Deprecation notice: The /audit
endpoint has been deprecated and replaced by Immuta Detect.
Generate your API key on the API Keys tab on your profile page and save the API key somewhere secure.
You will pass this API key in the authorization header when you make a request, as illustrated in the example below:
Download your audit logs using the GET /audit
endpoint. To filter or sort the audit logs, use the query parameters on the /audit
endpoint API reference page. For example, the request below saves 50 audit logs for https://your-immuta-url.immuta.com
in the file audit-logs-file.json
, with the audit records sorted by time in descending order.
Universal audit model (UAM) is Immuta's consistent structure for all Immuta system and user query audit logs. This reference guide maps the legacy audit events to the new UAM events and provides example schemas of all the UAM events available in Immuta.
Event: ApiKeyCreated
Legacy event: apiKey
Description: An audit event for when an API key is created on the Immuta app settings page or from an Immuta user's profile page.
Event: ApiKeyDeleted
Legacy event: apiKey
Description: An audit event for when an API key is deleted on the Immuta app settings page or from an Immuta user's profile page.
Event: AttributeApplied
Legacy events: accessUser
and accessGroup
Description: An audit event for an attribute applied to a group or user.
Additional parameter details: targetType
will specify whether the attribute was added to a USER
or GROUP
.
Event: AttributeRemoved
Legacy events: accessUser
and accessGroup
Description: An audit event for an attribute removed from a group or user.
Additional parameter details: targetType
will specify whether the attribute was removed from a USER
or GROUP
.
Event: ConfigurationUpdated
Legacy event: configurationUpdate
Description: An audit event for updates to the configuration on the Immuta app settings page.
Event: DatasourceAppliedToProject
Legacy event: addToProject
Description: An audit event for adding a data source to an Immuta project.
Event: DatasourceCatalogSynced
Legacy event: catalogUpdate
Description: An audit event for syncing an external catalog to tag Immuta data sources.
Event: DatasourceCreated
Legacy event: dataSourceCreate
Description: An audit event for registering a table as an Immuta data source.
Event: DatasourceDeleted
Legacy event: dataSourceDelete
Description: An audit event for deleting a data source in Immuta.
Event: DatasourceDisabled
Legacy event: None
Description: An audit event for disabling a data source in Immuta.
Event: DatasourceGlobalPolicyApplied
Legacy event: globalPolicyApplied
Description: An audit event for applying a global policy to a data source.
Event: DatasourceGlobalPolicyConflictResolved
Legacy event: globalPolicyConflictResolved
Description: An audit event for a global policy conflict being resolved on a data source.
Event: DatasourceGlobalPolicyDisabled
Legacy event: globalPolicyDisabled
Description: An audit event for a data owner disabling a global policy from their data source.
Event: DatasourceGlobalPolicyRemoved
Legacy event: globalPolicyRemoved
Description: An audit event for a data owner removing a global policy from their data source.
Event: DatasourcePolicyCertificationExpired
Legacy event: policyCertificationExpired
Description: An audit event for a global policy certification expiring on a data source.
Event: DatasourcePolicyCertified
Legacy event: globalPolicyCertify
Description: An audit event for a global policy being certified by a data owner for their data source.
Event: DatasourcePolicyDecertified
Legacy events: None
Description: An audit event for a global policy being decertified on a data source.
Event: DatasourceRemovedFromProject
Legacy event: removeFromProject
Description: An audit event for removing a data source from a project.
Event: DatasourceUpdated
Legacy events: dataSourceUpdate
and dataSourceSave
Description: An audit event for updating a data source with the new data source details.
Event: DomainCreated
Legacy event: collectionCreated
Description: An audit event for creating a domain.
Event: DomainDataSourcesUpdated
Legacy events: collectionDataSourceAdded
, collectionDataSourceRemoved
, and collectionDataSourceUpdated
Description: An audit event for updating a domain's data sources.
