Deprecation notice: The /audit
endpoint has been deprecated and replaced by Immuta Detect.
Generate your API key on the API Keys tab on your profile page and save the API key somewhere secure.
You will pass this API key in the authorization header when you make a request, as illustrated in the example below:
Download your audit logs using the GET /audit
endpoint. To filter or sort the audit logs, use the query parameters on the /audit
endpoint API reference page. For example, the request below saves 50 audit logs for https://your-immuta-url.immuta.com
in the file audit-logs-file.json
, with the audit records sorted by time in descending order.
Deprecation notice: The /audit
endpoint has been deprecated and replaced by Immuta Detect.
All activity in Immuta is audited. This process provides rich audit logs that detail who subscribes to each data source, why they subscribe, when they access data, what SQL queries and blob fetches they run, and which files they access. Audit logs can be used for a number of intentions, including insider threat surveillance and data access monitoring for billing purposes. Audit logs can also be shipped to your enterprise auditing capability.
Best practices: Store audit records outside of Immuta in order to retain the audits long term.
By default, Immuta stores most audit records for 60 days. The following audit record types do not expire after 60 days:
blobFetch
dataSourceSubscription
globalPolicyApproved
globalPolicyApprovalRescinded
globalPolicyChangeRequested
globalPolicyConflictResolved
globalPolicyCreate
globalPolicyDelete
globalPolicyDisabled
globalPolicyUpdate
nativeQuery
policyExemption
policyHandlerCreate
policyHandlerUpdate
prestoQuery
spark
sqlQuery
Immuta writes all logs to stdout
in Kubernetes. Users will get all logs here, but should use the Common Message Types to parse for specifics.
When running Immuta on Docker-based installations, all logs from the Immuta Docker containers will be sent to the Docker log driver.
The Immuta log file will contain messages that are one-line JSON, as described in Log Formats.
Logs messages from the Immuta platform typically will be one line JSON and contain all of the common JSON properties. Depending on the message type, more JSON properties may be present. See Common Message Types for more details.
level: This is a string representation of the log level. Acceptable values are "debug", "info", "warning", "error", and "audit".
timestamp: This is a timestamp for when the message occurred. The timestamp format is YYYY-MM-DDTHH:mm:ss.sssZ
(ISO 8601).
message: This is the log message, which may be used to determine common message types.
Generally, any query that causes multiple background queries will have an audit record created for each. The audited plan should be different, however, for each record. For example, subqueries will generate two audit records: one for the subquery and one for the outer query.
Immuta does not audit any notebook cells that don’t query data.
Each audit message from the Immuta platform will be a one-line JSON object containing the common JSON properties and the Audit JSON properties. Depending on the recordType
, an audit message may contain additional data.
In order to discover audit messages using your analysis tool, you may search the object using the criteria below:
level: "audit"
message: "Audit - *
dateTime:
description: The timestamp for when the record was created. This may be an ISO-8601 timestamp string or a ms since epoch timestamp.
type: integer or string
example: 1504188066580
or "2017-08-31T14:01:15.607Z"
component:
description: The Immuta component that generated this record. Possible values are "console"
, "featureStore"
, "dataSource"
, "bim"
, "audit"
, "script"
, "policy"
, "project"
, "plugin"
, and "governance"
.
type: string
instanceId:
description: The instance ID of the component generating this record.
type: string
profileId:
description: The profile ID of the user generating the action.
type: integer
userId:
description: The user ID of the user generating the action.
type: string, null
sqlUser:
description: The database account generating the action.
type: string
dataAccess:
description: Describes access to an individual blob or a query that may grant access to multiple blobs.
type: object
sessionId:
description: If this record is generated in response to a user action and if that user's session ID is known, record that session ID here.
type : string
dataSource:
description: If the record creation is associated with a data source, the data source name should be recorded here.
type: string, null
dataSourceId:
description: If the record creation is associated with a data source, the data source ID should be recorded here.
type: integer, null
projectName:
description: If the record creation is associated with a project, the project name should be recorded here.
type: string, null
projectId:
description: If the record creation is associated with a project, the project ID should be recorded here.
type: integer, null
purposeIds:
description: If the action being taken by the user involves data and is happening for a specific person, the purpose IDs should be recorded here.
type: array[integer], null
success:
description: Denotes whether the action being audited was successful.
