1 of 17

Audit

Immuta provides robust audit logging on actions within the application and on queries in remote technologies like Snowflake, Databricks, and Unity Catalog. Users with the audit permission can view the audit page in Immuta and export audit logs to S3 or ADLS Gen2.

How-to guides

Export audit logs to S3: Use the CLI or GraphQL to export Immuta audit logs to S3. These logs can then be stored long-term, used for compliance, or viewed in analytic platforms.
: Use the CLI or GraphQL to export Immuta audit logs to ADLS Gen2. These logs can then be stored long-term, used for compliance, or viewed in analytic platforms.
: Use the Immuta UI audit page to find audit event logs.
: Create a governance report in the Immuta UI to understand the state of your Immuta environment.

Reference guides

: This reference guide describes Immuta's universal audit model, the events available in this model, and the recommended audit workflow.
- : This reference guide lists the UAM events and examples of the logs.
Query audit logs: These reference guides describe the audit available for the specific integration, details about enabling and configuring audit, and an example schema.

How-to Guides

Export Audit Logs to Amazon S3

Public preview: This feature is available to all accounts.

Requirements:

Immuta permission AUDIT

Export Audit Logs to ADLS

Public preview: This feature is available to all accounts.

Requirements:

Immuta permission AUDIT
If you will use the Immuta CLI instead of GraphQL API, install and configure the Immuta CLI. Must be CLI v1.4.0 or newer.

Create an ADLS shared access signature token for the export

Before Immuta can export audit events to your Azure Data Lake Storage (ADLS) Gen2 storage account, you need to create a shared access signature (SAS) token that allows the Immuta audit service to add audit logs to your specified ADLS storage account and file system.

Follow the Azure documentation to create the following in Azure:

with the following settings required for audit export:
- Enable hierarchical namespace
- Standard performance is adequate, but premium may be used

Save the SAS token to use in the next steps. Do not navigate away from the SAS page unless you have saved the token.

Configure the audit export to ADLS

Configure the audit export to ADLS using the Immuta CLI or GraphQL API with the following fields:

interval: The interval at which audit logs will be exported to your ADLS storage. They can be sent at 2-, 4-, 6-, 12-, or 24-hour intervals.
storage account: The name of the storage account you created that your audit logs will be sent to.
file system: The name of the file system (or container) you created that your audit logs will be written to.

Run the following command with the above fields in a JSON file:

Example ./your-exportConfig.json file

For additional CLI commands, see the .

Run the following mutation to this URL, https://your-immuta.com/api/audit/graphql, with the above fields passed directly:

Example response

Troubleshooting

Error: Unknown error occurred making request to http://your-immuta.com/api/audit/graphql

You are not running the required CLI version, which must be CLI v1.4.0 or newer. Update your CLI and reconfigure the CLI with your Immuta tenant.

list returns 0

You do not have any exports configured. Start again from a "Configure the audit export to S3" step and ensure the authentication is correct.

Use Immuta Audit

Requirement: Immuta permission global AUDIT or domain-specific Audit Activity

Applying filters to find audit events

You can filter the audit page in several ways and use multiple filters at once to find the type of audit events you are interested in. To filter the audit page,

Run Governance Reports

Build and export Immuta reports

Immuta reports allow data governors to use a natural language builder to instantly create reports that detail user activity across Immuta.

Click select entity and choose the option you would like the report based on from the dropdown menu. Your options include User, Group, Project, Data Source, Purpose, Policy Type, Connection, or Tag.
After making your selection, type your entity name in the enter name field.
Select the name from the dropdown menu that appears. Once the entity name has been selected, a number of reports will populate the center window.
Click a tile with the description of the report to run that report. You may only see up to 100 rows of output in the UI when you run a report. To see the full results of your report, follow the step below to export to CSV.
Once you've run the report, you can click the Export to CSV button to download the report.

If you would like to switch reports from this page, you can make changes by clicking the dropdown menu and then Refresh to run a new report. Otherwise, click Back to Report Builder to return to the full report builder.

Default 9-minute timeout

Governance report queries will time out after 9 minutes to avoid overconsumption of resources. If your governance report was not generated because of this timeout, to change the default setting.

Reference Guides

Universal Audit Model (UAM)

Immuta’s universal audit model (UAM) provides audit logs with a consistent structure for query, authentication, policy, project, and tag events from your Immuta users and data sources. You can view the information in these UAM audit logs on the audit dashboards or export the full audit logs to S3 and ADLS for long-term backup and processing with log data processors and tools. This capability fosters convenient integrations with log monitoring services and data pipelines.

You can specify an S3 bucket destination where Immuta will periodically export audit logs when using S3. When using ADLS, you can specify the container destination where Immuta will export audit logs. If desired, users can configure both export options to export their audit logs to S3 and ADLS simultaneously.

The events captured are events relevant to user and system actions that affect Immuta or the integrated data platforms, such as creating policies or data sources and running queries.

See a list of the events captured and example schemas on the UAM schema reference guide.

Immuta audit service

The Immuta audit service is an independent microservice that captures audit events from Immuta and queries run against your Snowflake, Databricks Spark, Databricks Unity Catalog, or Starburst (Trino) integration.

Immuta stores the export endpoints you provide during configuration, retrieves the audit records pushed to the audit service by your integration, and manages the audit exports based on an export schedule you define. These audit records are also stored to support future reporting and user interface enhancements that will allow you to search based on keywords and facets easily across the entire body of audit events.

Audit export workflow

Public preview: This feature is available to all accounts.

When you configure the audit export using the CLI for and , the audit service stores the export endpoint you provided.
After the integration endpoint has been configured, the export scheduler will run on the schedule you defined in your configuration.
When users query data and the event is audited, the audit service receives events from your Snowflake, Databricks Spark, Databricks Unity Catalog, or Starburst (Trino) integration.

Audit support for platform queries

The table below outlines what information is included in the query audit logs for each integration where query audit is supported.

Snowflake

Databricks Spark

Databricks Unity Catalog

Starburst (Trino)

Legend:

✅ This is available and the information is included in audit logs.
❌ This is not available and the information is not included in audit logs.

Limitations

The audit service does not capture system-level logging and debugging information, such as 404 errors.

Snowflake query audit limitation

Snowflake query audit events from a query using cached results will show 0 for the rowsProduced field.

Unity Catalog query audit limitations

Immuta determines unauthorized events based on error messages within Unity Catalog records. When the error messages contain expected language, unauthorized events will be available for Databricks Unity Catalog audit logs. In other cases, it is not possible to determine the cause of an error.
Immuta audit records include unregistered data sources and users; however, activity from them will not appear in any .
Databricks queries where the response is being served from cache will not be represented in the system.access.column_lineage table which means the query audit records will be unmapped in Immuta.

Starburst (Trino) limitation

Audit for unauthorized access is not currently supported.
objectsAccessed is not available with Hive or Iceberg views.
columnsAccessed will include columns related to the query that were not actually accessed in some cases:

Query Audit Logs

Databricks Unity Catalog Query Audit Logs

Query audit for Databricks Unity Catalog captures user's data access within Unity Catalog and presents the query audit logs in Immuta. Using the Databricks system.query.history and system.access.column_lineage tables, Immuta joins the tables and pulls out key details about the user's queries, which are then translated into audit logs that can be viewed in the Immuta UI or exported.

Immuta audits the activity of all Unity Catalog users and tables regardless of whether they are registered in Immuta.

Requirements

A Databricks deployment with capabilities

Store audit logs

By default, Databricks Unity Catalog audit logs expire after 90 days. , and store audit logs outside of Immuta in order to retain the audit logs long-term.

Audit frequency

Immuta collects audit records once an hour by default, and the frequency can be . The frequency is a global setting based on integration type, so organizations with multiple Databricks Unity Catalog integrations will have the same audit frequency for all of them. The more frequent the audit records are ingested, the more current the audit records. However, there could be performance and cost impacts from the frequent jobs because Immuta will start a Databricks cluster to complete the audit ingest job if one is not already running.

To manually prompt the query audit, click Load Audit Events on the Immuta audit page.

Audit scope

Immuta audits all data sources and users in Unity Catalog. An administrator can configure the integration to just ingest specific workspaces when . The audit is intended to ingest user queries for data access, so queries with

Audit schema

Each audit message from the Immuta platform will be a one-line JSON object containing the properties listed below.

Property

Description

Example

Example audit record

Limitations

Immuta determines unauthorized events based on error messages within Unity Catalog records. When the error messages contain expected language, unauthorized events will be available for Databricks Unity Catalog audit logs. In other cases it is not possible to determine the cause of an error.
Immuta audit records include unregistered data sources and users; however, activity from them will not appear in any .
Databricks queries where the response is being served from cache will not be represented in the system.access.column_lineage table which means the query audit records will be unmapped in Immuta.

Audit Export GraphQL Reference Guide

Public preview: This feature is available to all accounts.

Use these audit export configuration commands to manage exporting your audit logs to S3 and ADLS Gen2. To configure an audit export see the Export to S3 or Export to ADLS guides.

Disable a configuration

To disable a configuration, use the disableExportConfiguration mutation:

Enable a configuration

To enable a disabled configuration, use the enableExportConfiguration mutation:

Delete a configuration

To delete a configuration, use the deleteExportConfiguration mutation:

Update a configuration

To update an existing configuration, use the mutation for your specific export configuration:

: updateS3AccessKeyExportConfiguration
: updateS3AssumedRoleExportConfiguration
: updateAdlsSasTokenExportConfiguration

Update the configuration to make small changes, i.e., to rotate the token, rather than deleting the existing one and creating a new one.

Unknown Users in Audit Logs

Unity Catalog query audit brings in audit information for all tables and data sources, so some audit logs are created from activity by users not registered in Immuta. These audit records will appear in Immuta, providing valuable information of activity, with the username Unknown. This can be seen on the audit page or in user and data activity dashboards.

Identify users

While the Immuta user is unknown, the user's Databricks Unity Catalog username can be found within the audit log. To view the user's data platform username:

Navigate to the event page.
Select View JSON.
The username can be found in the auditPayload.technologyContext.account.username field.

Register users

To improve your future audit records, ensure these users are properly registered and can be named in the logs:

If you have not registered any users, .
If you have registered users but this user was missed, .
If this user is in Immuta but not appearing in the audit record, .

Governance Report Types

Immuta reports allow data governors to use a natural language builder to instantly create reports that delineate user activity across Immuta. These reports can be based on various entity types, including users, groups, projects, data sources, purposes, policy types, or connection types.

Generate reports in the Immuta UI or using the Immuta API.

Default 9-minute timeout

Governance report queries will time out after 9 minutes to avoid overconsumption of resources. If your governance report was not generated because of this timeout, to change the default setting.

User reports options

User reports can be run for all users or for individual users who have been registered in Immuta. Non-registered users' activity will not appear in reports.

All users report option

Data sources subscribed to. This report lists data sources each user is subscribed to and includes user roles, subscription types, when users last subscribed, who approved the users' subscriptions to the data sources, when the subscriptions expire, what attributes the users possess, and the groups the users belong to.
Status of all users. This report lists account information of all users in the system, including the users' full names, usernames, IAMs, HDFS principals, and last login dates.

Individual user report options

Groups the user belongs to. This report lists the names of the groups the user belongs to and the dates that groups were joined.
Data sources the user subscribes to. This report details the data source names, the user's roles, when the user last subscribed, who approved the subscriptions, when the subscriptions expire (if applicable), and the reasons for subscribing (if applicable).
Projects the user is currently a member of. This report lists the project names, whether the projects are public or private, the user's roles in the projects, the creator of the projects, when the projects were created, and when the user joined the projects.

Group reports options

Group reports can be run for all groups or for individual groups.

All groups report option

Data sources that groups are manually subscribed to. This report lists the data source names, the group's role, when the group last subscribed to the data sources, who approved the subscriptions, and the expiration dates (if applicable), and reasons (if applicable) for the subscriptions.

Individual group report options

Users who belong to the group. This report lists the names of users and the dates the users joined the group.
Data sources that this group is manually subscribed to. This report lists the data source names, the group's role, when the group last subscribed to the data sources, who approved the subscriptions, and the expiration dates (if applicable), and reasons (if applicable) for the subscriptions.
Projects that users in this group are members of. This report includes the names of the projects, whether the projects are public or private, the group's role in the projects, the names of the project creators, when the projects were created, and when the group joined the projects.

Project reports options

Users and groups who are members of the project. This report includes usernames, email addresses, user roles in the project, when the users joined, and the subscription types. The subscription types may be "Individual User," indicating that the user joined the project directly, or it might be "Group," in which case the name of the group will be stated. Group subscriptions occur when an entire group is added to a project.
Data sources that are part of the project. This report lists the data source names, the reasons given when added to the project (if applicable), the users who added the data sources, and when the data sources were added to the project.
Purpose of the project.

Data source reports options

Data source reports can be run for all data sources or for individual data sources that are registered in Immuta. Activity to non-registered tables will not appear in the reports.

All data sources report option

Users and groups subscribed to data sources. This report lists all users and groups subscribed to every data source and includes usernames, email addresses, subscription types, user roles, subscription dates, who approved the subscriptions, expiration dates, and user attributes.

Individual data source reports options

Users and groups subscribed to the data source. This report lists the names of users, reasons for accessing the data sources (if applicable), user roles, email addresses, when users last subscribed, who approved the subscriptions, when the subscriptions expire (if applicable), and the subscription types. A subscription type may be "Individual User," indicating that the user subscribed to the data sources directly, or it might be "Group," in which case the name of the group will be stated. Group subscriptions occur when an entire group is added to a data source.
Projects that contain the data source. This report lists the project names, the users who added the data source to projects, when the data source was added to projects, the reasons for adding the data sources (if applicable), whether the projects are public or private, who created the projects, and when the projects were created.

Purpose reports options

Users who are members of projects with this purpose. This report lists usernames, email addresses, their roles in the project, the names of the projects, whether the projects are public or private, the creators of the projects, when the projects were created, when users joined, and their subscription types (individual or group).
Data sources that are part of projects with this purpose. This report lists the names of the data sources, who created the data sources, the project names, whether the projects are public or private, the creators of the projects, whether the projects have other purposes, and when the projects were created. Note that whether projects have other purposes will be assigned as "True" or "False."

Policy type reports option

Data sources with this policy type. Immuta supports a range of policy types, such as masking, WHERE clauses, purpose restrictions, and more. This report lists every data source with this policy type, including when they were created, who created the data sources, who created the policy, and when the policy was created.

Global policy reports options

Global policy reports can be run for all global policies or for individual global policies.