Additional parameter details: auditPayload.updateType will specify whether the data source was added to or removed from the domain.
Event: DomainDeleted
Legacy event: collectionDeleted
Description: An audit event for deleting a domain.
Event: DomainPermissionsUpdated
Legacy events: collectionPermissionGranted
and collectionPermissionRevoked
Description: An audit event for granting or revoking a user's domain-related permissions.
Additional parameter details: auditPayload.updateType will specify whether the permission was granted to or revoked from a user.
Event: DomainUpdated
Legacy event: collectionUpdated
Description: An audit event for updating an Immuta domain.
Event: GlobalPolicyApprovalRescinded
Legacy event: globalPolicyApprovalRescinded
Description: An audit event for a global policy approval rescinded in the approve to promote workflow.
Event: GlobalPolicyApproved
Legacy event: globalPolicyApproved
Description: An audit event for a global policy approved in the approve to promote workflow.
Event: GlobalPolicyChangeRequested
Legacy event: globalPolicyChangeRequested
Description: An audit event for requested edits on a global policy in the approve to promote workflow.
Event: GlobalPolicyCreated
Legacy event: globalPolicyCreate
Description: An audit event for creating a global policy.
Event: GlobalPolicyDeleted
Legacy event: globalPolicyDelete
Description: An audit event for deleting a global policy.
Event: GlobalPolicyPromoted
Legacy event: globalPolicyPromoted
Description: An audit event for when a global policy is fully approved and promoted to production in the approve to promote workflow.
Event: GlobalPolicyReviewRequested
Legacy event: globalPolicyReviewRequested
Description: An audit event for when a global policy is ready and requests a review in the approve to promote workflow.
Event: GlobalPolicyUpdated
Legacy event: globalPolicyUpdate
Description: An audit event for a global policy being updated with details about the policy.
Event: GroupCreated
Legacy event: accessGroup
Description: An audit event for a group created in Immuta.
Event: GroupDeleted
Legacy event: accessGroup
Description: An audit event for a group deleted in Immuta.
Event: GroupMemberAdded
Legacy event: accessGroup
Description: An audit event for a member added to a group in Immuta.
Event: GroupMemberRemoved
Legacy event: accessGroup
Description: An audit event for a group member removed from the group in Immuta.
Event: GroupUpdated
Legacy event: accessGroup
Description: An audit event for a group updated in Immuta.
Event: LicenseCreated
Legacy event: licenseCreate
Description: An audit event for creating an Immuta license.
Event: LicenseDeleted
Legacy event: licenseDelete
Description: An audit event for deleting an Immuta license.
Event: LocalPolicyCreated
Legacy event: policyHandlerCreate
Description: An audit event for creating a local policy for an Immuta data source.
Event: LocalPolicyUpdated
Legacy event: policyHandlerUpdate
Description: An audit event for updating a local policy on an Immuta data source.
Event: PermissionApplied
Legacy event: accessUser
Description: An audit event for a permission applied to an Immuta user.
Event: PermissionRemoved
Legacy event: accessUser
Description: An audit event for a permission removed from an Immuta user.
Event: PolicyAdjustmentCreated
Legacy event: policyAdjustmentCreate
Description: An audit event for creating a policy adjustment in an Immuta project.
Event: PolicyAdjustmentDeleted
Legacy event: policyAdjustmentDelete
Description: An audit event for deleting a policy adjustment in an Immuta project.
Event: ProjectCreated
Legacy event: projectCreate
Description: An audit event for creating a project in Immuta.
Event: ProjectDeleted
Legacy event: projectDelete
Description: An audit event for deleting a project in Immuta.
Event: ProjectDisabled
Legacy events: None
Description: An audit event for disabling a project in Immuta.
Event: ProjectPurposeApproved
Legacy event: projectPurposeApprove
Description: An audit event for approving a purpose for a project in Immuta.
