit Event
Agent support report request updated	Audit	General Audit Event
Agent support report uploaded	Audit	General Audit Event
Agent suspended	Audit	General Audit Event
Agent unpaired	Audit	General Audit Event
Agent unsuspended	Audit	General Audit Event
Agent updated existing containers	Audit	Update Activity Succeeded
Agent updated existing iptables href	Audit	General Audit Event
Agent uploaded dev-alert logs	Audit	General Audit Event
Agent uploaded ops-alert logs	Audit	General Audit Event
Agents marked offline	Audit	General Audit Event
Agents unpaired	Audit	General Audit Event
API key created	Audit	General Audit Event
API key deleted	Audit	General Audit Event
API key updated	Audit	General Audit Event
API request authentication failed	Access	Unauthorized Access Attempt
API request authorization failed	Access	Unauthorized Access Attempt
API request failed due to internal server error	Audit	General Audit Event
API request failed due to unavailable service	Audit	General Audit Event
API request failed due to unknown server error	Audit	General Audit Event
Auth token returned for user authentication on PCE	Authentication	User Login Attempt
Authentication settings updated	Audit	General Audit Event
Blocked traffic event deleted	Audit	General Audit Event
Clear VEN authentication recovery condition	System	Daemon
Cleared a condition from a list of NetworkEnforcementNodes	Audit	Delete Activity Attempted
Computed policy for unmanaged workloads	System	Daemon
Condition cleared from a list of VENs	Audit	Delete Activity Attempted
Container cluster created	Audit	Create Activity Succeeded
Container cluster deleted	Audit	Delete Activity Succeeded
Container cluster label mappings updated all at once	Audit	Update Activity Attempted
Container cluster services provisioned	System	Daemon
Container cluster services updated from Kubelink	Audit	Create Activity Succeeded
Container cluster updated	Audit	Update Activity Succeeded
Container workload profile created	Audit	Create Activity Succeeded
Container workload profile deleted	Audit	Delete Activity Succeeded
Container workload profile updated	Audit	Update Activity Succeeded
Container workload updated	Audit	General Audit Event
Corporate ips setting updated	Audit	Update Activity Attempted
Creation of support report requested	Audit	General Audit Event
DB temp table cleanup completed	Audit	General Audit Event
DB temp table cleanup started	Audit	General Audit Event
Default VEN software version set	Audit	Update Activity Attempted
Deleted old cached perspectives	System	Daemon
Domain created	Audit	General Audit Event
Domain deleted	Audit	General Audit Event
Domain updated	Audit	General Audit Event
Enforcement boundary deleted	Audit	Delete Activity Succeeded
Enforcement boundary updated	Audit	Update Activity Succeeded
Enforcement instruction applied to a network device	Audit	General Audit Event
Enforcement instructions applied to multiple network devices	Audit	General Audit Event
Event pruning completed	Audit	General Audit Event
Event settings updated	Audit	Update Activity Succeeded
Event settings updated	Audit	Update Activity Succeeded
Existing or new unmanaged workload assigned to a network device	Audit	General Audit Event
Explorer settings updated	Audit	Update Activity Attempted
First user created	Audit	General Audit Event
Flow Allowed	Flow	Misc flow
Flow Blocked	Flow	Misc flow
Flow Potentially Blocked	Flow	Misc flow
Flow Unknown	Flow	Misc flow
Generate a new cert for signing SAML AuthN requests	Audit	Create Activity Attempted
Generate maintenance token for any agent	Audit	Update Activity Attempted
Global policy settings updated	Audit	General Audit Event
Group created	Authentication	Group Added
Group updated	Authentication	Group Removed
Ignored interfaces list updated	Audit	General Audit Event
Interservice call to login service to create LDAP config	Audit	Create Activity Succeeded
Interservice call to login service to delete LDAP config	Audit	Delete Activity Succeeded
Interservice call to login service to update LDAP config	Audit	Update Activity Succeeded
Interservice call to login service to verify connection to the LDAP server	Audit	Configure Activity Succeeded
IP list created	Audit	General Audit Event
IP list deleted	Audit	General Audit Event
IP list updated	Audit	General Audit Event
IP lists deleted	Audit	Delete Activity Succeeded
IP tables rules created	Audit	General Audit Event
IP tables rules deleted	Audit	General Audit Event
IP tables rules updated	Audit	General Audit Event
Job deleted	Audit	Delete Activity Attempted
Label created	Audit	General Audit Event
Label deleted	Audit	General Audit Event
Label dimension created	Audit	Create Activity Attempted
Label dimension deleted	Audit	Delete Activity Attempted
Label dimension updated	Audit	Update Activity Attempted
Label group created	Audit	General Audit Event