All global policies report options

Global policies that have been disabled. This report details the names of the policies, the policies themselves, the policy types, the data sources from which the policies were disabled, who disabled the policies, when they were disabled, the justifications the users provided for disabling the policies, who created the policies, when the policies were created, and how the policies were associated with the data sources.
Global policies that cannot currently be applied. This report details the names of the policies, the policies themselves, the policy types, the names of the data sources the policies cannot be applied to, when the data sources were created, when the policies were created, the reasons the policies cannot be applied, who created the policies, and how the policies are associated with the data sources.

Individual global policy reports option

Data sources impacted by the policy. This report lists the data sources, when the data sources were created, and whether or not the policy is fully applied to the data sources.
Data sources impacted by the policy that have not been certified. This report lists the data sources that have not been certified, when the global policy was applied, and the data owner.
Data sources impacted by the policy that have been certified. This report lists the data sources that have been certified, the user that certified it, when the global policy was applied, and when it was certified.

Connection reports option

Data sources with this connection type. This report lists the data sources, each data source's creator, the creation date, and the tables or queries used by the connection selected.

Tag reports options

Tag reports can be run for all tags or for individual tags.

All tag reports options

Data sources this tag has been assigned to. This report generates a list of data sources associated with that tag and includes the columns tagged, the value types of the data tagged, who tagged the data sources, when the data sources were tagged, and when the data sources were created.
Purposes associated with data sources containing this tag. This report generates a list of purposes under which users have accessed data sources containing this tag. By default, this report only displays the last month of results. (The full report can be downloaded by clicking Export to CSV.) The time period can be configured in the Date Range fields.

Individual tag options

Users that have subscribed to data sources with any tag. This report lists users, their subscription type, and all of the tags in Immuta with information of whether or not users are subscribed to at least one data source where that tag is applied.
Data sources any tag has been applied to. This report lists data sources with the tags applied to them and the columns they are applied to.
Projects that contain a data source with any tag. This report lists projects and the data sources assigned to them with the tag they have applied.

Sensitive data discovery reports option

Columns with SDD tags applied. This report generates a list of all tags that have been applied to data sources by identification. It includes information about the column it is applied to within each data source and active policies that use the tag.

mutation {
  createAdlsSasTokenEndpointConfiguration(
    data: {
      interval: "EVERY_12_HOURS",
      storageAccount: "your-adls-storage-account",
      fileSystem: "audit-output",
      path: "immuta-audit",
      sasToken: "your-sas-token"
    }
  )
    {
        id
        interval
        enabled
        connectionStatus
        endpointConfiguration {
            ... on AdlsSasTokenEndpointConfiguration {
                storageAccount
                fileSystem
                path
            }
        }
    }
}

{
    "data": {
        "createAdlsSasTokenEndpointConfiguration": {
            "id": "259fc41c-b502-418a-a8ff-d875335dbe9b",
            "interval": "EVERY_12_HOURS",
            "enabled": true,
            "connectionStatus": "SUCCESS",
            "endpointConfiguration": {
                "storageAccount": "your-adls-storage-account",
                "fileSystem": "audit-output",
                "path": "immuta-audit"
            }
        }
    }
}

mutation {
    updateAdlsSasTokenExportConfiguration(
        data: {
            id: "<export configuration ID>"
            interval: EVERY_2_HOURS
            storageAccount: "your-adls-storage-account",
            fileSystem: "audit-output",
            path: "immuta-audit",
            sasToken: "your-sas-token"
        } 
     ) 
     {
       id
       interval
       enabled
       endpointConfiguration {
            __typename
            ... on AdlsSasTokenEndpointConfiguration {
                storageAccount
                path
                fileSystem
            }
        }
    }
}

{
    "data": {
        "updateAdlsSasTokenExportConfiguration": {
            "id": "<export configuration ID>",
            "interval": "EVERY_12_HOURS",
            "enabled": true,
            "endpointConfiguration": {
                "storageAccount": "your-adls-storage-account",
                "fileSystem": "audit-output",
                "path": "immuta-audit"
            }
        }
    }
}

Follow AWS documentation for adding a bucket policy in the Amazon S3 console.

Edit the JSON in the Policy section to include a bucket policy like the example below.

In this example, the policy allows an IAM user (the principal) to add objects to the bucket. If you use this example, replace the content in angle brackets with the Amazon Resource Names (ARNs) for your IAM user and S3 bucket.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "<your-iam-user-arn>"
            },
            "Action": "s3:PutObject",
            "Resource": "<your-s3-bucket-arn>/*"
        }
    ]
}

Save your changes.

Run the following command with the above fields in a JSON file:

immuta audit exportConfig create:s3:accessKey ./exportConfig.json

Example ./exportConfig.json file

{
"interval": "EVERY_12_HOURS",
"bucket": "your-s3-bucket",
"path": "your-optional-s3-bucket-path",
"region": "your-aws-region",
"accessKeyId": "YOURACCESSKEYID",
"secretAccessKey": "YOUR/SECRET/ACCESSKEY"
}

For additional CLI commands, see the audit CLI reference guide.

Run the following mutation to this URL, https://your-immuta.com/api/audit/graphql, with the above fields passed directly:

mutation {
  createS3AccessKeyExportConfiguration(
    data: {
      interval: EVERY_12_HOURS
      bucket: "your-s3-bucket"
      path: "your-optional-s3-bucket-path"
      region: "your-aws-region"
      accessKeyId: "YOURACCESSKEYID"
      secretAccessKey: "YOUR/SECRET/ACCESSKEY"
    }
  )
    {
        id
        interval
        enabled
        connectionStatus
        endpointConfiguration {
            ... on S3AccessKeyEndpointConfiguration {
                bucket
                path
                region
            }
        }
    }
}

Example response

{
    "data": {
        "createS3AccessKeyExportConfiguration": {
            "id": "259fc41c-b502-418a-a8ff-d875335dbe9b",
            "interval": "EVERY_12_HOURS",
            "enabled": true,
            "connectionStatus": "SUCCESS",
            "endpointConfiguration": {
                "bucket": "your-s3-bucket",
                "path": "your-optional-s3-bucket-path",
                "region": "your-region",
            }
        }
    }
}

For additional GraphQL API commands, see the .

Follow AWS documentation for adding a bucket policy in the Amazon S3 console.

Edit the JSON in the Policy section to include a bucket policy like the example below.

In this example, the policy allows an IAM user (the principal) to add objects to the bucket.

If you use this example, replace the content in angle brackets with the Amazon Resource Names (ARNs) for your IAM role and S3 bucket.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "<your-iam-role-arn>"
            },
            "Action": "s3:PutObject",
            "Resource": "<your-s3-bucket-arn>/*"
        }
    ]
}

Save your changes.

Run the following command with the above fields in a JSON file:

immuta audit exportConfig create:s3:assumedRole ./exportConfig.json

Example ./exportConfig.json file

{
"interval": "EVERY_12_HOURS",
"bucket": "your-s3-bucket",
"path": "your-optional-s3-bucket-path",
"region": "your-region",
"roleArn": "arn:aws:iam::<Your AWS Account ID>:role/<the prepared role>"
}

Example response:

{
    "data": {
        "createS3AssumedRoleExportConfiguration": {
            "id": "259fc41c-b502-418a-a8ff-d875335dbe9b",
            "interval": "EVERY_12_HOURS",
            "enabled": true,
            "connectionStatus": "Error testing access to S3 using AssumedRole <Your Role> - User: <Immuta Account> is not authorized to perform: sts:AssumeRole on resource: <Your Role>",
            "endpointConfiguration": {
                "__typename": "S3AssumedRoleEndpointConfiguration",
                "bucket": "your-s3-bucket",
                "path": "your-optional-s3-bucket-path",
                "region": "your-region",
            }
        }
    }
}

For additional CLI commands, see the audit CLI reference guide.

Run the following mutation to this URL, https://your-immuta.com/api/audit/graphql, with the above fields passed directly:

mutation {
  createS3AssumedRoleExportConfiguration(
    data: {
      interval: EVERY_12_HOURS
      bucket: "your-s3-bucket"
      path: "your-optional-s3-bucket-path"
      region: "your-region"
      roleArn: "arn:aws:iam::<Your AWS Account ID>:role/<the prepared role>"
    }
  )
    {
        id
        interval
        enabled
        connectionStatus
        endpointConfiguration {
            ... on S3AssumedRoleEndpointConfiguration {
                bucket
                path
                region
            }
        }
    }
}

Example response

For additional GraphQL API commands, see the .

Run the following command

immuta audit exportConfig list

Run the following mutation to this URL, https://your-immuta.com/api/audit/graphql:

query {
    getAllExportConfigurations{
        id
        connectionStatus
    }
}

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:PutObject"
            ],
            "Resource": "<your-s3-bucket-arn>/*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "kms:Decrypt",
                "kms:GenerateDataKey"
            ],
            "Resource": "<your-kms-key-arn>"
        }
    ]
}

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:PutObject"
            ],
            "Resource": "<your-s3-bucket-arn>/*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "kms:Decrypt",
                "kms:GenerateDataKey"
            ],
            "Resource": "<your-kms-key-arn>"
        }
    ]
}

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::<Immuta AWS Account ID>:root"
            },
            "Action": "sts:AssumeRole",
            "Condition": {"StringEquals": {"sts:ExternalId": "<Export Configuration ID>"}}
        }
    ]
}

{
    "data": {
        "createS3AssumedRoleExportConfiguration": {
            "id": "259fc41c-b502-418a-a8ff-d875335dbe9b",
            "interval": "EVERY_12_HOURS",
            "enabled": true,
            "connectionStatus": "Error testing access to S3 using AssumedRole <Your Role> - User: <Immuta Account> is not authorized to perform: sts:AssumeRole on resource: <Your Role>",
            "endpointConfiguration": {
                "bucket": "your-s3-bucket",
                "path": "your-optional-s3-bucket-path",
                "region": "your-region",
            }
        }
    }
}

Example search

If you are looking for a specific audit event, use the UAM schema reference guide to determine the audit log you want. Use the example JSON to determine the correct filter.

For example, if you are looking for a data source deleted event, you would find the JSON for the DatasourceDeleted event on the reference page:

{
"id": "1403b675-70f6-4833-ab4c-a7486c63f494",

To find an event like this in the UI, you would then use the following filters:

Target Type - Data Source
Action - Delete
Outcome - Success

{
  "action": "QUERY",
  "actor": {
    "type": "USER_ACTOR",
    "id": "[email protected]",
    "name": "Taylor",
    "identityProvider": "bim",
    "profileId": "10"
  },
  "sessionId": "01ee14d9-cab3-1ef6-9cc4-f0c315a53788",
  "actionStatus": "SUCCESS",
  "actionStatusReason": null,
  "eventTimestamp": "2023-06-27T11:03:59.000Z",
  "id": "01ee14da-517a-1670-afce-0c3e0fdcf7d4",
  "tenantId": "your-immuta.com",
  "targetType": "DATASOURCE",
  "targets": [
      {
      "type": "DATASOURCE",
      "id": "2034",
      "name": "University Art Gallery Exhibition",
      "technology": "DATABRICKS"
    }
  ],
  "relatedResources": [],
  "auditPayload": {
    "type": "QueryAuditPayload",
    "queryId": "01ee14da-517a-1670-afce-0c3e0fdcf7d4",
    "query": "SELECT VERSION AS `version` FROM `sample-data`.`__immuta_version`",
    "startTime": "2023-06-27T11:03:59.000Z",
    "endTime": "2023-06-27T11:05:59.000Z",
    "duration": 23.568,
    "technologyContext": {
      "type": "DatabricksContext",
      "clusterId": null,
      "workspaceId": "3841033049363283",
      "service": "WAREHOUSE",
      "queryLanguage": "sql"
      "warehouseId": "559483c6eac0359f",
      "notebookId": null,
      "account": {
        "id": "52e863bc-ea7f-46a9-8e17-6aed7541832d",
        "username": "[email protected]"
      },
      "host": "deployment-name.cloud.databricks.com",
      "rowsProduced": 2
    },
    "objectsAccessed": [
      {
        "name": "catalog.audit_uc_test.University Art Gallery Exhibition",
        "datasourceId": "2034",
        "databaseName": "catalog",
        "schemaName": "audit_uc_test",
        "type": "TABLE",
        "columns": [
          {
            "name": "status_description",
            "tags": [
              {
                "type": "TAG",
                "id": "122",
                "name": "Personally Identifiable Information.true",
                "source": "collibra",
                "context": "catalog",
                "deleted": false,
                "transient": false
              }
            ],
            "securityProfile": {
              "sensitivity": {
                "score": "INDETERMINATE"
              }
            }
        }]
    }],
    "securityProfile": {
      "sensitivity": {
        "score": "INDETERMINATE"
      }
    },
    "version": 1
  },
  "receivedTimestamp": "2023-06-27T15:18:22.314Z"
}

WAREHOUSE

testTable = 'default.crime_data_delta'
testDb = 'test'

df = spark.table(testTable)
df.limit(1).collect()

filteredDf = df.filter('victim_age > 20')

filteredDf.write.saveAsTable('{}.audit_cell'.format(testDb))
spark.table('{}.audit_cell'.format(testDb)).limit(1).collect()

spark.sql('DROP TABLE IF EXISTS {}.audit_cell'.format(testDb))

{
  "action": "QUERY",
  "actor": {
    "type": "USER_ACTOR",
    "name": "Taylor",
    "id": "[email protected]",
    "identityProvider": "okta",
    "impersonatedBy": null
  },
  "sessionId": "abc123456589",
  "actionStatus": "SUCCESS",
  "actionStatusReason": null,
  "actorIp": "1.2.3.4",
  "eventTimestamp": "2022-10-13T20:03:41.013Z",
  "id": "abc123",
  "customerId": "abc123",
  "targetType": "DATASOURCE",
  "targets": [{
    "id": "4",
    "name": "Movies",
    "technology": "DATABRICKS"
  }],
  "auditPayload": {
    "type": "QueryAuditPayload",
    "queryId": "81fe4385-1329-444a-b6d9-b26bce5c8dc7",
    "query": "Project [director#778904]\n+- Filter ((YEAR#778903L = 1999) OR (YEAR#778903L = 2000))\n   +- Relation[movie_id#778901L,Title#778902,Year#778903L,Director#778904,Budget_million#778905,Gross_worldwide#778906L] parquet\n",
    "startTime": "2022-10-13T20:03:41.013Z",
    "endTime": null,
    "duration": null,
    "accessControls": {
      "entitlements": {
        "groups": [],
        "attributes": []
      },
      "policySet": [{
        "type": "SUBSCRIPTION",
        "global": false,
        "subscriptionPolicyType": "MANUAL",
        "ruleAppliedForUser": true
      }]
    },
    "technologyContext": {
      "type": "DatabricksContext",
      "clusterId": "1006-194110-8j0shd5d",
      "clusterName": "databricks-cluster-name",
      "workspaceId": "123456789",
      "pathUris": [
        "dbfs:/user/hive/warehouse/your_database.db/movies"
      ],
      "metastoreTables": ["your_database.movies"],
      "queryLanguage": "python",
      "queryText": "query_success = []\nnum_queries_run = 0\nimpersonate_probability = .20\nspark.sql(\"set immuta.impersonate.user=\")\n\ndef make_fail_query(query):\n  try:\n    spark.sql(\"set [email protected]\")\n    spark.sql(query).toPandas()\n  except: \n    pass\n  \nfor index, query in enumerate(new_queries.values):\n  if(num_queries_run % 100 == 0):\n    print(f\"Queries Successfully Ran: {num_queries_run}/2000, out of total queries ran: {index+1}\")\n  to_impersonate = random.randrange(100)\n  if to_impersonate < impersonate_probability * 100:\n    make_fail_query(query)\n    spark.sql(\"set immuta.impersonate.user=\")\n    num_queries_run += 1\n  else:\n    try:\n      spark.sql(query).toPandas()\n      query_success.append((query, True))\n      num_queries_run += 1\n      if num_queries_run == 2000:\n        break\n    except Exception as e:\n      query_success.append((query, False))\n      \n    ",
      "immutaPluginVersion": "2022.3.0-spark-3.1.1"
    }
  },
  "receivedTimestamp": "2022-10-13T20:03:41.044Z"
}