Event: ProjectPurposeDenied
Legacy event: projectPurposeDeny
Description: An audit event for denying a purpose for a project in Immuta.
Event: ProjectPurposesAcknowledged
Legacy event: acknowledgePurposes
Description: An audit event for acknowledging a purpose for a project in Immuta.
Event: ProjectUpdated
Legacy event: projectPurposeDeny
Description: An audit event for updating a project in Immuta.
Event: PurposeDeleted
Legacy event: purposeDelete
Description: An audit event for deleting a purpose in Immuta.
Event: PurposeUpdated
Legacy event: purposeUpdate
Description: An audit event for updating a purpose in Immuta.
Event: PurposeUpserted
Legacy event: purposeCreate
Description: An audit event for creating a purpose in Immuta.
Event: SDDClassifierCreated
Legacy event: sddClassifierCreated
Description: An audit event for creating a sensitive data discovery (SDD) column name regex, regex, or dictionary identifier.
Additional parameter details:
auditPayload.config.columnNameRegex: For column name regex identifiers, the regex to match against column names.
auditPayload.config.values: For dictionary identifiers, the values within the dictionary to match against column values.
auditPayload.config.regex: For regex identifiers, the regex to match against column values.
Event: SDDClassifierDeleted
Legacy event: sddClassifierDeleted
Description: An audit event for deleting a sensitive data discovery (SDD) identifier.
Event: SDDClassifierUpdated
Legacy event: sddClassifierUpdated
Description: An audit event for updating a sensitive data discovery (SDD) column name regex, regex, or dictionary identifier.
Additional parameter details:
auditPayload.config.columnNameRegex: For column name regex identifiers, the regex to match against column names.
auditPayload.config.values: For dictionary identifiers, the values within the dictionary to match against column values.
auditPayload.config.regex: For regex identifiers, the regex to match against column values.
Event: SDDDatasourceTagUpdated
Legacy event: sddDatasourceTagUpdate
Description: An audit event for the results from a sensitive data discovery (SDD) run that updates the tags on Immuta data sources.
Event: SDDTemplateApplied
Legacy event: sddTemplateApplied
Description: An audit event for applying an identification framework to data sources.
Event: SDDTemplateCloned
Legacy event: sddTemplateCreated
Description: An audit event for cloning an identification framework from another framework.
Event: SDDTemplateCreated
Legacy event: sddTemplateCreated
Description: An audit event for creating an identification framework.
Event: SDDTemplateDeleted
Legacy event: sddTemplateDeleted
Description: An audit event for deleting an identification framework.
Event: SDDTemplateUpdated
Legacy event: sddTemplateUpdated
Description: An audit event for updating an identification framework.
Event: SubscriptionCreated
Legacy events: dataSourceSubscription
and projectSubscription
Description: An audit event for subscribing a user to a data source or project.
Additional parameter details: auditPayload.modelType will specify whether the user was subscribed to a DATASOURCE
or PROJECT
.
Event: SubscriptionUpdated
Legacy events: dataSourceSubscription
and projectSubscription
Description: An audit event for removing a user's subscription to a data source or project.
Additional parameter details: auditPayload.modelType will specify whether the user's subscription was removed from a DATASOURCE
or PROJECT
.
Event: SubscriptionUpdated
Legacy events: dataSourceSubscription
and projectSubscription
Description: An audit event for a user's request to subscribe to a data source or project.
Additional parameter details: targets.model.type will specify whether the subscription was approved for a DATASOURCE
or PROJECT
.
Event: SubscriptionUpdated
Legacy events: dataSourceSubscription
and projectSubscription
Description: An audit event for denying a user's request to subscribe to a data source or project.
Additional parameter details: auditPayload.modelType will specify whether the user's subscription was denied for a DATASOURCE
or PROJECT
.
Event: SubscriptionRequested
Legacy events: dataSourceSubscription
and projectSubscription
Description: An audit event for a user requesting to subscribe to a data source or project.