type: boolean
failureReason:
description: Describes the reason that this audit event failed. Possible values are "systemError"
, "insufficientAuthorizations"
, "insufficientPermissions"
, and "userError"
.
type: string
failureDetails:
description: If the audit event failed, details can be provided in this free text field to examine later.
type: string or object
recordType:
description: The type of audit event being captured. This also corresponds to the additional information in the record field. Possible values are "auditQuery"
, "blobVisibility"
, "blobFetch"
, "blobIndex"
, "blobDelete"
, "blobCatalogFetch"
, "blobCatalogFetchDate"
, "blobUpdateFeatures"
, "blobUpdateTags"
, "createQuery"
, "modifyQuery"
, "consoleDataSourceView"
, "sqlAccess"
, "sqlCreateUser"
, "sqlDeleteUser"
, "sqlResetPassword"
, "featureList"
, "sqlQuery"
, "dataSourceCreate"
, "dataSourceDelete"
, "dataSourceSave"
, "dataSourceGet"
, "dataSourceListMine"
, "dataSourceGetTags"
, "dataSourceSubscription"
, "dataSourceGetUsers"
, "dataSourceTest"
, "dictionaryCreate"
, "dictionaryDelete"
, "dictionaryUpdate"
, "projectCreate"
, "projectUpdate"
, "projectDelete"
, "addToProject"
, "removeFromProject"
, "acknowledgePurposes"
, "userVisibilities"
, "accessUser"
, "accessGroup"
, "searchAuthorizations"
, "apiKey"
, "scriptCopy"
, "scriptSave"
, "scriptGet"
, "scriptGetForks"
, "scriptGetVersions"
, "scriptVersionGet"
, "scriptUpdate"
, "scriptDelete"
, "scriptVersionDelete"
,"scriptVersionUpdate"
, "scriptDataSourceGet"
, "scriptDataSourceUpdate"
, "scriptSaveContent"
, "scriptGetContent"
, "userKernelCreate"
, "userKernelUpdate"
, "userKernelDelete"
, "querySampleData"
, "authenticate"
, "checkPendingRequest"
, "policyExemption"
, "governanceUpdate"
, "purposeCreate"
, "purposeUpdate"
, and "purposeDelete"
.
type: string
record:
description: The component-defined type of record. For example, it could be something like 'data source access request'.
type: object
extra:
description: A JSON object representing the additional information to be logged/audited.
type: object
API Key Object
keyIamId:
description: The IAM ID for the user who owns the API key accessed.
type: string
keyId:
description: The API key ID.
type: integer
keyUserId:
description: The user who owns the API key accessed.
type: string
keyAction:
description: Denotes how the specified user was accessed. Possible values are "get"
and "delete"
.
type: string
Data Access Object
accessType:
description: Indicates whether access was granted to an individual blob or if this was a query potentially encompassing many blobs. Possible values are "blob"
and "query"
.
type: string
blobId:
description: If accessType==blob, this is the blobId.
visibility:
description: If the accessType==blob, this is the visibility. If the accessType==query, this is an array of the visibilities the user had when querying.
type: object, array
query:
description: If the accessType==blob, this is not present. If the accessType==query, this is the query.
type: string
dataSourceTableName:
description: The data source table name queried in the audit record.
type: string
Blob Fetch Object
blobSize:
description: The size (in bytes) of the blob being fetched.
type: integer
Blob Visibility Object
newVisibility:
description: This is the new visibility for the blob.
type: object
SQL Access Object
action:
description: Denotes whether access was granted or revoked. Possible values are "revoked"
and "granted"
.
type: string
sqlUser:
description: The username of the user whose access is being manipulated.
type: string
SQL Create User Object
sqlUser:
description: The username of the user whose access is being manipulated.
type: string
Data Source Subscription Object
dataSourceSubscriptionState:
description: If the record type is dataSourceSubscription
, this field must be present and indicate the state to which the record was changed (dataSources.length must be 1 in this case). Possible values are "denied"
, "subscribed"
, "expert"
, "owner"
, "ingest"
, and "unsubscribed"
.
type: string
accessedId:
description: The user identifier of the user who is being acted upon.
type: integer
accessedIdType:
description: Type of user being acted upon. Possible values are "user"
and "group"
.