{
  "id": "20240221_200952_00200_qhadw",
  "action": "QUERY",
  "actionStatus": "SUCCESS",
  "actor": {
    "name": "Taylor",
    "id": "[email protected]",
    "identityProvider": "bim",
    "profileId": "13",
    "type": "USER_ACTOR"
  },
  "tenantId": "your-immuta.com",
  "targetType": "DATASOURCE",
  "targets": [
    {
      "type": "DATASOURCE",
      "id": "35",
      "name": "Tiny Lineitem",
      "technology": "STARBURST_TRINO"
    },
    {
      "type": "DATASOURCE",
      "id": "33",
      "name": "Tiny Orders",
      "technology": "STARBURST_TRINO"
    }
  ],
  "relatedResources": [],
  "auditPayload": {
    "type": "QueryAuditPayload",
    "version": 1,
    "queryId": "20240417_193813_00005_67mum",
    "query": "select c.name, o.clerk from tpch.tiny.customer c join tpch.tiny.orders o on c.custkey = o.custkey limit 10",
    "startTime": "2024-04-17T19:38:13.651Z",
    "endTime": "2024-04-17T19:38:14.068Z",
    "duration": 417.00005531311035,
    "objectsAccessed": [
      {
        "name": "\"tpch\".\"tiny\".\"customer\"",
        "datasourceId": "17",
        "databaseName": "tpch",
        "schemaName": "tiny",
        "type": "LOGICAL_TABLE",
        "columns": [
          {
            "name": "custkey",
            "tags": [],
            "securityProfile": {
              "sensitivity": {
                "score": "NONSENSITIVE"
              }
            },
            "inferred": true
          },
          {
            "name": "name",
            "tags": [
              {
                "type": "TAG",
                "name": "Discovered.Entity.Person Name",
                "id": "104",
                "source": "curated",
                "context": "manual",
                "deleted": false,
                "transient": false
              },
              {
                "type": "TAG",
                "name": "DSF.Control.Personal",
                "id": "116",
                "source": "curated",
                "context": "manual",
                "deleted": false,
                "transient": false
              },
              {
                "type": "TAG",
                "name": "RAF.Confidentiality.Medium",
                "id": "21882",
                "source": "curated",
                "context": "framework",
                "deleted": false,
                "transient": false,
                "framework": {
                  "id": "9144acdd-f92e-4324-bcd4-d22e49dd895e",
                  "version": "d37671bc-58ef-906f-19b0-daf7ce32e878",
                  "name": "Risk Assessment Framework",
                  "measures": {
                    "sensitivity": "SENSITIVE"
                  }
                }
              }
            ],
            "securityProfile": {
              "sensitivity": {
                "score": "SENSITIVE"
              }
            },
            "inferred": true
          }
        ],
        "tags": [],
        "securityProfile": {
          "sensitivity": {
            "score": "SENSITIVE"
          }
        },
        "directlyReferenced": true
      },
      {
        "name": "\"tpch\".\"tiny\".\"orders\"",
        "datasourceId": "13",
        "databaseName": "tpch",
        "schemaName": "tiny",
        "type": "LOGICAL_TABLE",
        "columns": [
          {
            "name": "clerk",
            "tags": [],
            "securityProfile": {
              "sensitivity": {
                "score": "NONSENSITIVE"
              }
            },
            "inferred": true
          },
          {
            "name": "custkey",
            "tags": [],
            "securityProfile": {
              "sensitivity": {
                "score": "NONSENSITIVE"
              }
            },
            "inferred": true
          }
        ],
        "tags": [],
        "securityProfile": {
          "sensitivity": {
            "score": "NONSENSITIVE"
          }
        },
        "directlyReferenced": true
      }
    ],
    "technologyContext": {
      "trinoUsername": "[email protected]",
      "immutaPluginVersion": "444",
      "rowsProduced": 10,
      "type": "TrinoContext"
    }
  },
  "eventTimestamp": "2024-02-21T20:09:52.000Z",
  "receivedTimestamp": "2024-02-21T20:09:53.599Z"
}

{
  "action": "QUERY",
  "actor": {
    "type": "USER_ACTOR",
    "name": "Taylor",
    "id": "[email protected]",
    "identityProvider": "bim",
    "impersonatedBy": null
  },
  "sessionId": "18245308848957358",
  "actionStatus": "SUCCESS",
  "actionStatusReason": null,
  "eventTimestamp": "2023-03-21T13:39:45.040598-04:00",
  "id": "abcd",
  "userAgent": "Snowflake Web App",
  "tenantId": "your-immuta.com",
  "targetType": "DATASOURCE",
  "targets": [
    {
      "type": "DATASOURCE",
      "id": "2034",
      "name": "University Art Gallery Exhibition",
      "technology": "SNOWFLAKE"
    }
  ],
  "relatedResources": [],
  "auditPayload": {
    "type": "QueryAuditPayload",
    "queryId": "01a9c8f5-0602-eeb3-0040-d203014c166a",
    "query": "SELECT T2.theme ,  T1.date ,  T1.attendance FROM \"DETECT_DEMO_DB\".\"UNIVERSITY_ART_GALLERY\".\"EXHIBITION_RECORD\" AS T1 JOIN \"DETECT_DEMO_DB\".\"UNIVERSITY_ART_GALLERY\".\"EXHIBITION\" AS T2 ON T1.exhibition_id  =  T2.exhibition_id WHERE T2.year  =  2004",
    "startTime": "2023-03-21T13:39:45.040598-04:00",
    "endTime": "2023-03-21T13:05:07.040598-04:00",
    "duration": 163,
    "errorCode": null,
    "technologyContext": {
      "type": "SnowflakeContext",
      "host": "example.snowflakecomputing.com",
      "clientIp": "xxx.xx.xx.xx",
      "snowflakeUsername": "[email protected]",
      "rowsProduced": 3,
      "roleName": "ACCOUNTADMIN",
      "warehouseId": "3",
      "warehouseName": "DETECT_WH",
      "clusterNumber": 1
    },
    "objectsAccessed": [
      {
        "name": "DB.PUBLIC.CASE",
        "datasourceId": "3",
        "databaseName": "DB",
        "schemaName": "PUBLIC",
        "type": "TABLE",
        "columns": [
          {
            "name": "DOB",
            "tags": [],
            "securityProfile": {
              "sensitivity": {
                "score": "INDETERMINATE"
              }
            },
            "inferred": false
          },
          {
            "name": "COUNTRY",
            "tags": [],
            "securityProfile": {
              "sensitivity": {
                "score": "INDETERMINATE"
              }
            },
            "inferred": false
          },
          {
            "name": "DEPARTMENT",
            "tags": [],
            "securityProfile": {
              "sensitivity": {
                "score": "INDETERMINATE"
              }
            },
            "inferred": false
          },
          {
            "name": "FIRSTNAME",
            "tags": [],
            "securityProfile": {
              "sensitivity": {
                "score": "INDETERMINATE"
              }
            },
            "inferred": false
          },
          {
            "name": "SSN",
            "tags": [],
            "securityProfile": {
              "sensitivity": {
                "score": "INDETERMINATE"
              }
            },
            "inferred": false
          },
          {
            "name": "ID",
            "tags": [],
            "securityProfile": {
              "sensitivity": {
                "score": "INDETERMINATE"
              }
            },
            "inferred": false
          },
          {
            "name": "COMPANY",
            "tags": [],
            "securityProfile": {
              "sensitivity": {
                "score": "INDETERMINATE"
              }
            },
            "inferred": false
          },
          {
            "name": "LASTNAME",
            "tags": [],
            "securityProfile": {
              "sensitivity": {
                "score": "INDETERMINATE"
              }
            },
            "inferred": false
          }
        ],
        "tags": [],
        "securityProfile": {
          "sensitivity": {
            "score": "INDETERMINATE"
          }
        }
      }
    ],
    "securityProfile": {
      "sensitivity": {
        "score": "NONSENSITIVE"
      }
    }
  },
  "receivedTimestamp": "2023-03-22T13:22:04.979644-04:00"
}

UAM Schema Reference Guide

Universal audit model (UAM) is Immuta's consistent structure for all Immuta system and user query audit logs. This reference guide provides example schemas of all the UAM events available in Immuta.

There are some parameter details throughout to help better understand the UAM schemas. But there are two important parameters to each event:

targetType: Informs the Immuta object that's the target of the action being audited. This will specify if it was a user, project, policy, etc. being affected by the action.
action: Informs the base action being performed on the target. This will specify if something was created, deleted, updated, etc.

To learn more about Immuta's audit, see the or view the examples below.

Events and descriptions

Immuta object

Events

ApiKeyCreated event

Event: ApiKeyCreated
Legacy event: apiKey
Description: An API key is created on the Immuta app settings page or from an Immuta user's profile page.

ApiKeyDeleted event

Event: ApiKeyDeleted
Legacy event: apiKey
Description: An API key is deleted.

AttributeApplied event

Event: AttributeApplied
Legacy events: accessUser and accessGroup
Description

AttributeRemoved event

Event: AttributeRemoved
Legacy events: accessUser and accessGroup
Description

ConfigurationUpdated event

Event: ConfigurationUpdated
Legacy event: configurationUpdate
Description: The Immuta configuration on the app settings page is updated.

DatasourceAppliedToProject event

Event: DatasourceAppliedToProject
Legacy event: addToProject
Description: A data source is added to a project.

DatasourceCatalogSynced event

Event: DatasourceCatalogSynced
Legacy event: catalogUpdate
Description: An external catalog and its tags are synced on a data source.

DatasourceCreated event

Event: DatasourceCreated
Legacy event: dataSourceCreate
Description: A data source is created.

DatasourceDeleted event

Event: DatasourceDeleted
Legacy event: dataSourceDelete
Description: A data source is deleted.

DatasourceDisabled event

Event: DatasourceDisabled
Legacy event: None
Description: A data source is disabled.

DatasourceGlobalPolicyApplied event

Event: DatasourceGlobalPolicyApplied
Legacy event: globalPolicyApplied
Description: A global policy is applied to a data source.

DatasourceGlobalPolicyConflictResolved event

Event: DatasourceGlobalPolicyConflictResolved
Legacy event: globalPolicyConflictResolved
Description: A policy conflict between two global policies on a data source is resolved.

DatasourceGlobalPolicyDisabled event

Event: DatasourceGlobalPolicyDisabled
Legacy event: globalPolicyDisabled
Description: A global policy is disabled on a data source.

DatasourceGlobalPolicyRemoved event

Event: DatasourceGlobalPolicyRemoved
Legacy event: globalPolicyRemoved
Description: A global policy is removed from a data source.

DatasourcePolicyCertificationExpired event

Event: DatasourcePolicyCertificationExpired
Legacy event: policyCertificationExpired
Description: The global policy certification on a data source is expired.

DatasourcePolicyCertified event

Event: DatasourcePolicyCertified
Legacy event: globalPolicyCertify
Description: A global policy is certified for a data source.

DatasourcePolicyDecertified event

Event: DatasourcePolicyDecertified
Legacy events: None
Description: A global policy is decertified for a data source.

DatasourceRemovedFromProject event

Event: DatasourceRemovedFromProject
Legacy event: removeFromProject
Description: A data source is removed from a project.

DatasourceUpdated event

Event: DatasourceUpdated
Legacy events: dataSourceUpdate and dataSourceSave
Description

DomainCreated event

Event: DomainCreated
Legacy event: collectionCreated
Description: A domain is created.

DomainDataSourcesUpdated event

Event: DomainDataSourcesUpdated
Legacy events: collectionDataSourceAdded, collectionDataSourceRemoved, and collectionDataSourceUpdated

DomainDeleted event

Event: DomainDeleted
Legacy event: collectionDeleted
Description: A domain is deleted.

DomainPermissionsUpdated event

Event: DomainPermissionsUpdated
Legacy events: collectionPermissionGranted and collectionPermissionRevoked
Description

DomainUpdated event

Event: DomainUpdated
Legacy event: collectionUpdated
Description: A domain's details (name, description, settings etc.) are updated.

GlobalPolicyApprovalRescinded event

Event: GlobalPolicyApprovalRescinded
Legacy event: globalPolicyApprovalRescinded
Description: The approval for a global policy is rescinded with the approve to promote feature (private preview).

GlobalPolicyApproved event

Event: GlobalPolicyApproved
Legacy event: globalPolicyApproved
Description: A global policy is approved with the approve to promote feature (private preview).

GlobalPolicyChangeRequested event

Event: GlobalPolicyChangeRequested
Legacy event: globalPolicyChangeRequested
Description: A change to a global policy is requested with the approve to promote feature (private preview).

GlobalPolicyCreated event

Event: GlobalPolicyCreated
Legacy event: globalPolicyCreate
Description: A global policy is created.

GlobalPolicyDeleted event

Event: GlobalPolicyDeleted
Legacy event: globalPolicyDelete
Description: A global policy is deleted.

GlobalPolicyPromoted event

Event: GlobalPolicyPromoted
Legacy event: globalPolicyPromoted
Description: A global policy is promoted to production with the approve to promote feature (private preview).

GlobalPolicyReviewRequested event

Event: GlobalPolicyReviewRequested
Legacy event: globalPolicyReviewRequested
Description: A review is requested for a global policy with the approve to promote feature (private preview).

GlobalPolicyUpdated event

Event: GlobalPolicyUpdated
Legacy event: globalPolicyUpdate
Description: A global policy is updated.

GroupCreated event

Event: GroupCreated
Legacy event: accessGroup
Description: A group is created in Immuta by user actions in the UI or ingested from an external IAM.