Additional parameter details: auditPayload.modelType will specify whether the user requested to subscribe to a DATASOURCE
or PROJECT
.
Event: SubscriptionUpdated
Legacy events: dataSourceSubscription
and projectSubscription
Description: An audit event for a user subscribing to a data source or project.
Additional parameter details: targets.model.type will specify whether the subscription was updated on a DATASOURCE
or PROJECT
.
Event: TagApplied
Legacy event: tagAdded
Description: An audit event for applying a tag to an object in Immuta.
Event: TagCreated
Legacy event: tagCreated
Description: An audit event for creating a tag in Immuta.
Event: TagDeleted
Legacy event: tagDeleted
Description: An audit event for deleting a tag in Immuta.
Event: TagRemoved
Legacy event: tagRemoved
Description: An audit event for removing a tag from an object in Immuta.
Event: TagUpdated
Legacy event: tagUpdated
Description: An audit event for updating a tag in Immuta.
Event: UserAuthenticated
Legacy event: authenticate
Description: An audit event for a user authenticating in Immuta.
Additional parameter details: authenticationMethod
possible values include
OAuth
: The user authenticated using the 3rd party authentication OAuth.
OpenId
: The user authenticated using the 3rd party authentication OpenId.
SAML
: The user authenticated using the 3rd party authentication SAML.
apiKey
: The user authenticated or impersonated using an API key.
password
: The user authenticated with username and password.
Event: UserCloned
Legacy event: accessUser
Description: An audit event for creating a new user in Immuta by cloning an existing user.
Event: UserCreated
Legacy event: accessUser
Description: An audit event for creating a new user in Immuta.
Event: UserDeleted
Legacy event: accessUser
Description: An audit event for deleting a user in Immuta.
Event: UserLogout
Legacy events: None
Description: An audit event for a user logging out of Immuta.
Additional parameter details:
authenticationMethod
possible values include
OAuth
: The user authenticated using the 3rd party authentication OAuth.
OpenId
: The user authenticated using the 3rd party authentication OpenId.
SAML
: The user authenticated using the 3rd party authentication SAML.
apiKey
: The user authenticated or impersonated using an API key.
password
: The user authenticated with username and password.
logoutReason
possible values include
EXPIRATION
: The user was logged out because the token expired.
IDP_INITIATED
: The IdP initiated the logout.
USER_LOGOUT_TRIGGERED
: The user manually logged out.
Event: UserOneTimeTokenCreated
Legacy event: accessUser
Description: An audit event for creating a single use login token for a user.
Event: UserPasswordUpdated
Legacy event: accessUser
Description: An audit event for updating a user's Immuta password.
Event: UserUpdated
Legacy event: externalUserIdChanged
Description: An audit event for updating user details in Immuta.
Event: WebhookCreated
Legacy event: webhookCreate
Description: An audit event for creating an Immuta webhook.
Event: WebhookDeleted
Legacy event: webhookDelete
Description: An audit event for deleting an Immuta webhook.
blobDelete
blobFetch
blobIndex
blobUpdateFeatures
blobUpdateTags
blobVisibility
checkPendingRequest
dataSourceExpired
dataSourceTestQuery
dictionaryCreate
dictionaryDelete
dictionaryUpdate
driverUpload
featureList
governanceUpdate
policyExemption
policyExport
policyImport
queryDebugRequest
sqlAccess
sqlCreateUser
sqlDeleteUser
sqlResetPassword
sqlQuery
To learn more about Immuta's audit, see the .