Label group deleted	Audit	General Audit Event
Label group updated	Audit	General Audit Event
Label updated	Audit	General Audit Event
Labels deleted	Audit	Delete Activity Succeeded
LDAP configuration created	Audit	Create Activity Succeeded
LDAP configuration deleted	Audit	Delete Activity Succeeded
LDAP configuration updated	Audit	Update Activity Succeeded
LDAP server connection verified	Audit	Configure Activity Succeeded
License deleted	Audit	General Audit Event
License updated	Audit	General Audit Event
Local user password changed	Authentication	Password Change Succeeded
Local user profile created	Audit	General Audit Event
Local user profile deleted	Audit	General Audit Event
Local user reinvited	Audit	General Audit Event
Login Proxy Authentication settings updated	Authentication	Policy Change
Login Proxy Password policy updated	Authentication	Policy Change
Login Proxy RADIUS config shared secret verified	System	Successful Configuration Modification
Login Proxy RADIUS configuration deleted	Authentication	Policy Change
Login Proxy RADIUS configuration updated	Authentication	Policy Change
Login Proxy RADIUS configurations created	Audit	General Audit Event
Login Proxy SAML configuration updated	Authentication	Policy Change
Login Proxy User accepted invitation	System	Successful Configuration Modification
Login Proxy User invited	System	Successful Configuration Modification
Login Proxy User reset password	System	Successful Configuration Modification
Login Proxy User updated	System	Successful Configuration Modification
Login resource created	Audit	General Audit Event
Login resource deleted	Audit	General Audit Event
Login resource updated	Audit	General Audit Event
Login user authenticated	Authentication	General Authentication Successful
Login user password changed	Authentication	General Authentication Successful
Lost agent found	Audit	General Audit Event
Lost agent updated	Audit	General Audit Event
Network deleted	Application	Network Management
Network device created	Audit	General Audit Event
Network device deleted	Audit	General Audit Event
Network device updated	Audit	General Audit Event
Network endpoint created	Audit	General Audit Event
Network endpoint deleted	Audit	General Audit Event
Network endpoint updated	Audit	General Audit Event
Network enforcement node acknowledgment of policy	Audit	General Audit Event
Network enforcement node activated	Audit	General Audit Event
Network enforcement node deactivated	Audit	General Audit Event
Network enforcement node policy requested	Audit	General Audit Event
Network enforcement node reports when switches are not reachable	Audit	General Audit Event
Network function controller created	Audit	General Audit Event
Network function controller deleted	Application	Network Management
Network function controller policy status	Audit	General Audit Event
Network function controller policy status update	Audit	General Audit Event
Network function controller SLB state updated	Audit	General Audit Event
Network function controller virtual servers discovered	Audit	General Audit Event
Network updated	Application	Network Management
Networks created	Application	Network Management
Org created from JWT	Audit	General Audit Event
Organization created	Audit	Create Activity Succeeded
Organization information updated	Audit	General Audit Event
Organization setting updated	Audit	General Audit Event
Pairing profile created	Audit	General Audit Event
Pairing profile delete all pairing keys	Audit	Delete Activity Succeeded
Pairing profile deleted	Audit	General Audit Event
Pairing profile pairing key created	Audit	Create Activity Succeeded
Pairing profile pairing key generated	Audit	General Audit Event
Pairing profile pairing key generated	Audit	General Audit Event
Pairing profile updated	Audit	General Audit Event
Pairing profile updated	Audit	General Audit Event
Pairing profiles deleted	Audit	Delete Activity Succeeded
Pairing profiles deleted	Audit	Delete Activity Succeeded
Password policy created	Audit	General Audit Event
Password policy deleted	Audit	General Audit Event
Password policy updated	Audit	General Audit Event
PCE Application started	Audit	General Audit Event
PCE Application stopped	Audit	General Audit Event
PCE cluster created	Audit	General Audit Event
PCE cluster deleted	Audit	General Audit Event
PCE cluster updated	Audit	General Audit Event
PCE network interfaces reverted	Audit	General Audit Event
PCE software deleted	Audit	Delete Activity Succeeded
PCE support bundle request deleted	Audit	Delete Activity Attempted
PCE support bundle request generated	Audit	Create Activity Attempted
PCE syslog configuration update	Audit	Update Activity Succeeded
PCE system email tested	Audit	General Audit Event
PCE system network interfaces restarted	Audit	Update Activity Succeeded