GroupDeleted event

Event: GroupDeleted
Legacy event: accessGroup
Description: A group is deleted in Immuta by user actions in the UI or from within an external IAM.

GroupMemberAdded event

Event: GroupMemberAdded
Legacy event: accessGroup
Description: A user is added to a group in Immuta by user actions in the UI or from within an external IAM.

GroupMemberRemoved event

Event: GroupMemberRemoved
Legacy event: accessGroup
Description: A user is removed from a group in Immuta by user actions in the UI or from within an external IAM.

GroupUpdated event

Event: GroupUpdated
Legacy event: accessGroup
Description: A group's details (email, name, description, etc.) are updated.

LicenseCreated event

Event: LicenseCreated
Legacy event: licenseCreate
Description: An Immuta license is created.

LicenseDeleted event

Event: LicenseDeleted
Legacy event: licenseDelete
Description: An Immuta license is deleted.

LocalPolicyCreated event

Event: LocalPolicyCreated
Legacy event: policyHandlerCreate
Description: A local policy is created on a data source.

LocalPolicyUpdated event

Event: LocalPolicyUpdated
Legacy event: policyHandlerUpdate
Description: A local policy is updated on a data source.

PermissionApplied event

Event: PermissionApplied
Legacy event: accessUser
Description: A global permission is applied to a user.

PermissionRemoved event

Event: PermissionRemoved
Legacy event: accessUser
Description: A global permission is removed from a user.

ProjectCreated event

Event: ProjectCreated
Legacy event: projectCreate
Description: A project is created.

ProjectDeleted event

Event: ProjectDeleted
Legacy event: projectDelete
Description: A project is deleted.

ProjectDisabled event

Event: ProjectDisabled
Legacy events: None
Description: A project is disabled.

ProjectPurposeApproved event

Event: ProjectPurposeApproved
Legacy event: projectPurposeApprove
Description: A purpose is approved within a project.

ProjectPurposeDenied event

Event: ProjectPurposeDenied
Legacy event: projectPurposeDeny
Description: A purpose is denied within a project.

ProjectPurposesAcknowledged event

Event: ProjectPurposesAcknowledged
Legacy event: acknowledgePurposes
Description: A user acknowledged a purpose within a project.

ProjectUpdated event

Event: ProjectUpdated
Legacy event: projectPurposeDeny
Description: A project is updated.

PurposeDeleted event

Event: PurposeDeleted
Legacy event: purposeDelete
Description: A purpose is deleted.

PurposeUpdated event

Event: PurposeUpdated
Legacy event: purposeUpdate
Description: A purpose is updated.

PurposeUpserted event

Event: PurposeUpserted
Legacy event: purposeCreate
Description: A purpose is created.

SDDClassifierCreated event

Event: SDDClassifierCreated
Legacy event: sddClassifierCreated
Description: An identifier is created.

SDDClassifierDeleted event

Event: SDDClassifierDeleted
Legacy event: sddClassifierDeleted
Description: An identifier is deleted.

SDDClassifierUpdated event

Event: SDDClassifierUpdated
Legacy event: sddClassifierUpdated
Description: An identifier is updated.

SubscriptionCreated event

Event: SubscriptionCreated
Legacy events: dataSourceSubscription and projectSubscription
Description

SubscriptionDeleted event

Event: SubscriptionUpdated
Legacy events: dataSourceSubscription and projectSubscription
Description

SubscriptionRequestApproved event

Event: SubscriptionUpdated
Legacy events: dataSourceSubscription and projectSubscription
Description

SubscriptionRequestDenied event

Event: SubscriptionUpdated
Legacy events: dataSourceSubscription and projectSubscription
Description

SubscriptionRequested event

Event: SubscriptionRequested
Legacy events: dataSourceSubscription and projectSubscription
Description

SubscriptionUpdated event

Event: SubscriptionUpdated
Legacy events: dataSourceSubscription and projectSubscription
Description

TagApplied event

Event: TagApplied
Legacy event: tagAdded
Description: A tag is applied to a data source or column.

TagCreated event

Event: TagCreated
Legacy event: tagCreated
Description: A tag is created.

TagDeleted event

Event: TagDeleted
Legacy event: tagDeleted
Description: A tag is deleted.

TagRemoved event

Event: TagRemoved
Legacy event: tagRemoved
Description: A tag is removed from a data source or column.

TagUpdated event

Event: TagUpdated
Legacy event: tagUpdated
Description: A tag is updated.

UserAuthenticated event

Event: UserAuthenticated
Legacy event: authenticate
Description: A user signs in to Immuta.

UserCloned event

Event: UserCloned
Legacy event: accessUser
Description: A user is cloned.

UserCreated event

Event: UserCreated
Legacy event: accessUser
Description: A user is created.

UserDeleted event

Event: UserDeleted
Legacy event: accessUser
Description: A user is deleted.

UserLogout event

Event: UserLogout
Legacy events: None
Description: A user logs out of Immuta.

UserOneTimeTokenCreated event

Event: UserOneTimeTokenCreated
Legacy event: accessUser
Description: A sign-in token is created for a user.

UserPasswordUpdated event

Event: UserPasswordUpdated
Legacy event: accessUser
Description: A user's password is updated.

UserUpdated event

Event: UserUpdated
Legacy event: externalUserIdChanged
Description: A user's details are updated.

WebhookCreated event

Event: WebhookCreated
Legacy event: webhookCreate
Description: A webhook is created.

WebhookDeleted event

Event: WebhookDeleted
Legacy event: webhookDelete
Description: A webhook is deleted.

{
    "relatedResources": [],
    "auditPayload": {
        "type": "ApiKeyCreatedAuditPayload",
        "apiKeyId": "1112158",
        "name": "T1",
        "version": 1
    },
    "action": "CREATE",
    "tenantId": "your-immuta-tenant.com",
    "actionStatus": "SUCCESS",
    "eventTimestamp": "2024-01-25T18:04:58.368Z",
    "actor": {
        "id": "[email protected]",
        "identityProvider": "bim",
        "profileId": "1",
        "type": "USER_ACTOR",
        "name": "Taylor Smith"
    },
    "targetType": "APIKEY",
    "id": "d9dc3cee-98d0-47d6-ba81-e0b38f9f4014",
    "receivedTimestamp": "2024-01-25T18:04:58.505Z",
    "actorIp": "xxx.xx.xx.xx",
    "targets": [],
    "requestId": "60c68659-ac83-5299-bf3e-14856178a0de",
    "sessionId": "9c553d7ace0aa3ee735fd3c14f737bc6"
}

{
    "id": "fe47ddd1-fd22-4dcf-9648-83950a10ef34",
    "targetType": "APIKEY",
    "receivedTimestamp": "2024-01-25T18:08:28.891Z",
    "actor": {
        "type": "USER_ACTOR",
        "identityProvider": "bim",
        "id": "[email protected]",
        "profileId": "1",
        "name": "Taylor Smith"
    },
    "requestId": "220c7faa-7f56-5d8c-aa31-8ac2212b7707",
    "sessionId": "9c553d7ace0aa3ee735fd3c14f737bc6",
    "targets": [],
    "actorIp": "xxx.xx.xx.xx",
    "relatedResources": [],
    "auditPayload": {
        "type": "ApiKeyDeletedAuditPayload",
        "apiKeyId": "1112158",
        "version": 1
    },
    "eventTimestamp": "2024-01-25T18:08:21.319Z",
    "action": "DELETE",
    "actionStatus": "SUCCESS",
    "tenantId": "your-immuta-tenant.com"
}

{
    "actorIp": "xxx.xx.xx.xx",
    "targets": [
        {
            "name": "Deepu Murty",
            "id": "[email protected]",
            "identityProvider": "bim",
            "profileId": "20",
            "type": "USER"
        }
    ],
    "requestId": "e45652cd-4d00-5def-8e8c-aca696822fc2",
    "sessionId": "cdbffff8804103418350947c6586712c",
    "actor": {
        "type": "USER_ACTOR",
        "profileId": "1",
        "id": "[email protected]",
        "identityProvider": "bim",
        "name": "Taylor Smith"
    },
    "id": "63f111a7-0835-4696-8fdb-188130c44fac",
    "targetType": "USER",
    "receivedTimestamp": "2023-09-13T14:36:02.926Z",
    "action": "ATTRIBUTE_APPLY",
    "tenantId": "your-immuta-tenant.com",
    "actionStatus": "SUCCESS",
    "eventTimestamp": "2023-09-13T14:36:02.688Z",
    "relatedResources": [
        {
            "values": ["Product"],
            "name": "Department",
            "id": "department",
            "type": "ATTRIBUTE"
        }
    ],
    "auditPayload": {
        "entityType": "USER",
        "type": "AttributeAppliedAuditPayload",
        "version": 1,
        "attributes": [
            {
                "values": ["Product"],
                "attribute": "Department"
            }
        ],
        "entityIdProvider": "bim",
        "entityId": "[email protected]"
    }
}

{
    "relatedResources": [
        {
            "values": ["UNCLASSIFIED"],
            "name": "classification",
            "id": "classification",
            "type": "ATTRIBUTE"
        }
    ],
    "auditPayload": {
        "type": "AttributeRemovedAuditPayload",
        "entityType": "USER",
        "version": 1,
        "attributes": [
            {
                "values": ["UNCLASSIFIED"],
                "attribute": "classification"
            }
        ],
        "entityIdProvider": "bim",
        "entityId": "[email protected]"
    },
    "action": "ATTRIBUTE_REMOVE",
    "actionStatus": "SUCCESS",
    "tenantId": "your-immuta-tenant.com",
    "eventTimestamp": "2024-02-20T19:46:50.259Z",
    "actor": {
        "profileId": "1",
        "id": "[email protected]",
        "identityProvider": "bim",
        "type": "USER_ACTOR",
        "name": "Taylor Smith"
    },
    "id": "0fd77c61-f08a-488c-9d10-c356ffea0d11",
    "targetType": "USER",
    "receivedTimestamp": "2024-02-20T19:46:50.426Z",
    "targets": [
        {
            "name": "Deepu Murty",
            "type": "USER",
            "id": "[email protected]",
            "identityProvider": "bim",
            "profileId": "20"
        }
    ],
    "actorIp": "xxx.xx.xx.xx",
    "requestId": "146ec771-ec2e-5f40-8551-1dbc38e64078",
    "sessionId": "893db38b8f1977fda75f60d168c4e74e"
}

{
    "eventTimestamp": "2023-12-04T18:38:25.801Z",
    "tenantId": "your-immuta-tenant.com",
    "actionStatus": "SUCCESS",
    "action": "CONFIGURATION_UPDATED",
    "auditPayload": {
        "version": 1,
        "type": "ConfigurationUpdatedAuditPayload",
        "changeSet": {
            "plugins": {
                "policy": {
                    "approveToPromote": {
                        "requiredApprovalCount": [
                            {
                                "newValue": 1,
                                "oldValue": 2
                            }
                        ]
                    }
                }
            }
        },
        "configurationId": "20"
    },
    "relatedResources": [],
    "sessionId": "aed83ab8b46affcb1169532dada92b72",
    "requestId": "c80f510f-3f55-5450-8dea-d5e243708686",
    "targets": [
        {
            "name": "20",
            "type": "CONFIGURATION",
            "id": "20"
        }
    ],
    "actorIp": "xxx.xx.xx.xx",
    "receivedTimestamp": "2023-12-04T18:38:26.039Z",
    "id": "3989e233-c791-43e9-813f-7738f4c8e26b",
    "targetType": "CONFIGURATION",
    "actor": {
        "identityProvider": "bim",
        "id": "[email protected]",
        "profileId": "1",
        "type": "USER_ACTOR",
        "name": "Taylor Smith"
    }
}

{
    "auditPayload": {
        "type": "DatasourceAppliedToProjectAuditPayload",
        "errors": [],
        "projectId": "2",
        "version": 1,
        "datasources": [
            {
                "id": "2",
                "name": "Public Case"
            }
        ]
    },
    "sessionId": "6b928653b1411078647a2764a72beca6",
    "targets": [
        {
            "projectKey": "HumanResources",
            "id": "2",
            "type": "PROJECT",
            "name": "Human Resources"
        }
    ],
    "action": "DATASOURCE_APPLY",
    "id": "8106b44f-cf56-4ca2-a111-641d0e80e6ff",
    "targetType": "PROJECT",
    "actionStatus": "SUCCESS",
    "relatedResources": [
        {
            "id": "2",
            "technology": "SNOWFLAKE",
            "type": "DATASOURCE",
            "name": "Public Case"
        }
    ],
    "actor": {
        "id": "[email protected]",
        "profileId": "1",
        "name": "Taylor Smith",
        "identityProvider": "bim",
        "type": "USER_ACTOR"
    },
    "eventTimestamp": "2023-10-13T14:08:20.427Z",
    "actorIp": "xxx.xx.xx.xx",
    "requestId": "8823f3f0-4e46-590c-bbb2-209cce750ff9",
    "tenantId": "your-immuta-tenant.com",
    "receivedTimestamp": "2023-10-13T14:08:20.660Z"
}

{
    "tenantId": "your-immuta-tenant.com",
    "action": "CATALOG_SYNC",
    "actor": {
        "type": "USER_ACTOR",
        "identityProvider": "bim",
        "name": "Taylor Smith",
        "profileId": "1",
        "id": "[email protected]"
    },
    "targetType": "DATASOURCE",
    "actionStatus": "SUCCESS",
    "eventTimestamp": "2023-04-14T16:48:21.159Z",
    "id": "159d4299-fca5-47cb-aa6b-81d93bafa526",
    "targets": [
        {
            "id": "9",
            "name": "Public case",
            "technology": "SNOWFLAKE",
            "type": "DATASOURCE"
        }
    ],
    "relatedResources": [],
    "receivedTimestamp": "2023-04-14T16:48:21.209Z",
    "auditPayload": {
        "datasourceId": "9",
        "changes": {
            "before": {
                "catalogId": null,
                "documentation": null,
                "dictionary": [
                    {
                        "tags": [],
                        "columnName": "country"
                    },
                    {
                        "columnName": "date",
                        "tags": []
                    },
                    {
                        "tags": [],
                        "columnName": "fastest_qualifying"
                    },
                    {
                        "columnName": "location",
                        "tags": []
                    },
                    {
                        "columnName": "round",
                        "tags": []
                    },
                    {
                        "columnName": "winning_aircraft",
                        "tags": []
                    },
                    {
                        "tags": [],
                        "columnName": "winning_pilot"
                    }
                ],
                "tableTags": null,
                "description": null
            },
            "after": {
                "description": "",
                "tableTags": null,
                "dictionary": [
                    {
                        "columnName": "country",
                        "description": "",
                        "tags": []
                    },
                    {
                        "tags": [],
                        "description": "",
                        "columnName": "date"
                    },
                    {
                        "tags": [],
                        "columnName": "fastest_qualifying",
                        "description": ""
                    },
                    {
                        "tags": [],
                        "columnName": "location",
                        "description": ""
                    },
                    {
                        "columnName": "round",
                        "description": "",
                        "tags": []
                    },
                    {
                        "tags": [],
                        "description": "",
                        "columnName": "winning_aircraft"
                    },
                    {
                        "columnName": "winning_pilot",
                        "description": "",
                        "tags": []
                    }
                ],
                "catalogId": "immuta-product_engineering"
            }
        },
        "type": "DatasourceCatalogSyncedAuditPayload"
    }
}