type: string
Data Source Delete Object
hardDelete:
description: Denotes whether this was a hard delete.
type: boolean
Access User Object
accessedUserId:
description: The user being accessed.
type: string
accessedIamId:
description: The IAM ID for the user being accessed.
type: string
accessType:
description: Denotes how the specified user was accessed. Possible values are "update"
, "get"
, "search"
, "create"
, "delete"
, "complete"
, "newToken"
, and "clone"
.
type: string
Access Group Object
accessedUserId:
description: The user being accessed.
type: string
accessedGroupId:
description: The group being accessed.
type: integer
groupAccessType:
description: Denotes how the specified group was accessed. Possible values are "update"
, "get"
, "search"
, "create"
, "delete"
, "addUser"
, and "removeUser"
.
type: string
groupIamId:
description: The IAM ID for the group being accessed.
type: string
Each error message response from the Immuta platform will be a one-line JSON object containing the common JSON properties and the error JSON properties below. Error message responses represent error responses that have been sent to clients.
NOTE: It is possible for a similar message referencing the same error to appear in the logs, as this log message represents only that an error response was sent to a client.
In order to discover error response message using your analysis tool, search the object using the criteria below:
message: Error Response Sent
id:
description: A unique ID assigned to each request.
type: string
method:
The HTTP method used for the request.
type: string
path:
description: This is the HTTP path used for the request.
type: string
query:
description: An object containing the parsed query string used for the query.
type: object
responseSentTime:
description: This is the duration from the time a request was received until the time that the server responded.
type: integer
responseTime:
description: This is the duration from the time a request was received until server post-processing.
type: integer
stack:
description: This is a string representation of a stack trace if one exists.
type: string
statusCode:
description: This is the HTTP status code that was sent to the client.
type: integer
Each request message response from the Immuta platform will be a one-line JSON object containing the common JSON properties and the error JSON properties below. Request message responses represent responses that have been sent to clients.
In order to discover request response messages using your analysis tool, search the object using the criteria below:
message: Response Sent
id:
description: A unique ID assigned to each request.
type: string
method:
The HTTP method used for the request.
type: string
path:
description: This is the HTTP path used for the request.
type: string
query:
description: An object containing the parsed query string used for the query.
type: object
responseSentTime:
description: This is the duration from the time a request was received until the time that the server responded.
type: integer
responseTime:
description: This is the duration from the time a request was received until server post-processing.
type: integer
statusCode:
description: This is the HTTP status code that was sent to the client.
type: integer
Universal audit model (UAM) is Immuta's consistent structure for all Immuta system and user query audit logs. This reference guide maps the legacy audit events to the new UAM events and provides example schemas of all the UAM events available in Immuta.
Event: ApiKeyCreated
Legacy event: apiKey
Description: An audit event for when an API key is created on the Immuta app settings page or from an Immuta user's profile page.
Event: ApiKeyDeleted
Legacy event: apiKey
Description: An audit event for when an API key is deleted on the Immuta app settings page or from an Immuta user's profile page.
Event: AttributeApplied
Legacy events: accessUser
and accessGroup
Description: An audit event for an attribute applied to a group or user.
Additional parameter details: targetType
will specify whether the attribute was added to a USER
or GROUP
.
Event: AttributeRemoved
Legacy events: accessUser
and accessGroup
Description: An audit event for an attribute removed from a group or user.
Additional parameter details: targetType
will specify whether the attribute was removed from a USER
or GROUP
.
Event: ConfigurationUpdated
Legacy event: configurationUpdate
Description: An audit event for updates to the configuration on the Immuta app settings page.
Event: DatasourceAppliedToProject
Legacy event: addToProject
Description: An audit event for adding a data source to an Immuta project.
Event: DatasourceCatalogSynced
Legacy event: catalogUpdate
Description: An audit event for syncing an external catalog to tag Immuta data sources.
Event: DatasourceCreated
Legacy event: dataSourceCreate
Description: An audit event for registering a table as an Immuta data source.
Event: DatasourceDeleted
Legacy event: dataSourceDelete
Description: An audit event for deleting a data source in Immuta.
Event: DatasourceDisabled
Legacy event: None
Description: An audit event for disabling a data source in Immuta.
Event: DatasourceGlobalPolicyApplied
Legacy event: globalPolicyApplied
Description: An audit event for applying a global policy to a data source.