PCE system restarted	Audit	General Audit Event
PCE system shutdown	Audit	General Audit Event
PCE system software upgraded	Audit	Update Activity Succeeded
PCE system software verified	Audit	General Audit Event
PCE system SSL/TLS certificates discarded	Audit	Update Activity Succeeded
PCE system SSL/TLS certificates uploaded	Audit	Update Activity Succeeded
PCE system web console password updated	Audit	Update Activity Succeeded
PCE system web email configuration updated	Audit	Update Activity Succeeded
Pending security policy deleted	Audit	Delete Activity Succeeded
RADIUS auth challenge issued	Audit	General Audit Event
RADIUS config shared secret verified	Audit	General Audit Event
RADIUS configuration deleted	Audit	General Audit Event
RADIUS configuration updated	Audit	General Audit Event
RADIUS configurations created	Audit	General Audit Event
Ran expired service account deletion task	System	Daemon
Ran service account expiry sweep task	System	Daemon
Ran SetServer sync task	System	Daemon
Ran task to check for offline endpoints	System	Daemon
Ran vacuum task for deactivated and deleted workloads	System	Daemon
RBAC Auth Security Principal created	Audit	General Audit Event
RBAC auth security principal deleted	Audit	General Audit Event
RBAC auth security principal updated	Audit	General Audit Event
RBAC permission created	Audit	General Audit Event
RBAC permission deleted	Audit	General Audit Event
RBAC permission updated	Audit	General Audit Event
RBAC security principal bulk deleted	Audit	General Audit Event
RBAC security principal bulk updated	Audit	General Audit Event
RBAC security principal created	Audit	General Audit Event
RBAC security principals bulk created	Audit	Create Activity Succeeded
Remote Syslog destination not reachable	Audit	Monitor Activity Failed
Remote Syslog destination reachable	Audit	Monitor Activity Succeeded
Rule set create	Audit	General Audit Event
Rule set deleted	Audit	General Audit Event
Rule set projected vulnerability exposure score updated	Audit	General Audit Event
Rule set updated	Audit	General Audit Event
Rule sets deleted	Audit	Delete Activity Succeeded
Rules for organization recalculated	Audit	General Audit Event
Running container updated	Audit	General Audit Event
SAML assertion destination services updated	Audit	General Audit Event
SAML configuration created	Audit	General Audit Event
SAML configuration deleted	Audit	General Audit Event
SAML configuration updated	Audit	General Audit Event
SAML Service Provider created	Audit	General Audit Event
SAML Service Provider deleted	Audit	General Audit Event
SAML Service Provider updated	Audit	General Audit Event
Secure connect gateway deleted	Audit	General Audit Event
Secure connect gateway updated	Audit	General Audit Event
SecureConnect gateway created	Audit	General Audit Event
Security policies deleted	System	Host-Policy Deleted
Security policy created	Authentication	Policy Added
Security policy restored	Audit	General Audit Event
Security policy rules created	Audit	General Audit Event
Security policy rules deleted	Audit	General Audit Event
Security policy rules updated	Audit	General Audit Event
Server load balancer created	Audit	General Audit Event
Server load balancer deleted	Audit	General Audit Event
Server load balancer updated	Audit	General Audit Event
Service account created	Authentication	Computer Account Added
Service account deleted	Authentication	Computer Account Removed
Service account updated	Authentication	Computer Account Changed
Service binding created	Audit	General Audit Event
Service binding deleted	Audit	General Audit Event
Service bindings created	Audit	General Audit Event
Service bindings deleted	Audit	Delete Activity Succeeded
Service created	System	Service Started
Service deleted	System	Service Stopped
Service updated	Audit	Update Activity Succeeded
Services deleted	Audit	General Audit Event
SSL/TLS certificates applied	Audit	General Audit Event
Stale zone subnets removed	System	Daemon
Success or Failure to apply policy on VEN	Audit	Update Activity Attempted
Support report uploaded	Audit	General Audit Event
Syslog destination created	Audit	General Audit Event
Syslog destination deleted	Audit	General Audit Event
Syslog destination updated	Audit	General Audit Event
Syslog remote destination created	Audit	Create Activity Succeeded
Syslog remote destination deleted	Audit	Delete Activity Succeeded
Syslog remote destination updated	Audit	Update Activity Succeeded
System administrator deleted	Audit	General Audit Event
System administrators created	Audit	General Audit Event
TLS channel established	Audit	General Audit Event
TLS channel terminated	Audit	General Audit Event
Traffic collector setting created	Audit	Create Activity Succeeded
Traffic collector setting deleted	Audit	Delete Activity Succeeded
Traffic collector setting updated	Audit	Update Activity Succeeded