{
"id": "dc0b7313-ecc9-42f1-ba33-df0a1a753c08",
"action": "CREATE",
"actionStatus": "SUCCESS",
"actor": {
    "name": "Taylor Smith",
    "id": "[email protected]",
    "identityProvider": "bim",
    "profileId": "1",
    "type": "USER_ACTOR"
},
"tenantId": "your-immuta-tenant.com",
"targetType": "DATASOURCE",
"targets": [
    {
        "type": "DATASOURCE",
        "id": "102",
        "name": "Pgboss Job",
        "technology": "POSTGRESQL"
    }
],
"relatedResources": [
    {
        "type": "CONNECTION",
        "id": "4",
        "name": "data-source-connection-name",
        "connectionKey": "data-source-connection-key"
    }
],
"auditPayload": {
    "type": "DatasourceCreatedAuditPayload",
    "version": 1,
    "description": null,
    "documentation": null,
    "expiration": null,
    "columnDetectionEnabled": true,
    "disabled": false,
    "technology": "POSTGRESQL",
    "connectionId": "4",
    "table": "job",
    "schema": "pgboss",
    "sensitiveDataDiscoveryEnabled": true
},
"eventTimestamp": "2024-02-22T13:59:04.681Z",
"receivedTimestamp": "2024-02-22T13:59:04.715Z"
}

{
"id": "1403b675-70f6-4833-ab4c-a7486c63f494",
"action": "DELETE",
"actionStatus": "SUCCESS",
"actor": {
    "name": "Taylor Smith",
    "id": "[email protected]",
    "identityProvider": "bim",
    "profileId": "1",
    "type": "USER_ACTOR"
},
"tenantId": "your-immuta-tenant.com",
"targetType": "DATASOURCE",
"targets": [
    {
        "type": "DATASOURCE",
        "id": "93",
        "name": "Audit",
        "technology": "POSTGRESQL"
    }
],
"relatedResources": [],
"auditPayload": {
    "type": "DatasourceDeletedAuditPayload",
    "version": 1,
    "datasourceId": "93",
    "name": "Audit",
    "technology": "POSTGRESQL"
},
"eventTimestamp": "2024-02-22T14:20:42.379Z",
"receivedTimestamp": "2024-02-22T14:20:42.392Z"
}

{
    "id": "a09b9bc3-3775-4496-87ec-b808cf649794",
    "sessionId": "0fcaaf9c074330b4b875746c2e52739c",
    "requestId": "153fe145-32a0-5c33-930d-c571c1d7748d",
    "action": "DISABLE",
    "actionStatus": "SUCCESS",
    "actor": {
        "name": "Taylor Smith",
        "id": "[email protected]",
        "identityProvider": "bim",
        "profileId": "1",
        "type": "USER_ACTOR"
    },
    "actorIp": "xxx.xx.xx.xx",
    "tenantId": "your-immuta-tenant.com",
    "targetType": "DATASOURCE",
    "targets": [
        {
            "type": "DATASOURCE",
            "id": "57",
            "name": "Activity",
            "technology": "POSTGRESQL"
        }
    ],
    "relatedResources": [],
    "auditPayload": {
        "type": "DatasourceDisabledAuditPayload",
        "version": 1,
        "datasourceId": "57",
        "name": "Activity",
        "technology": "POSTGRESQL"
    },
    "eventTimestamp": "2024-02-22T14:22:20.039Z",
    "receivedTimestamp": "2024-02-22T14:22:20.183Z"
}

{
    "receivedTimestamp": "2023-10-24T18:06:27.645Z",
    "auditPayload": {
        "conflict": null,
        "version": 1,
        "policy": {
            "actions": [
                {
                    "dataPolicyType": "MASKING",
                    "rules": [
                        {
                            "exceptions": null,
                            "type": "MASKING_HASH",
                            "fields": ["AWARD_ID"],
                            "ruleAppliedForUser": false
                        }
                    ],
                    "type": "DATA",
                    "global": false,
                    "rationale": null
                }
            ],
            "type": "DATA"
        },
        "type": "DatasourceGlobalPolicyAppliedAuditPayload"
    },
    "relatedResources": [
        {
            "policyKey": "Mask PII",
            "name": "Mask PII",
            "type": "GLOBAL_POLICY",
            "id": "7"
        }
    ],
    "id": "7f57d63a-5db8-412a-ad93-c6baa61384b3",
    "targetType": "DATASOURCE",
    "actor": {
        "profileId": "1",
        "identityProvider": "bim",
        "id": "[email protected]",
        "type": "USER_ACTOR",
        "name": "Taylor Smith"
    },
    "eventTimestamp": "2023-10-24T18:06:27.617Z",
    "tenantId": "your-immuta-tenant.com",
    "actionStatus": "SUCCESS",
    "targets": [
        {
            "id": "47",
            "type": "DATASOURCE",
            "technology": "SNOWFLAKE",
            "name": "Public case"
        }
    ],
    "action": "POLICY_APPLIED"
}

{
    "actor": {
        "name": "Taylor Smith",
        "profileId": "1",
        "identityProvider": "bim",
        "id": "[email protected]",
        "type": "USER_ACTOR"
    },
    "id": "ac9c699a-aad0-4899-964c-279cd7eba125",
    "targetType": "DATASOURCE",
    "relatedResources": [],
    "auditPayload": {
        "type": "DatasourceGlobalPolicyConflictResolvedAuditPayload",
        "version": 1
    },
    "receivedTimestamp": "2023-10-24T18:34:04.330Z",
    "action": "POLICY_CONFLICT_RESOLVED",
    "targets": [
        {
            "name": "Public case",
            "technology": "SNOWFLAKE",
            "id": "47",
            "type": "DATASOURCE"
        }
    ],
    "actionStatus": "SUCCESS",
    "tenantId": "your-immuta-tenant.com",
    "eventTimestamp": "2023-10-24T18:34:04.301Z"
}

{
    "relatedResources": [
        {
            "id": "7",
            "type": "GLOBAL_POLICY",
            "name": "Mask PII",
            "policyKey": "mask pii"
        }
    ],
    "targetType": "DATASOURCE",
    "id": "4853154c-8825-4138-800d-913cbab56af6",
    "receivedTimestamp": "2023-10-24T18:13:25.004Z",
    "auditPayload": {
        "version": 1,
        "type": "DatasourceGlobalPolicyDisabledAuditPayload"
    },
    "actor": {
        "id": "[email protected]",
        "identityProvider": "bim",
        "profileId": "1",
        "type": "USER_ACTOR",
        "name": "Taylor Smith"
    },
    "eventTimestamp": "2023-10-24T18:13:24.975Z",
    "action": "POLICY_DISABLED",
    "targets": [
        {
            "id": "47",
            "type": "DATASOURCE",
            "name": "Public case",
            "technology": "SNOWFLAKE"
        }
    ],
    "actionStatus": "SUCCESS",
    "tenantId": "your-immuta-tenant.com"
}

{
    "actor": {
        "name": "Taylor Smith",
        "type": "USER_ACTOR",
        "identityProvider": "bim",
        "id": "[email protected]",
        "profileId": "1"
    },
    "auditPayload": {
        "type": "DatasourceGlobalPolicyRemovedAuditPayload",
        "conflict": null,
        "policy": {
            "type": "DATA",
            "actions": [
                {
                    "dataPolicyType": "MASKING",
                    "rationale": null,
                    "global": false,
                    "type": "DATA",
                    "rules": [
                        {
                            "type": "MASKING_HASH",
                            "exceptions": null,
                            "ruleAppliedForUser": false,
                            "fields": ["PII"]
                        }
                    ]
                }
            ]
        },
        "version": 1
    },
    "receivedTimestamp": "2023-10-24T18:06:27.635Z",
    "id": "4a27ab2f-156e-4cff-a3bc-65184d74ccd5",
    "targetType": "DATASOURCE",
    "relatedResources": [
        {
            "policyKey": "mask pii",
            "name": "Mask PII",
            "id": "7",
            "type": "GLOBAL_POLICY"
        }
    ],
    "tenantId": "your-immuta-tenant.com",
    "actionStatus": "SUCCESS",
    "targets": [
        {
            "type": "DATASOURCE",
            "id": "47",
            "name": "Public case",
            "technology": "SNOWFLAKE"
        }
    ],
    "action": "POLICY_REMOVED",
    "eventTimestamp": "2023-10-24T18:06:27.617Z"
}

{
    "actionStatus": "SUCCESS",
    "tenantId": "your-immuta-tenant.com",
    "targets": [
        {
            "technology": "SNOWFLAKE",
            "name": "Public case",
            "type": "DATASOURCE",
            "id": "47"
        }
    ],
    "action": "DECERTIFY_POLICY",
    "eventTimestamp": "2023-10-16T19:49:25.365Z",
    "actor": {
        "type": "SYSTEM_ACCOUNT",
        "id": "immuta_system_account",
        "name": "Immuta System Account"
    },
    "auditPayload": {
        "expirationDate": "2023-10-16T19:49:25.365Z",
        "type": "DatasourcePolicyCertificationExpiredAuditPayload",
        "version": 1
    },
    "receivedTimestamp": "2023-10-16T19:49:25.387Z",
    "targetType": "DATASOURCE",
    "id": "aedc4025-d888-4407-b837-659dca4d0e80",
    "relatedResources": [
        {
            "type": "GLOBAL_POLICY",
            "id": "7",
            "policyKey": "mask pii",
            "name": "Mask PII"
        }
    ]
}

{
    "receivedTimestamp": "2023-10-03T18:35:32.666Z",
    "id": "04947a9b-0206-4c2d-bce0-0d969b68350b",
    "targetType": "DATASOURCE",
    "actor": {
        "type": "USER_ACTOR",
        "profileId": "1",
        "id": "[email protected]",
        "identityProvider": "bim",
        "name": "Taylor Smith"
    },
    "sessionId": "95ca3d7f5d3d2a2b82cecb3ff1051b63",
    "requestId": "bf443424-2e49-5a13-9009-8b527a3f65f3",
    "targets": [
        {
            "id": "44",
            "type": "DATASOURCE",
            "technology": "SNOWFLAKE",
            "name": "Public case"
        }
    ],
    "actorIp": "xxx.xx.xx.xx",
    "auditPayload": {
        "type": "DatasourcePolicyCertifiedAuditPayload",
        "columns": [
            {
                "name": "Full name",
                "tags": [
                    {
                        "deleted": false,
                        "id": "23",
                        "type": "TAG",
                        "context": "manual",
                        "source": "curated",
                        "name": "PII"
                    }
                ]
            }
        ],
        "certificationDate": "2023-10-03T18:35:32.607Z",
        "version": 1
    },
    "relatedResources": [
        {
            "type": "GLOBAL_POLICY",
            "id": "3",
            "name": "Mask PHI",
            "policyKey": "Mask PHI"
        }
    ],
    "eventTimestamp": "2023-10-03T18:35:32.484Z",
    "actionStatus": "SUCCESS",
    "tenantId": "your-immuta-tenant.com",
    "action": "POLICY_CERTIFY"
}

{
    "actorIp": "xxx.xx.xx.xx",
    "targets": [
        {
            "id": "44",
            "type": "DATASOURCE",
            "technology": "SNOWFLAKE",
            "name": "Public case"
        }
    ],
    "requestId": "270aa26c-e424-53cf-af06-d290c8bfa308",
    "sessionId": "95ca3d7f5d3d2a2b82cecb3ff1051b63",
    "actor": {
        "identityProvider": "bim",
        "id": "[email protected]",
        "profileId": "1",
        "type": "USER_ACTOR",
        "name": "Taylor Smith"
    },
    "targetType": "DATASOURCE",
    "id": "31c902a8-5cbc-4171-baaa-2428080fac91",
    "receivedTimestamp": "2023-10-03T19:25:34.166Z",
    "action": "DECERTIFY_POLICY",
    "actionStatus": "SUCCESS",
    "tenantId": "your-immuta-tenant.com",
    "eventTimestamp": "2023-10-03T19:25:34.094Z",
    "relatedResources": [
        {
            "name": "Mask PII",
            "policyKey": "mask pii",
            "id": "7",
            "type": "GLOBAL_POLICY"
        }
    ],
    "auditPayload": {
        "version": 1,
        "type": "DatasourcePolicyDecertifiedAuditPayload",
        "decertificationDate": "2023-10-03T19:25:34.121Z"
    }
}

{
    "id": "77de32df-1655-4618-b0bf-e6883483a151",
    "sessionId": "285574f9f1fd35b1fc7dba060e0786a2",
    "requestId": "e35f9736-f206-53fd-ab02-043bce216e52",
    "action": "DATASOURCE_REMOVE",
    "actionStatus": "SUCCESS",
    "actor": {
        "name": "Taylor Smith",
        "id": "[email protected]",
        "identityProvider": "bim",
        "profileId": "1",
        "type": "USER_ACTOR"
    },
    "actorIp": "xxx.xx.xx.xx",
    "tenantId": "your-immuta-tenant.com",
    "targetType": "PROJECT",
    "targets": [
        {
            "type": "PROJECT",
            "name": "Human Resources",
            "id": "13",
            "projectKey": "humanresources"
        }
    ],
    "relatedResources": [
        {
            "type": "DATASOURCE",
            "id": "54",
            "name": "Customers",
            "technology": "POSTGRESQL"
        }
    ],
    "auditPayload": {
        "type": "DatasourceRemovedFromProjectAuditPayload",
        "version": 1,
        "projectId": "13",
        "datasources": [
            {
                "id": "54",
                "name": "Customers"
            }
        ],
        "errors": []
    },
    "eventTimestamp": "2024-02-29T18:19:08.881Z",
    "receivedTimestamp": "2024-02-29T18:19:09.071Z"
}