Event: DatasourceGlobalPolicyConflictResolved
Legacy event: globalPolicyConflictResolved
Description: An audit event for a global policy conflict being resolved on a data source.
Event: DatasourceGlobalPolicyDisabled
Legacy event: globalPolicyDisabled
Description: An audit event for a data owner disabling a global policy from their data source.
Event: DatasourceGlobalPolicyRemoved
Legacy event: globalPolicyRemoved
Description: An audit event for a data owner removing a global policy from their data source.
Event: DatasourcePolicyCertificationExpired
Legacy event: policyCertificationExpired
Description: An audit event for a global policy certification expiring on a data source.
Event: DatasourcePolicyCertified
Legacy event: globalPolicyCertify
Description: An audit event for a global policy being certified by a data owner for their data source.
Event: DatasourcePolicyDecertified
Legacy events: None
Description: An audit event for a global policy being decertified on a data source.
Event: DatasourceRemovedFromProject
Legacy event: removeFromProject
Description: An audit event for removing a data source from a project.
Event: DatasourceUpdated
Legacy events: dataSourceUpdate
and dataSourceSave
Description: An audit event for updating a data source with the new data source details.
Event: DomainCreated
Legacy event: collectionCreated
Description: An audit event for creating a domain.
Event: DomainDataSourcesUpdated
Legacy events: collectionDataSourceAdded
, collectionDataSourceRemoved
, and collectionDataSourceUpdated
Description: An audit event for updating a domain's data sources.
Additional parameter details: auditPayload.updateType will specify whether the data source was added to or removed from the domain.
Event: DomainDeleted
Legacy event: collectionDeleted
Description: An audit event for deleting a domain.
Event: DomainPermissionsUpdated
Legacy events: collectionPermissionGranted
and collectionPermissionRevoked
Description: An audit event for granting or revoking a user's domain-related permissions.
Additional parameter details: auditPayload.updateType will specify whether the permission was granted to or revoked from a user.
Event: DomainUpdated
Legacy event: collectionUpdated
Description: An audit event for updating an Immuta domain.
Event: GlobalPolicyApprovalRescinded
Legacy event: globalPolicyApprovalRescinded
Description: An audit event for a global policy approval rescinded in the approve to promote workflow.
Event: GlobalPolicyApproved
Legacy event: globalPolicyApproved
Description: An audit event for a global policy approved in the approve to promote workflow.
Event: GlobalPolicyChangeRequested
Legacy event: globalPolicyChangeRequested
Description: An audit event for requested edits on a global policy in the approve to promote workflow.
Event: GlobalPolicyCreated
Legacy event: globalPolicyCreate
Description: An audit event for creating a global policy.
Event: GlobalPolicyDeleted
Legacy event: globalPolicyDelete
Description: An audit event for deleting a global policy.
Event: GlobalPolicyPromoted
Legacy event: globalPolicyPromoted
Description: An audit event for when a global policy is fully approved and promoted to production in the approve to promote workflow.
Event: GlobalPolicyReviewRequested
Legacy event: globalPolicyReviewRequested
Description: An audit event for when a global policy is ready and requests a review in the approve to promote workflow.
Event: GlobalPolicyUpdated
Legacy event: globalPolicyUpdate
Description: An audit event for a global policy being updated with details about the policy.
Event: GroupCreated
Legacy event: accessGroup
Description: An audit event for a group created in Immuta.
Event: GroupDeleted
Legacy event: accessGroup
Description: An audit event for a group deleted in Immuta.
Event: GroupMemberAdded
Legacy event: accessGroup
Description: An audit event for a member added to a group in Immuta.
Event: GroupMemberRemoved
Legacy event: accessGroup
Description: An audit event for a group member removed from the group in Immuta.
Event: GroupUpdated
Legacy event: accessGroup
Description: An audit event for a group updated in Immuta.
Event: LicenseCreated
Legacy event: licenseCreate
Description: An audit event for creating an Immuta license.
Event: LicenseDeleted
Legacy event: licenseDelete
Description: An audit event for deleting an Immuta license.
Event: LocalPolicyCreated
Legacy event: policyHandlerCreate
Description: An audit event for creating a local policy for an Immuta data source.