Legacy event | UAM event | Description |
---|
| An audit event for managing a group. |
| An audit event for managing a user. |
| An audit event for acknowledging a purpose for a project in Immuta. |
| An audit event for adding a data source to an Immuta project. |
| An audit event for when an API key is created or deleted on the Immuta app settings page or from an Immuta user's profile page. |
| An audit event for a user authenticating in Immuta. |
- | An audit event for a user logging out of Immuta. |
| An audit event for syncing an external catalog to tag Immuta data sources. |
| An audit event for updates to the configuration on the Immuta app settings page. |
| An audit event for creating a domain. |
| An audit event for updating a domain's data sources. |
| An audit event for updating a domain's data sources. |
| An audit event for updating a domain's data sources. |
| An audit event for deleting a domain. |
| An audit event for granting or revoking a user's domain-related permissions. |
| An audit event for granting or revoking a user's domain-related permissions. |
| An audit event for updating an Immuta domain. |
| An audit event for registering a table as an Immuta data source. |
| An audit event for deleting a data source in Immuta. |
- | An audit event for disabling a data source in Immuta. |
| An audit event for updating a data source with the new data source details. |
| The events for data source and project subscriptions. |
| An audit event for updating a data source with the new data source details. |
| An audit event for updating user details in Immuta. |
| An audit event for applying a global policy to a data source. |
| An audit event for a global policy approval rescinded in the approve to promote workflow. |
| An audit event for a global policy approved in the approve to promote workflow. |
| An audit event for a global policy being certified by a data owner for their data source. |
- | An audit event for a global policy being decertified on a data source. |
| An audit event for requested edits on a global policy in the approve to promote workflow. |
| An audit event for a global policy conflict being resolved on a data source. |
| An audit event for creating a global policy. |
| An audit event for deleting a global policy. |
| An audit event for a data owner disabling a global policy from their data source. |
| An audit event for when a global policy is fully approved and promoted to production in the approve to promote workflow. |
| An audit event for a data owner removing a global policy from their data source. |
| An audit event for when a global policy is ready and requests a review in the approve to promote workflow. |
| An audit event for updating a global policy with the new global policy details. |
| An audit event for creating an Immuta license. |
| An audit event for deleting an Immuta license. |
|
|
| An audit event for creating a policy adjustment in an Immuta project. |
| An audit event for deleting a policy adjustment in an Immuta project. |
| An audit event for a global policy certification expiring on a data source. |
| An audit event for creating a local policy for an Immuta data source. |
| An audit event for updating a local policy on an Immuta data source. |
| TrinoQuery |
| An audit event for creating a project in Immuta. |
| An audit event for deleting a project in Immuta. |
- | An audit event for disabling a project in Immuta. |
| An audit event for approving a purpose for a project in Immuta. |
| An audit event for denying a purpose for a project in Immuta. |
| The events for data source and project subscriptions. |
| An audit event for updating a project in Immuta. |
| An audit event for deleting a purpose in Immuta. |
| An audit event for updating a purpose in Immuta. |
| An audit event for creating a purpose in Immuta. |
| An audit event for removing a data source from a project. |
| An audit event for creating a sensitive data discovery (SDD) column name regex, regex, or dictionary identifier. |
| An audit event for deleting a sensitive data discovery (SDD) identifier. |
| An audit event for updating a sensitive data discovery (SDD) column name regex, regex, or dictionary identifier. |
| An audit event for the results from a sensitive data discovery (SDD) run that updates the tags on Immuta data sources. |
| An audit event for applying an identification framework to data sources. |
| An audit event for creating an identification framework. |
| An audit event for deleting an identification framework. |
| An audit event for updating an identification framework. |
| DatabricksQuery |
| An audit event for applying a tag to an object in Immuta. |
| An audit event for creating a tag in Immuta. |
| An audit event for deleting a tag in Immuta. |
| An audit event for removing a tag from an object in Immuta. |
| An audit event for updating a tag in Immuta. |
| An audit event for creating an Immuta webhook. |
| An audit event for deleting an Immuta webhook. |
An audit event for a user's query in Snowflake or Databricks Unity Catalog. See the or the for additional details about the audit event schema.
An audit event for a user's query in Starburst (Trino). See the for additional details about the audit event schema.
An audit event for a user's query in Databricks. See the for additional details about the audit event schema.