{
    "id": "d6e6115a-e508-4ace-83af-5b6da9a25884",
    "action": "UPDATE",
    "actionStatus": "SUCCESS",
    "actor": {
        "name": "Taylor Smith",
        "id": "[email protected]",
        "identityProvider": "bim",
        "profileId": "1",
        "type": "USER_ACTOR"
    },
    "tenantId": "your-immuta-tenant.com",
    "targetType": "DATASOURCE",
    "targets": [
        {
            "type": "DATASOURCE",
            "id": "66",
            "name": "Public case",
            "technology": "POSTGRESQL"
        }
    ],
    "relatedResources": [],
    "auditPayload": {
        "type": "DatasourceUpdatedAuditPayload",
        "version": 1,
        "name": "Public case",
        "description": null,
        "documentation": "New documentation to describe the table.",
        "expiration": null,
        "columnDetectionEnabled": true,
        "disabled": false,
        "datasourceId": "66"
    },
    "eventTimestamp": "2024-02-22T14:24:45.048Z",
    "receivedTimestamp": "2024-02-22T14:24:45.069Z"
}

{
    "sessionId": "227c3dbbbfe78ecd693c84979a930c22",
    "actionStatus": "SUCCESS",
    "targetType": "DOMAIN",
    "actorIp": "xxx.xx.xx.xx",
    "receivedTimestamp": "2023-12-20T20:01:03.651Z",
    "requestId": "460ce02b-30d5-5e68-bff0-b31e6ea44ba0",
    "id": "f99bc30e-13f6-4041-a0ad-20750a27519e",
    "actor": {
        "id": "[email protected]",
        "name": "Taylor Smith",
        "identityProvider": "bim",
        "profileId": "1",
        "type": "USER_ACTOR"
    },
    "action": "CREATE",
    "tenantId": "your-immuta-tenant.com",
    "auditPayload": {
        "domain": {
            "description": "A domain for financial data.",
            "name": "Finance Domain",
            "domainType": "DOMAIN",
            "id": "11e7011d-a365-4933-abcb-d5febc03d310"
        },
        "version": 1,
        "type": "DomainCreatedAuditPayload"
    },
    "relatedResources": [],
    "targets": [
        {
            "name": "Finance Domain",
            "domainType": "domain",
            "type": "DOMAIN",
            "id": "11e7011d-a365-4933-abcb-d5febc03d310"
        }
    ],
    "eventTimestamp": "2023-12-20T20:01:03.065Z"
}

{
    "action": "MODIFY_DOMAIN",
    "tenantId": "your-immuta-tenant.com",
    "actionStatus": "SUCCESS",
    "targetType": "DOMAIN",
    "modifiedResourceType": "DATASOURCE",
    "actor": {
        "type": "USER_ACTOR",
        "profileId": "1",
        "identityProvider": "bim",
        "name": "Taylor Smith",
        "id": "[email protected]"
    },
    "id": "bef14718-5fa8-4891-bb9e-47f7a332a70b",
    "eventTimestamp": "2023-12-20T20:23:14.432Z",
    "auditPayload": {
        "updateType": "ADD",
        "version": 1,
        "type": "DomainDataSourcesUpdatedAuditPayload"
    },
    "receivedTimestamp": "2023-12-20T20:23:14.456Z",
    "relatedResources": [
        {
            "name": "Public case",
            "type": "DATASOURCE",
            "technology": "POSTGRESQL",
            "id": "381"
        }
    ],
    "targets": [
        {
            "id": "11e7011d-a365-4933-abcb-d5febc03d310",
            "name": "Finance Domain",
            "domainType": "domain",
            "type": "DOMAIN"
        }
    ]
}

{
    "relatedResources": [],
    "targets": [
        {
            "type": "DOMAIN",
            "name": "Finance Domain",
            "domainType": "DOMAIN",
            "id": "6eb5a6df-67d8-4de7-adbd-24eb7271eaea"
        }
    ],
    "auditPayload": {
        "version": 1,
        "domain": {
            "id": "6eb5a6df-67d8-4de7-adbd-24eb7271eaea",
            "name": "Finance Domain",
            "domainType": "DOMAIN"
        },
        "type": "DomainDeletedAuditPayload"
    },
    "eventTimestamp": "2023-12-20T20:21:13.981Z",
    "actor": {
        "id": "[email protected]",
        "identityProvider": "bim",
        "name": "Taylor Smith",
        "profileId": "1",
        "type": "USER_ACTOR"
    },
    "tenantId": "your-immuta-tenant.com",
    "action": "DELETE",
    "requestId": "7884603d-8911-5f33-a9a7-d8560eb49a89",
    "receivedTimestamp": "2023-12-20T20:21:14.077Z",
    "id": "3a82ceb6-6592-4ddf-9055-6920d87bba32",
    "actionStatus": "SUCCESS",
    "targetType": "DOMAIN",
    "sessionId": "227c3dbbbfe78ecd693c84979a930c22",
    "actorIp": "xxx.xx.xx.xx"
}

{
    "eventTimestamp": "2023-12-20T20:01:03.065Z",
    "relatedResources": [
        {
            "type": "USER",
            "name": "Taylor Smith",
            "identityProvider": "bim",
            "profileId": "1",
            "id": "[email protected]"
        },
        {
            "type": "USER",
            "profileId": "1",
            "name": "Taylor Smith",
            "identityProvider": "bim",
            "id": "[email protected]"
        }
    ],
    "targets": [
        {
            "name": "Finance Domain",
            "domainType": "domain",
            "type": "DOMAIN",
            "id": "11e7011d-a365-4933-abcb-d5febc03d310"
        }
    ],
    "auditPayload": {
        "updateType": "GRANT",
        "version": 1,
        "permissionUpdates": [
            {
                "permission": "MANAGE_POLICIES",
                "profileId": "1"
            }
        ],
        "type": "DomainPermissionsUpdatedAuditPayload"
    },
    "tenantId": "your-immuta-tenant.com",
    "action": "MODIFY_DOMAIN",
    "actor": {
        "identityProvider": "bim",
        "name": "Taylor Smith",
        "profileId": "1",
        "type": "USER_ACTOR",
        "id": "[email protected]"
    },
    "modifiedResourceType": "USER",
    "id": "377ee78b-74da-4466-bdc1-22d531c1f61c",
    "requestId": "460ce02b-30d5-5e68-bff0-b31e6ea44ba0",
    "receivedTimestamp": "2023-12-20T20:01:03.576Z",
    "actorIp": "xxx.xx.xx.xx",
    "sessionId": "227c3dbbbfe78ecd693c84979a930c22",
    "targetType": "DOMAIN",
    "actionStatus": "SUCCESS"
}

{
    "id": "d61d6ac9-2897-4d34-84f3-16181ddb9212",
    "sessionId": "adba345c6949d7f7761367c0769b983d",
    "requestId": "9a64147e-5b57-5905-9e7c-54b5a5c461c8",
    "action": "UPDATE",
    "actionStatus": "SUCCESS",
    "actor": {
        "name": "Taylor Smith",
        "id": "[email protected]",
        "identityProvider": "bim",
        "profileId": "1",
        "type": "USER_ACTOR"
    },
    "actorIp": "xxx.xx.xx.xx",
    "tenantId": "your-immuta-tenant.com",
    "targetType": "DOMAIN",
    "targets": [
        {
            "type": "DOMAIN",
            "id": "69347b14-1cda-41e1-9186-e85853158299",
            "name": "Finance Domain v2",
            "domainType": "domain"
        }
    ],
    "relatedResources": [],
    "auditPayload": {
        "type": "DomainUpdatedAuditPayload",
        "modifiedFields": [
            "name",
            "description"
        ],
        "domain": {
            "id": "69347b14-1cda-41e1-9186-e85853158299",
            "name": "Finance Domain v2",
            "description": "Only use for finance tables."
        },
        "version": 1
    },
    "eventTimestamp": "2023-12-12T18:26:29.618Z",
    "receivedTimestamp": "2023-12-12T18:26:32.472Z"
}

{
    "targets": [
        {
            "id": "12",
            "type": "GLOBAL_POLICY",
            "name": "Mask PII",
            "policyKey": "mask pii"
        }
    ],
    "actorIp": "xxx.xx.xx.xx",
    "sessionId": "c6eb428b869864f798f17fd7d5d0215a",
    "requestId": "10a78dee-6181-52dd-8b68-5461b6172e40",
    "actor": {
        "name": "Deepu Murty",
        "profileId": "999111223",
        "identityProvider": "bim",
        "id": "[email protected]",
        "type": "USER_ACTOR"
    },
    "receivedTimestamp": "2023-11-03T18:23:25.966Z",
    "id": "5ff5640f-4fc3-4634-a0e2-c625e0ffb447",
    "targetType": "GLOBAL_POLICY",
    "tenantId": "your-immuta-tenant.com",
    "actionStatus": "SUCCESS",
    "action": "GLOBAL_POLICY_APPROVAL_RESCINDED",
    "eventTimestamp": "2023-11-03T18:23:25.861Z",
    "auditPayload": {
        "comment": "This policy isn't ready for production. Please mask PII.",
        "type": "GlobalPolicyApprovalRescindedAuditPayload",
        "approvalRequestId": "2",
        "version": 1
    },
    "relatedResources": []
}

{
    "auditPayload": {
        "comment": "This policy looks good for production.",
        "approvalRequestId": "2",
        "type": "GlobalPolicyApprovedAuditPayload",
        "version": 1
    },
    "relatedResources": [],
    "tenantId": "your-immuta-tenant.com",
    "actionStatus": "SUCCESS",
    "action": "GLOBAL_POLICY_APPROVED",
    "eventTimestamp": "2023-11-03T18:22:12.040Z",
    "actor": {
        "name": "Deepu Murty",
        "type": "USER_ACTOR",
        "id": "[email protected]",
        "identityProvider": "bim",
        "profileId": "999111223"
    },
    "receivedTimestamp": "2023-11-03T18:22:12.153Z",
    "id": "271dc5ff-b23e-4da6-8066-91a35fda02e4",
    "targetType": "GLOBAL_POLICY",
    "targets": [
        {
            "name": "Mask PII",
            "policyKey": "mask pii",
            "type": "GLOBAL_POLICY",
            "id": "12"
        }
    ],
    "actorIp": "xxx.xx.xx.xx",
    "sessionId": "c6eb428b869864f798f17fd7d5d0215a",
    "requestId": "50863cf9-6a8a-5299-89e2-200771eab62c"
}

{
    "eventTimestamp": "2023-11-03T18:20:16.483Z",
    "action": "GLOBAL_POLICY_CHANGE_REQUESTED",
    "tenantId": "your-immuta-tenant.com",
    "actionStatus": "SUCCESS",
    "relatedResources": [],
    "auditPayload": {
        "approvalRequestId": "1",
        "type": "GlobalPolicyChangeRequestedAuditPayload",
        "comment": "Please add additional controls on personal data.",
        "version": 1
    },
    "requestId": "4afc86e6-dee6-5756-b02e-b22e92d237c4",
    "sessionId": "be1e7a02ba2a5e65a6848c752ee0838b",
    "targets": [
        {
            "name": "Mask PII",
            "policyKey": "mask pii",
            "type": "GLOBAL_POLICY",
            "id": "12"
        }
    ],
    "actorIp": "xxx.xx.xx.xx",
    "id": "77277757-331a-4a13-ba21-cbfeab01d47f",
    "targetType": "GLOBAL_POLICY",
    "receivedTimestamp": "2023-11-03T18:20:16.581Z",
    "actor": {
        "profileId": "999111223",
        "id": "[email protected]",
        "identityProvider": "bim",
        "type": "USER_ACTOR",
        "name": "Deepu Murty"
    }
}

{
    "targetType": "GLOBAL_POLICY",
    "id": "aac7cb75-c6ec-48ed-a11e-f6d8bf29dfe6",
    "relatedResources": [],
    "actor": {
        "id": "[email protected]",
        "profileId": "1",
        "identityProvider": "bim",
        "name": "Taylor Smith",
        "type": "USER_ACTOR"
    },
    "actionStatus": "SUCCESS",
    "sessionId": "517a11643dcdbba0b5ba30d49ee7a334",
    "auditPayload": {
        "type": "GlobalPolicyCreatedAuditPayload",
        "policy": {
            "type": "DATA",
            "actions": [
                {
                    "type": "DATA",
                    "rules": [
                        {
                            "type": "MASKING_HASH",
                            "columnCondition": {
                                "type": "TAG",
                                "tags": ["Testing"]
                            },
                            "exceptions": null
                        }
                    ],
                    "dataPolicyType": "MASKING",
                    "rationale": null
                }
            ],
            "circumstance": {
                "conditions": [
                    {
                        "type": "TAG",
                        "tagType": "COLUMN",
                        "tag": "Testing"
                    }
                ],
                "operator": "any",
                "type": "CONDITIONAL"
            }
        }
    },
    "targets": [
        {
            "policyKey": "mask pii",
            "type": "GLOBAL_POLICY",
            "name": "Mask PII",
            "id": "5"
        }
    ],
    "action": "CREATE",
    "eventTimestamp": "2023-05-10T18:29:39.438Z",
    "actorIp": "xxx.xx.xx.xx",
    "requestId": "2b126931-7a15-5678-99c4-11f0c5b40365",
    "receivedTimestamp": "2023-05-10T18:29:39.636Z",
    "tenantId": "your-immuta-tenant.com"
}

{
    "requestId": "12674fb7-4b90-5500-906f-7277a240e0f8",
    "eventTimestamp": "2023-09-13T19:42:53.029Z",
    "actorIp": "xxx.xx.xx.xx",
    "tenantId": "your-immuta-tenant.com",
    "receivedTimestamp": "2023-09-13T19:42:53.157Z",
    "id": "d8cb76a2-516d-41f7-98d9-1cb616b759a4",
    "targetType": "GLOBAL_POLICY",
    "actionStatus": "SUCCESS",
    "actor": {
        "name": "Taylor Smith",
        "identityProvider": "bim",
        "type": "USER_ACTOR",
        "id": "[email protected]",
        "profileId": "1"
    },
    "relatedResources": [],
    "auditPayload": {
        "version": 1,
        "policy": {
            "actions": [
                {
                    "subscriptionPolicyType": "AUTOMATIC",
                    "type": "SUBSCRIPTION",
                    "rationale": null,
                    "accessGrant": "READ"
                }
            ],
            "type": "SUBSCRIPTION",
            "circumstance": {
                "type": "WHEN_SELECTED"
            }
        },
        "type": "GlobalPolicyDeletedAuditPayload"
    },
    "sessionId": "2d48cc8df46b3b3eedf543f4192b6726",
    "action": "DELETE",
    "targets": [
        {
            "policyKey": "mask pii",
            "type": "GLOBAL_POLICY",
            "name": "Mask PII",
            "id": "6"
        }
    ]
}