Event: LocalPolicyUpdated
Legacy event: policyHandlerUpdate
Description: An audit event for updating a local policy on an Immuta data source.
Event: PermissionApplied
Legacy event: accessUser
Description: An audit event for a permission applied to an Immuta user.
Event: PermissionRemoved
Legacy event: accessUser
Description: An audit event for a permission removed from an Immuta user.
Event: PolicyAdjustmentCreated
Legacy event: policyAdjustmentCreate
Description: An audit event for creating a policy adjustment in an Immuta project.
Event: PolicyAdjustmentDeleted
Legacy event: policyAdjustmentDelete
Description: An audit event for deleting a policy adjustment in an Immuta project.
Event: ProjectCreated
Legacy event: projectCreate
Description: An audit event for creating a project in Immuta.
Event: ProjectDeleted
Legacy event: projectDelete
Description: An audit event for deleting a project in Immuta.
Event: ProjectDisabled
Legacy events: None
Description: An audit event for disabling a project in Immuta.
Event: ProjectPurposeApproved
Legacy event: projectPurposeApprove
Description: An audit event for approving a purpose for a project in Immuta.
Event: ProjectPurposeDenied
Legacy event: projectPurposeDeny
Description: An audit event for denying a purpose for a project in Immuta.
Event: ProjectPurposesAcknowledged
Legacy event: acknowledgePurposes
Description: An audit event for acknowledging a purpose for a project in Immuta.
Event: ProjectUpdated
Legacy event: projectPurposeDeny
Description: An audit event for updating a project in Immuta.
Event: PurposeDeleted
Legacy event: purposeDelete
Description: An audit event for deleting a purpose in Immuta.
Event: PurposeUpdated
Legacy event: purposeUpdate
Description: An audit event for updating a purpose in Immuta.
Event: PurposeUpserted
Legacy event: purposeCreate
Description: An audit event for creating a purpose in Immuta.
Event: SDDClassifierCreated
Legacy event: sddClassifierCreated
Description: An audit event for creating a sensitive data discovery (SDD) column name regex, regex, or dictionary identifier.
Additional parameter details:
auditPayload.config.columnNameRegex: For column name regex identifiers, the regex to match against column names.
auditPayload.config.values: For dictionary identifiers, the values within the dictionary to match against column values.
auditPayload.config.regex: For regex identifiers, the regex to match against column values.
Event: SDDClassifierDeleted
Legacy event: sddClassifierDeleted
Description: An audit event for deleting a sensitive data discovery (SDD) identifier.
Event: SDDClassifierUpdated
Legacy event: sddClassifierUpdated
Description: An audit event for updating a sensitive data discovery (SDD) column name regex, regex, or dictionary identifier.
Additional parameter details:
auditPayload.config.columnNameRegex: For column name regex identifiers, the regex to match against column names.
auditPayload.config.values: For dictionary identifiers, the values within the dictionary identifier to match against column values.
auditPayload.config.regex: For regex identifiers, the regex to match against column values.
Event: SDDDatasourceTagUpdated
Legacy event: sddDatasourceTagUpdate
Description: An audit event for the results from a sensitive data discovery (SDD) run that updates the tags on Immuta data sources.
Event: SDDTemplateApplied
Legacy event: sddTemplateApplied
Description: An audit event for applying an identification framework to data sources.
Event: SDDTemplateCloned
Legacy event: sddTemplateCreated
Description: An audit event for cloning an identification framework from another framework.
Event: SDDTemplateCreated
Legacy event: sddTemplateCreated
Description: An audit event for creating an identification framework.
Event: SDDTemplateDeleted
Legacy event: sddTemplateDeleted
Description: An audit event for deleting an identification framework.
Event: SDDTemplateUpdated
Legacy event: sddTemplateUpdated
Description: An audit event for updating an identification framework.
Event: SubscriptionCreated
Legacy events: dataSourceSubscription
and projectSubscription
Description: An audit event for subscribing a user to a data source or project.
Additional parameter details: auditPayload.modelType will specify whether the user was subscribed to a DATASOURCE
or PROJECT
.
Event: SubscriptionUpdated
Legacy events: dataSourceSubscription
and projectSubscription
Description: An audit event for removing a user's subscription to a data source or project.
Additional parameter details: auditPayload.modelType will specify whether the user's subscription was removed from a DATASOURCE
or PROJECT
.