Trusted proxy IPs created or updated	Audit	Update Activity Attempted
Updated the target PCE of the network enforcement node	Audit	Update Activity Attempted
Upgrade started	Audit	General Audit Event
User authenticated	Authentication	General Authentication Successful
User created	Audit	General Audit Even
User deleted	Audit	General Audit Event
User entered expired password	Audit	General Audit Event
User failed authentication	Authentication	General Authentication Failed
User failed authorization	Access	Misc Authorization
User information updated	Audit	General Audit Event
User invitation accepted	Audit	General Audit Event
User invited	Access	Access Permitted
User local password updated	Audit	Update Activity Succeeded
User local profile created	Audit	Create Activity Succeeded
User local profile deleted	Audit	Delete Activity Succeeded
User local profile reinvited	Audit	General Audit Event
User logged in	Authentication	User Login Success
User logged out	Authentication	Misc Logout
User login session terminated	Access	Session Terminated
User logout from JWT	Audit	General Audit Event
User password reset	Authentication	Password Change Succeeded
User password updated	Audit	General Audit Event
User session created	Authentication	User Login Success
User session terminated	Audit	General Audit Event
User Sign in	Authentication	User Login Success
User Sign out	Authentication	General Authentication Successful
User verified MFA	Authentication	User Login Success
VEN missing heartbeat after upgrade	System	Daemon
VEN release created	Audit	General Audit Event
VEN release deleted	Audit	General Audit Event
VEN release deployed	Audit	General Audit Event
VEN release updated	Audit	General Audit Event
VEN self signed certificate housekeeping check	System	Daemon
VEN settings invalidation error state check	System	Daemon
VEN settings updated	Audit	Update Activity Attempted
VEN software release created	Audit	Create Activity Succeeded
VEN software release deleted	Audit	Delete Activity Succeeded
VEN software release deployed	Audit	Deploy Activity Succeeded
VEN software release updated	Audit	Update Activity Succeeded
VEN software release upgraded	Audit	Update Activity Succeeded
VEN uninstall timeout	System	Daemon
Virtual server created	Audit	General Audit Event
Virtual server deleted	Audit	General Audit Event
Virtual server updated	Audit	General Audit Event
Virtual service bulk created	Audit	General Audit Event
Virtual service bulk updated	Audit	General Audit Event
Virtual Service created	Audit	General Audit Event
Virtual Service Deleted	Audit	General Audit Event
Virtual Service Updated	Audit	General Audit Event
Virtual services created in bulk	Audit	Create Activity Succeeded
Virtual services updated in bulk	Audit	Update Activity Succeeded
Vulnerability record created	Audit	Create Activity Succeeded
Vulnerability record deleted	Audit	General Audit Event
Vulnerability record updated	Audit	General Audit Event
Vulnerability report deleted	Audit	General Audit Event
Vulnerability report updated	Audit	General Audit Event
Workload added to network endpoint	Audit	General Audit Event
Workload apply pending policy	Audit	General Audit Event
Workload bulk deleted	Audit	General Audit Event
Workload bulk updated	Audit	General Audit Event
Workload created	Audit	General Audit Event
Workload deleted	Audit	General Audit Event
Workload flow reporting frequency changed	Audit	General Audit Event
Workload interface created	Audit	General Audit Event
Workload interface deleted	Audit	General Audit Event
Workload interface network created	Audit	General Audit Event
Workload interface updated	Audit	General Audit Event
Workload interfaces created	Audit	General Audit Event
Workload interfaces updated	Audit	General Audit Event
Workload labels applied	Audit	General Audit Event
Workload network redetected	Audit	General Audit Event
Workload policy recalculated	Audit	General Audit Event
Workload queried	Audit	General Audit Event
Workload service report updated	Audit	General Audit Event
Workload service reports updated	Audit	General Audit Event
Workload settings updated	Audit	Update Activity Succeeded
Workload soft deleted	Audit	General Audit Event
Workload undeleted	Audit	General Audit Event
Workload upgraded	Audit	General Audit Event
Workload was powered on or rejoined network	Audit	General Audit Event
Workloads bulk created	Audit	General Audit Event
Workloads created in bulk	Audit	Create Activity Succeeded
Workloads deleted in bulk	Audit	Delete Activity Succeeded
Workloads labels removed	Audit	Delete Activity Succeeded
Workloads policies applied	Audit	General Audit Event
Workloads unpaired	Audit	General Audit Event
Workloads updated	Audit	Update Activity Succeeded
Workloads updated in bulk	Audit	Update Activity Succeeded

Integrations

Event Mappings

Search results