{
    "sessionId": "89fc6c8f7b6e04d9b9d4f720dbd84890",
    "requestId": "6abef8eb-6acb-5364-9a88-7479b03227cf",
    "actorIp": "xxx.xx.xx.xx",
    "targets": [
        {
            "name": "Mask PII",
            "policyKey": "mask pii",
            "type": "GLOBAL_POLICY",
            "id": "12"
        }
    ],
    "receivedTimestamp": "2023-11-08T14:57:36.465Z",
    "targetType": "GLOBAL_POLICY",
    "id": "990f260b-eef6-4eed-8f71-f48c8e9b88cb",
    "actor": {
        "name": "Taylor Smith",
        "identityProvider": "bim",
        "id": "[email protected]",
        "profileId": "1",
        "type": "USER_ACTOR"
    },
    "eventTimestamp": "2023-11-08T14:57:36.387Z",
    "tenantId": "your-immuta-tenant.com",
    "actionStatus": "SUCCESS",
    "action": "GLOBAL_POLICY_PROMOTED",
    "auditPayload": {
        "type": "GlobalPolicyPromotedAuditPayload",
        "policyName": "Mask PII",
        "version": 1,
        "policyId": "12"
    },
    "relatedResources": []
}

{
    "targetType": "GLOBAL_POLICY",
    "id": "a26fa653-e545-4a34-9488-d7f1b92379d0",
    "receivedTimestamp": "2023-11-03T18:16:30.588Z",
    "actor": {
        "name": "Taylor Smith",
        "type": "USER_ACTOR",
        "profileId": "1",
        "identityProvider": "bim",
        "id": "[email protected]"
    },
    "requestId": "9a03030a-09ef-5d2b-abea-b65305901e9b",
    "sessionId": "1f468d12a437bceb59b71054d6ad8bf8",
    "actorIp": "xxx.xx.xx.xx",
    "targets": [
        {
            "name": "Mask PII",
            "policyKey": "mask pii",
            "type": "GLOBAL_POLICY",
            "id": "12"
        }
    ],
    "relatedResources": [],
    "auditPayload": {
        "type": "GlobalPolicyReviewRequestedAuditPayload",
        "approvalRequestId": "1",
        "version": 1
    },
    "eventTimestamp": "2023-11-03T18:16:30.281Z",
    "action": "GLOBAL_POLICY_REVIEW_REQUESTED",
    "tenantId": "your-immuta-tenant.com",
    "actionStatus": "SUCCESS"
}

{
    "tenantId": "your-immuta-tenant.com",
    "receivedTimestamp": "2023-10-24T18:06:21.278Z",
    "eventTimestamp": "2023-10-24T18:06:21.155Z",
    "actorIp": "xxx.xx.xx.xx",
    "requestId": "c2554ade-fbea-54b4-bfa5-a652d8a34309",
    "actionStatus": "SUCCESS",
    "relatedResources": [],
    "actor": {
        "type": "USER_ACTOR",
        "name": "Taylor Smith",
        "identityProvider": "bim",
        "profileId": "1",
        "id": "[email protected]"
    },
    "id": "f2346f5b-07b3-4f71-a0e1-9635e3b7cacc",
    "targetType": "GLOBAL_POLICY",
    "targets": [
        {
            "id": "7",
            "policyKey": "mask pii",
            "type": "GLOBAL_POLICY",
            "name": "Mask PII"
        }
    ],
    "action": "UPDATE",
    "auditPayload": {
        "version": 1,
        "policy": {
            "circumstance": {
                "type": "WHEN_SELECTED"
            },
            "actions": [
                {
                    "dataPolicyType": "MASKING",
                    "type": "DATA",
                    "rules": [
                        {
                            "type": "MASKING_HASH",
                            "columnCondition": {
                                "tags": ["AuditTesting"],
                                "type": "TAG"
                            },
                            "exceptions": null
                        }
                    ],
                    "rationale": null
                }
            ],
            "type": "DATA",
            "certification": {
                "label": "Personal information certification",
                "tags": ["AuditTesting"],
                "description": "I certify that I understand this data source contains personally identifiable information and will use the data appropriately and responsibly to the company policies."
            }
        },
        "type": "GlobalPolicyUpdatedAuditPayload"
    },
    "sessionId": "1a8a16c58f29172d9a59224030617184"
}

{
    "sessionId": "c3e76e5f809b74fabe0975bcac5e0fca",
    "auditPayload": {
        "version": 1,
        "groupIdProvider": "bim",
        "name": "HR",
        "groupId": "6",
        "type": "GroupCreatedAuditPayload"
    },
    "action": "CREATE",
    "targets": [
        {
            "id": "6",
            "identityProvider": "bim",
            "name": "HR",
            "type": "GROUP"
        }
    ],
    "targetType": "GROUP",
    "id": "24b9bce7-e255-47ed-8aa1-fefde19be539",
    "relatedResources": [],
    "actor": {
        "type": "USER_ACTOR",
        "identityProvider": "bim",
        "name": "Taylor Smith",
        "profileId": "1",
        "id": "[email protected]"
    },
    "actionStatus": "SUCCESS",
    "eventTimestamp": "2023-12-19T21:18:23.711Z",
    "actorIp": "xxx.xx.xx.xx",
    "requestId": "a37ee299-cc6b-531b-8af1-891d853af995",
    "receivedTimestamp": "2023-12-19T21:18:24.040Z",
    "tenantId": "your-immuta-tenant.com"
}

{
    "actorIp": "xxx.xx.xx.xx",
    "eventTimestamp": "2023-12-19T21:18:25.891Z",
    "requestId": "92e7ba98-144b-502d-beae-48ceb865cdcf",
    "receivedTimestamp": "2023-12-19T21:18:26.161Z",
    "tenantId": "your-immuta-tenant.com",
    "sessionId": "60e86f7be389dc21b11bdc4a5b6d6974",
    "auditPayload": {
        "name": "HR",
        "groupIdProvider": "bim",
        "groupId": "6",
        "type": "GroupDeletedAuditPayload",
        "version": 1
    },
    "targets": [
        {
            "id": "6",
            "type": "GROUP",
            "name": "HR",
            "identityProvider": "bim"
        }
    ],
    "action": "DELETE",
    "targetType": "GROUP",
    "id": "45efee34-2147-4ea9-bc3f-9f88addaaa2a",
    "relatedResources": [],
    "actor": {
        "identityProvider": "bim",
        "name": "Taylor Smith",
        "type": "USER_ACTOR",
        "id": "[email protected]",
        "profileId": "1"
    },
    "actionStatus": "SUCCESS"
}

{
    "sessionId": "5ff64ed8fe0a194b074415a73d4f9201",
    "id": "93e2dade-fd6f-4c13-8274-e9dd843bb990",
    "actorIp": "xxx.xx.xx.xx",
    "tenantId": "your-immuta-tenant.com",
    "targets": [
        {
            "name": "HR",
            "id": "3",
            "identityProvider": "bim",
            "type": "GROUP"
        }
    ],
    "receivedTimestamp": "2024-01-17T13:32:15.929Z",
    "actionStatus": "SUCCESS",
    "eventTimestamp": "2024-01-17T13:32:15.755Z",
    "relatedResources": [
        {
            "type": "USER",
            "identityProvider": "bim",
            "name": "Deepu Murty",
            "id": "[email protected]",
            "profileId": "999111223"
        }
    ],
    "targetType": "GROUP",
    "actor": {
        "identityProvider": "bim",
        "type": "USER_ACTOR",
        "profileId": "1",
        "id": "[email protected]",
        "name": "Taylor Smith"
    },
    "action": "MEMBER_ADD",
    "auditPayload": {
        "type": "GroupMemberAddedAuditPayload",
        "version": 1,
        "userIdProvider": "bim",
        "groupId": "3",
        "userId": "[email protected]"
    },
    "requestId": "e12e42ab-5ba5-54f4-9ff9-61e27c131d6d"
}

{
    "targetType": "GROUP",
    "receivedTimestamp": "2024-01-17T13:27:04.061Z",
    "actionStatus": "SUCCESS",
    "relatedResources": [],
    "eventTimestamp": "2024-01-17T13:27:03.841Z",
    "auditPayload": {
        "groupId": "3",
        "version": 1,
        "type": "GroupMemberRemovedAuditPayload"
    },
    "requestId": "73a295d1-504a-507c-ba6d-9a72f2b34b16",
    "actor": {
        "identityProvider": "bim",
        "type": "USER_ACTOR",
        "profileId": "1",
        "id": "[email protected]",
        "name": "Taylor Smith"
    },
    "action": "MEMBER_REMOVE",
    "actorIp": "xxx.xx.xx.xx",
    "targets": [
        {
            "id": "3",
            "name": "HR",
            "type": "GROUP",
            "identityProvider": "bim"
        }
    ],
    "tenantId": "your-immuta-tenant.com",
    "sessionId": "5ff64ed8fe0a194b074415a73d4f9201",
    "id": "5201799f-2472-4b9d-ba5c-db32e06a0bfa"
}

{
    "targetType": "GROUP",
    "actionStatus": "SUCCESS",
    "relatedResources": [],
    "eventTimestamp": "2023-12-19T21:18:32.490Z",
    "receivedTimestamp": "2023-12-19T21:18:32.767Z",
    "requestId": "09ecbab3-803e-5eff-bc15-b07fcf57260b",
    "auditPayload": {
        "name": "Human Resources Department",
        "groupIdProvider": "bim",
        "groupId": "8",
        "version": 1,
        "type": "GroupUpdatedAuditPayload"
    },
    "action": "UPDATE",
    "actor": {
        "profileId": "1",
        "id": "[email protected]",
        "name": "Taylor Smith",
        "identityProvider": "bim",
        "type": "USER_ACTOR"
    },
    "tenantId": "your-immuta-tenant.com",
    "targets": [
        {
            "type": "GROUP",
            "identityProvider": "bim",
            "name": "Human Resources Department",
            "id": "8"
        }
    ],
    "actorIp": "xxx.xx.xx.xx",
    "id": "f4cd509d-587e-4bc4-9c0f-87ca6e122d1a",
    "sessionId": "320b8c29c32ce2407b00e0de98546528"
}

{
    "id": "c1a74870-ff01-43bf-8b2e-928b6fccb6ae",
    "sessionId": "bdf4e26e67f4e3ceeb93705b639f8768",
    "requestId": "4c48deb8-4e4d-5705-be82-fae9e165967a",
    "action": "CREATE",
    "actionStatus": "SUCCESS",
    "actor": {
        "name": "Taylor Smith",
        "id": "[email protected]",
        "identityProvider": "bim",
        "profileId": "1",
        "type": "USER_ACTOR"
    },
    "actorIp": "xxx.xx.xx.xx",
    "tenantId": "your-immuta-tenant.com",
    "targetType": "LICENSE",
    "targets": [
        {
            "type": "LICENSE",
            "id": "2",
            "name": "2"
        }
    ],
    "relatedResources": [],
    "auditPayload": {
        "type": "LicenseCreatedAuditPayload",
        "version": 1,
        "licenseKey": "a-unique-license-key"
    },
    "eventTimestamp": "2024-03-08T18:34:30.028Z",
    "receivedTimestamp": "2024-03-08T18:34:30.475Z"
}

{
    "id": "e7a22a3c-8b08-48e7-a648-3b6946b085e4",
    "sessionId": "0c52d87dd0437dd90b48bfd66e7cf3dd",
    "requestId": "50c29e76-6f24-5a66-9acb-1c298496377e",
    "action": "DELETE",
    "actionStatus": "SUCCESS",
    "actor": {
        "name": "Taylor Smith",
        "id": "[email protected]",
        "identityProvider": "bim",
        "profileId": "1",
        "type": "USER_ACTOR"
    },
    "actorIp": "xxx.xx.xx.xx",
    "tenantId": "your-immuta-tenant.com",
    "targetType": "LICENSE",
    "targets": [
        {
            "type": "LICENSE",
            "id": "2",
            "name": "2"
        }
    ],
    "relatedResources": [],
    "auditPayload": {
        "type": "LicenseDeletedAuditPayload",
        "version": 1,
        "id": "2"
    },
    "eventTimestamp": "2024-03-08T18:38:12.382Z",
    "receivedTimestamp": "2024-03-08T18:38:12.457Z"
}

{
    "targetType": "LOCAL_POLICY",
    "actionStatus": "SUCCESS",
    "eventTimestamp": "2023-10-13T18:16:19.643Z",
    "relatedResources": [
        {
            "id": "129",
            "name": "Public case",
            "type": "DATASOURCE",
            "technology": "POSTGRESQL"
        }
    ],
    "receivedTimestamp": "2023-10-13T18:16:19.680Z",
    "auditPayload": {
        "type": "LocalPolicyCreatedAuditPayload",
        "policy": {
            "actions": [
                {
                    "rationale": null,
                    "rules": [
                        {
                            "exceptions": null,
                            "type": "MASKING_K_ANONYMIZATION",
                            "fields": ["c_birth_year", "c_birth_month", "c_birth_day"],
                            "kLevel": 8,
                            "ruleAppliedForUser": false
                        }
                    ],
                    "type": "DATA",
                    "global": false,
                    "dataPolicyType": "MASKING"
                }
            ],
            "type": "DATA"
        },
        "version": 1
    },
    "action": "CREATE",
    "actor": {
        "name": "Taylor Smith",
        "id": "[email protected]",
        "profileId": "1",
        "type": "USER_ACTOR",
        "identityProvider": "bim"
    },
    "tenantId": "your-immuta-tenant.com",
    "targets": [
        {
            "type": "LOCAL_POLICY",
            "name": "4",
            "id": "4",
            "datasource": {
                "id": "129",
                "name": "Public case",
                "type": "DATASOURCE",
                "technology": "POSTGRESQL"
            }
        }
    ],
    "id": "761a4044-1dec-4b9b-815f-d83c056ff61e"
}

{
    "id": "c8066842-4c90-4b12-a108-232c93a5fe63",
    "targets": [],
    "tenantId": "your-immuta-tenant.com",
    "action": "UPDATE",
    "actor": {
        "profileId": "1",
        "name": "Taylor Smith",
        "id": "[email protected]",
        "identityProvider": "bim",
        "type": "USER_ACTOR"
    },
    "auditPayload": {
        "version": 1,
        "policyHandlerUpdateAction": "UPDATE",
        "policy": {
            "actions": [
                {
                    "subscriptionPolicyType": "AUTOMATIC",
                    "rationale": null,
                    "type": "SUBSCRIPTION",
                    "accessGrant": "READ",
                    "global": false,
                    "ruleAppliedForUser": true
                }
            ],
            "type": "SUBSCRIPTION"
        },
        "policyUpdateType": "SUBSCRIPTION",
        "type": "LocalPolicyUpdatedAuditPayload"
    },
    "actionStatus": "SUCCESS",
    "eventTimestamp": "2024-02-07T19:26:54.447Z",
    "relatedResources": [
        {
            "id": "1124",
            "name": "Public case",
            "technology": "SNOWFLAKE",
            "type": "DATASOURCE"
        }
    ],
    "receivedTimestamp": "2024-02-07T19:26:54.478Z",
    "targetType": "LOCAL_POLICY"
}