Event: SubscriptionUpdated
Legacy events: dataSourceSubscription
and projectSubscription
Description: An audit event for a user's request to subscribe to a data source or project.
Additional parameter details: targets.model.type will specify whether the subscription was approved for a DATASOURCE
or PROJECT
.
Event: SubscriptionUpdated
Legacy events: dataSourceSubscription
and projectSubscription
Description: An audit event for denying a user's request to subscribe to a data source or project.
Additional parameter details: auditPayload.modelType will specify whether the user's subscription was denied for a DATASOURCE
or PROJECT
.
Event: SubscriptionRequested
Legacy events: dataSourceSubscription
and projectSubscription
Description: An audit event for a user requesting to subscribe to a data source or project.
Additional parameter details: auditPayload.modelType will specify whether the user requested to subscribe to a DATASOURCE
or PROJECT
.
Event: SubscriptionUpdated
Legacy events: dataSourceSubscription
and projectSubscription
Description: An audit event for a user subscribing to a data source or project.
Additional parameter details: targets.model.type will specify whether the subscription was updated on a DATASOURCE
or PROJECT
.
Event: TagApplied
Legacy event: tagAdded
Description: An audit event for applying a tag to an object in Immuta.
Event: TagCreated
Legacy event: tagCreated
Description: An audit event for creating a tag in Immuta.
Event: TagDeleted
Legacy event: tagDeleted
Description: An audit event for deleting a tag in Immuta.
Event: TagRemoved
Legacy event: tagRemoved
Description: An audit event for removing a tag from an object in Immuta.
Event: TagUpdated
Legacy event: tagUpdated
Description: An audit event for updating a tag in Immuta.
Event: UserAuthenticated
Legacy event: authenticate
Description: An audit event for a user authenticating in Immuta.
Additional parameter details: authenticationMethod
possible values include
OAuth
: The user authenticated using the 3rd party authentication OAuth.
OpenId
: The user authenticated using the 3rd party authentication OpenId.
SAML
: The user authenticated using the 3rd party authentication SAML.
apiKey
: The user authenticated or impersonated using an API key.
password
: The user authenticated with username and password.
Event: UserCloned
Legacy event: accessUser
Description: An audit event for creating a new user in Immuta by cloning an existing user.
Event: UserCreated
Legacy event: accessUser
Description: An audit event for creating a new user in Immuta.
Event: UserDeleted
Legacy event: accessUser
Description: An audit event for deleting a user in Immuta.
Event: UserLogout
Legacy events: None
Description: An audit event for a user logging out of Immuta.
Additional parameter details:
authenticationMethod
possible values include
OAuth
: The user authenticated using the 3rd party authentication OAuth.
OpenId
: The user authenticated using the 3rd party authentication OpenId.
SAML
: The user authenticated using the 3rd party authentication SAML.
apiKey
: The user authenticated or impersonated using an API key.
password
: The user authenticated with username and password.
logoutReason
possible values include
EXPIRATION
: The user was logged out because the token expired.
IDP_INITIATED
: The IdP initiated the logout.
USER_LOGOUT_TRIGGERED
: The user manually logged out.
Event: UserOneTimeTokenCreated
Legacy event: accessUser
Description: An audit event for creating a single use login token for a user.
Event: UserPasswordUpdated
Legacy event: accessUser
Description: An audit event for updating a user's Immuta password.
Event: UserUpdated
Legacy event: externalUserIdChanged
Description: An audit event for updating user details in Immuta.
Event: WebhookCreated
Legacy event: webhookCreate
Description: An audit event for creating an Immuta webhook.
Event: WebhookDeleted
Legacy event: webhookDelete
Description: An audit event for deleting an Immuta webhook.
blobDelete
blobFetch
blobIndex
blobUpdateFeatures
blobUpdateTags
blobVisibility
checkPendingRequest
dataSourceExpired
dataSourceTestQuery
dictionaryCreate
dictionaryDelete
dictionaryUpdate
driverUpload
featureList
governanceUpdate
policyExemption
policyExport
policyImport
queryDebugRequest
sqlAccess
sqlCreateUser
sqlDeleteUser
sqlResetPassword
sqlQuery
To learn more about Immuta's audit, see the .
Legacy event | UAM event | Description |
---|
| An audit event for managing a group. |
| An audit event for managing a user. |
| An audit event for acknowledging a purpose for a project in Immuta. |
| An audit event for adding a data source to an Immuta project. |
| An audit event for when an API key is created or deleted on the Immuta app settings page or from an Immuta user's profile page. |
| An audit event for a user authenticating in Immuta. |
- | An audit event for a user logging out of Immuta. |
| An audit event for syncing an external catalog to tag Immuta data sources. |
| An audit event for updates to the configuration on the Immuta app settings page. |
| An audit event for creating a domain. |
| An audit event for updating a domain's data sources. |
| An audit event for updating a domain's data sources. |
| An audit event for updating a domain's data sources. |
| An audit event for deleting a domain. |
| An audit event for granting or revoking a user's domain-related permissions. |
| An audit event for granting or revoking a user's domain-related permissions. |
| An audit event for updating an Immuta domain. |
| An audit event for registering a table as an Immuta data source. |
| An audit event for deleting a data source in Immuta. |
- | An audit event for disabling a data source in Immuta. |
| An audit event for updating a data source with the new data source details. |
| The events for data source and project subscriptions. |
| An audit event for updating a data source with the new data source details. |
| An audit event for updating user details in Immuta. |
| An audit event for applying a global policy to a data source. |
| An audit event for a global policy approval rescinded in the approve to promote workflow. |
| An audit event for a global policy approved in the approve to promote workflow. |
| An audit event for a global policy being certified by a data owner for their data source. |
- | An audit event for a global policy being decertified on a data source. |
| An audit event for requested edits on a global policy in the approve to promote workflow. |
| An audit event for a global policy conflict being resolved on a data source. |
| An audit event for creating a global policy. |
| An audit event for deleting a global policy. |
| An audit event for a data owner disabling a global policy from their data source. |
| An audit event for when a global policy is fully approved and promoted to production in the approve to promote workflow. |
| An audit event for a data owner removing a global policy from their data source. |
| An audit event for when a global policy is ready and requests a review in the approve to promote workflow. |
| An audit event for updating a global policy with the new global policy details. |
| An audit event for creating an Immuta license. |
| An audit event for deleting an Immuta license. |
|
|
| An audit event for creating a policy adjustment in an Immuta project. |
| An audit event for deleting a policy adjustment in an Immuta project. |
| An audit event for a global policy certification expiring on a data source. |
| An audit event for creating a local policy for an Immuta data source. |
| An audit event for updating a local policy on an Immuta data source. |
|
|
| An audit event for creating a project in Immuta. |
| An audit event for deleting a project in Immuta. |
- | An audit event for disabling a project in Immuta. |
| An audit event for approving a purpose for a project in Immuta. |
| An audit event for denying a purpose for a project in Immuta. |
| The events for data source and project subscriptions. |
| An audit event for updating a project in Immuta. |
| An audit event for deleting a purpose in Immuta. |
| An audit event for updating a purpose in Immuta. |
| An audit event for creating a purpose in Immuta. |
| An audit event for removing a data source from a project. |
| An audit event for creating a sensitive data discovery (SDD) column name regex, regex, or dictionary identifier. |
| An audit event for deleting a sensitive data discovery (SDD) identifier. |
| An audit event for updating a sensitive data discovery (SDD) column name regex, regex, or dictionary identifier. |
| An audit event for the results from a sensitive data discovery (SDD) run that updates the tags on Immuta data sources. |
| An audit event for applying an identification framework to data sources. |
| An audit event for creating an identification framework. |
| An audit event for deleting an identification framework. |
| An audit event for updating an identification framework. |
|
|
| An audit event for applying a tag to an object in Immuta. |
| An audit event for creating a tag in Immuta. |
| An audit event for deleting a tag in Immuta. |
| An audit event for removing a tag from an object in Immuta. |
| An audit event for updating a tag in Immuta. |
| An audit event for creating an Immuta webhook. |
| An audit event for deleting an Immuta webhook. |
An audit event for a user's query in Snowflake or Databricks Unity Catalog. See the or the for additional details about the audit event schema.
An audit event for a user's query in Starburst (Trino). See the for additional details about the audit event schema.
An audit event for a user's query in Databricks. See the for additional details about the audit event schema.