{
    "id": "d18cbe70-a620-4ae4-a82a-a24249832e12",
    "sessionId": "86d602c9d57fcc55e103ee7a5fa650dc",
    "requestId": "749dd9dd-e06f-5781-ad7e-91c002ed5043",
    "action": "PERMISSION_APPLY",
    "actionStatus": "SUCCESS",
    "actor": {
        "name": "Taylor Smith",
        "id": "[email protected]",
        "identityProvider": "bim",
        "profileId": "1",
        "type": "USER_ACTOR"
    },
    "actorIp": "xxx.xx.xx.xx",
    "tenantId": "your-immuta-tenant.com",
    "targetType": "USER",
    "targets": [
        {
            "name": "Deepu Murty",
            "id": "[email protected]",
            "identityProvider": "bim",
            "profileId": "999111223",
            "type": "USER"
        }
    ],
    "relatedResources": [
        {
            "name": "GOVERNANCE",
            "id": "GOVERNANCE",
            "type": "PERMISSION"
        }
    ],
    "auditPayload": {
        "type": "PermissionAppliedAuditPayload",
        "version": 1
    },
    "eventTimestamp": "2024-01-09T20:18:53.451Z",
    "receivedTimestamp": "2024-01-09T20:18:53.578Z"
}

{
    "id": "51481c15-e40d-419d-b510-bd8c47028069",
    "sessionId": "86d602c9d57fcc55e103ee7a5fa650dc",
    "requestId": "bd789b1a-580f-5d59-a6e0-d805a1464114",
    "action": "PERMISSION_REMOVE",
    "actionStatus": "SUCCESS",
    "actor": {
        "name": "Taylor Smith",
        "id": "[email protected]",
        "identityProvider": "bim",
        "profileId": "1",
        "type": "USER_ACTOR"
    },
    "actorIp": "xxx.xx.xx.xx",
    "tenantId": "your-immuta-tenant.com",
    "targetType": "USER",
    "targets": [
        {
            "name": "Deepu Murty",
            "id": "[email protected]",
            "identityProvider": "bim",
            "profileId": "999111223",
            "type": "USER"
        }
    ],
    "relatedResources": [
        {
            "name": "CREATE_PROJECT",
            "id": "CREATE_PROJECT",
            "type": "PERMISSION"
        },
        {
            "name": "GOVERNANCE",
            "id": "GOVERNANCE",
            "type": "PERMISSION"
        }
    ],
    "auditPayload": {
        "type": "PermissionRemovedAuditPayload",
        "version": 1
    },
    "eventTimestamp": "2024-01-09T20:22:02.326Z",
    "receivedTimestamp": "2024-01-09T20:22:02.451Z"
}

{
    "action": "CREATE",
    "tenantId": "your-immuta-tenant.com",
    "actor": {
        "type": "USER_ACTOR",
        "identityProvider": "bim",
        "name": "Taylor Smith",
        "profileId": "1",
        "id": "[email protected]"
    },
    "eventTimestamp": "2023-09-13T13:43:04.225Z",
    "auditPayload": {
        "equalization": null,
        "projectKey": "hr",
        "purposes": [],
        "disabled": false,
        "type": "ProjectCreatedAuditPayload",
        "datasources": [],
        "allowMaskedJoins": false,
        "stagedPurposes": [],
        "projectId": "6",
        "version": 1,
        "name": "HR",
        "description": null,
        "tags": [],
        "documentation": "# A project for all internal employee data for HR use."
    },
    "targets": [
        {
            "id": "6",
            "type": "PROJECT",
            "projectKey": "hr",
            "name": "HR"
        }
    ],
    "relatedResources": [],
    "actorIp": "xxx.xx.xx.xx",
    "sessionId": "cdbffff8804103418350947c6586712c",
    "actionStatus": "SUCCESS",
    "targetType": "PROJECT",
    "id": "8d6da097-b5d8-4f19-8737-9c1d8e453f93",
    "receivedTimestamp": "2023-09-13T13:43:04.515Z",
    "requestId": "49b37341-83d2-576c-a560-29b224654c4e"
}

{
    "auditPayload": {
        "projectId": "2",
        "projectKey": "hr",
        "type": "ProjectDeletedAuditPayload",
        "name": "HR"
    },
    "requestId": "47ea1ce0-6464-54e3-8e0c-f7afaccd75a0",
    "actor": {
        "profileId": "1",
        "id": "[email protected]",
        "name": "Taylor Smith",
        "identityProvider": "bim",
        "type": "USER_ACTOR"
    },
    "action": "DELETE",
    "targetType": "PROJECT",
    "receivedTimestamp": "2023-04-14T16:07:13.416Z",
    "relatedResources": [],
    "eventTimestamp": "2023-04-14T16:07:12.647Z",
    "actionStatus": "SUCCESS",
    "actorIp": "127.0.0.1",
    "tenantId": "your-immuta-tenant.com",
    "targets": [
        {
            "name": "HR",
            "id": "2",
            "type": "PROJECT",
            "projectKey": "hr"
        }
    ],
    "sessionId": "635b928a3ba5001076f2ca6da4328be0",
    "id": "37350b53-6e39-4ff9-bdb8-300df04aa1e0"
}

{
    "id": "d890dfb0-72ed-4c29-8a06-68ba5868a1ca",
    "sessionId": "dda1a16c5446bc2309df1e37d8483e2c",
    "tenantId": "your-immuta-tenant.com",
    "targets": [
        {
            "name": "HR",
            "id": "7",
            "projectKey": "hr",
            "type": "PROJECT"
        }
    ],
    "actorIp": "xxx.xx.xx.xx",
    "action": "DISABLE",
    "actor": {
        "profileId": "1",
        "id": "[email protected]",
        "name": "Taylor Smith",
        "identityProvider": "bim",
        "type": "USER_ACTOR"
    },
    "requestId": "ff7875f4-07ff-5349-a321-d9e59aaf97b5",
    "auditPayload": {
        "type": "ProjectDisabledAuditPayload",
        "projectKey": "hr",
        "version": 1,
        "projectId": "7",
        "name": "HR"
    },
    "actionStatus": "SUCCESS",
    "relatedResources": [],
    "eventTimestamp": "2023-12-23T13:32:57.895Z",
    "receivedTimestamp": "2023-12-23T13:32:58.072Z",
    "targetType": "PROJECT"
}

{
    "targetType": "PROJECT",
    "receivedTimestamp": "2023-12-19T17:23:31.075Z",
    "eventTimestamp": "2023-12-19T17:23:17.425Z",
    "relatedResources": [
        {
            "type": "PURPOSE",
            "name": "NoiseReduced.Small",
            "id": "14"
        }
    ],
    "actionStatus": "SUCCESS",
    "auditPayload": {
        "purposeId": "14",
        "projectId": "2",
        "version": 1,
        "type": "ProjectPurposeApprovedAuditPayload"
    },
    "requestId": "ab8dcd0c-49d3-57ec-83a9-09516a9cc919",
    "actor": {
        "name": "Taylor Smith",
        "id": "[email protected]",
        "profileId": "1",
        "type": "USER_ACTOR",
        "identityProvider": "bim"
    },
    "action": "PURPOSE_APPROVE",
    "actorIp": "xxx.xx.xx.xx",
    "targets": [
        {
            "id": "2",
            "name": "HR",
            "type": "PROJECT",
            "projectKey": "hr"
        }
    ],
    "tenantId": "your-immuta-tenant.com",
    "sessionId": "ed785f4e8bffe89a43f815dd66a3c401",
    "id": "681e743c-0674-4e1f-bbc6-f64ac1b404bc"
}

{
    "action": "PURPOSE_DENY",
    "actor": {
        "identityProvider": "bim",
        "type": "USER_ACTOR",
        "profileId": "1",
        "name": "Taylor Smith",
        "id": "[email protected]"
    },
    "requestId": "3a186491-f497-567c-8715-49a1e6b37077",
    "auditPayload": {
        "version": 1,
        "projectId": "11",
        "purposeId": "6",
        "type": "ProjectPurposeDeniedAuditPayload"
    },
    "relatedResources": [
        {
            "name": "Activities",
            "id": "6",
            "type": "PURPOSE"
        }
    ],
    "eventTimestamp": "2023-12-19T17:30:29.543Z",
    "actionStatus": "SUCCESS",
    "receivedTimestamp": "2023-12-19T17:30:32.388Z",
    "targetType": "PROJECT",
    "id": "f32dfb5e-f865-4c17-a25e-7ea37d568c03",
    "sessionId": "ed785f4e8bffe89a43f815dd66a3c401",
    "targets": [
        {
            "type": "PROJECT",
            "projectKey": "hr",
            "name": "HR",
            "id": "11"
        }
    ],
    "tenantId": "your-immuta-tenant.com",
    "actorIp": "xxx.xx.xx.xx"
}

{
    "requestId": "ea287df8-2fd2-57c2-86c3-cdb421ec3f64",
    "auditPayload": {
        "purposes": [
            {
                "id": "5",
                "name": "Re-identification Prohibited.Expert Determination",
                "acknowledgement": "I agree to use the data associated with this project for the stated purpose of the project, and for that purpose only, as listed in the project's homepage, and to refrain from sharing that data outside of the project or Immuta, unless the data recipient is required to adhere to a data sharing protocol specifying relevant security arrangements.\n\nI acknowledge that combining the project data (and derivations thereof) with other data, including data produced in different projects or under different utility adjustments within the same project, can undermine the expert determination, and is therefore outside its scope.\n\nI also agree not to re-identify or take any steps to re-identify the individuals whose health information is contained in the data sources attached to the project. In the event that these individuals have been identified or that I discover risks that I believe could lead to their identification, I agree to immediately notify the project owner or governance team and take immediate action to address and mitigate such risks. I further agree to refrain from contacting any individuals who might be identified."
            }
        ],
        "subscriptionId": "8",
        "type": "ProjectPurposesAcknowledgedAuditPayload",
        "version": 1,
        "projectId": "2"
    },
    "action": "PURPOSE_ACKNOWLEDGE",
    "actor": {
        "id": "[email protected]",
        "name": "Taylor Smith",
        "profileId": "1",
        "type": "USER_ACTOR",
        "identityProvider": "bim"
    },
    "targetType": "PROJECT",
    "eventTimestamp": "2023-10-13T14:12:18.083Z",
    "relatedResources": [
        {
            "id": "5",
            "name": "Re-identification Prohibited.Expert Determination",
            "type": "PURPOSE"
        }
    ],
    "actionStatus": "SUCCESS",
    "receivedTimestamp": "2023-10-13T14:12:18.216Z",
    "tenantId": "your-immuta-tenant.com",
    "targets": [
        {
            "id": "2",
            "name": "HR",
            "type": "PROJECT",
            "projectKey": "hr"
        }
    ],
    "actorIp": "xxx.xx.xx.xx",
    "id": "d21f9673-7b96-4bbe-abca-8d0aaec67c87",
    "sessionId": "6b928653b1411078647a2764a72beca6"
}

{
    "sessionId": "6b928653b1411078647a2764a72beca6",
    "id": "b39e1295-bcd6-4117-8551-e2663a2541cb",
    "actorIp": "xxx.xx.xx.xx",
    "tenantId": "your-immuta-tenant.com",
    "targets": [
        {
            "id": "1",
            "name": "HR",
            "projectKey": "hr",
            "type": "PROJECT"
        }
    ],
    "receivedTimestamp": "2023-10-13T13:07:36.937Z",
    "eventTimestamp": "2023-10-13T13:07:36.626Z",
    "relatedResources": [],
    "actionStatus": "SUCCESS",
    "targetType": "PROJECT",
    "actor": {
        "type": "USER_ACTOR",
        "identityProvider": "bim",
        "id": "[email protected]",
        "name": "Taylor Smith",
        "profileId": "1"
    },
    "action": "UPDATE",
    "auditPayload": {
        "equalization": null,
        "type": "ProjectUpdatedAuditPayload",
        "projectId": "1",
        "version": 1
    },
    "requestId": "e162dd46-11d1-544b-af68-d71d4e033af5"
}

{
"id": "eafa29d6-d61f-4aab-a958-106f25bbfa0b",
"sessionId": "e3e0aba1e69c06dbf64710c889b3f2d8",
"requestId": "f5ef5320-2237-56cb-bc56-929a5e6f8299",
"action": "DELETE",
"actionStatus": "SUCCESS",
"actor": {
    "name": "Taylor Smith",
    "id": "[email protected]",
    "identityProvider": "bim",
    "profileId": "1",
    "type": "USER_ACTOR"
},
"actorIp": "xxx.xx.xx.xx",
"tenantId": "your-immuta-tenant.com",
"targetType": "PURPOSE",
"targets": [
    {
    "type": "PURPOSE",
    "id": "1",
    "name": "Human resources use"
    }
],
"relatedResources": [],
"auditPayload": {
    "id": "1",
    "name": "Human resources use"
},
"eventTimestamp": "2024-04-18T18:25:40.623Z",
"receivedTimestamp": "2024-04-18T18:25:40.864Z",
"type": "PurposeDeleted",
"version": "1.0.0"
}

{
"id": "eafa29d6-d61f-4aab-a958-106f25bbfa0b",
"sessionId": "e3e0aba1e69c06dbf64710c889b3f2d8",
"requestId": "f5ef5320-2237-56cb-bc56-929a5e6f8299",
"action": "UPDATE",
"actionStatus": "SUCCESS",
"actor": {
    "name": "Taylor Smith",
    "id": "[email protected]",
    "identityProvider": "bim",
    "profileId": "1",
    "type": "USER_ACTOR"
},
"actorIp": "xxx.xx.xx.xx",
"tenantId": "your-immuta-tenant.com",
"targetType": "PURPOSE",
"targets": [
    {
    "type": "PURPOSE",
    "id": "1",
    "name": "Human resources use"
    }
],
"relatedResources": [],
"auditPayload": {
    "type": "PurposeUpdatedAuditPayload",
    "description": "The data covered by the purpose should only be used by users within HR who will use this data for human resources purposes.",
    "name": "Human resources use",
    "acknowledgement": "I agree to use this data for internal human resources needs.",
    "subpurposes": []
},
"eventTimestamp": "2024-04-18T18:25:40.623Z",
"receivedTimestamp": "2024-04-18T18:25:40.864Z",
"type": "PurposeUpdated",
"version": "1.0.0"
}

{
"id": "eafa29d6-d61f-4aab-a958-106f25bbfa0b",
"sessionId": "e3e0aba1e69c06dbf64710c889b3f2d8",
"requestId": "f5ef5320-2237-56cb-bc56-929a5e6f8299",
"action": "UPSERT",
"actionStatus": "SUCCESS",
"actor": {
    "name": "Taylor Smith",
    "id": "[email protected]",
    "identityProvider": "bim",
    "profileId": "1",
    "type": "USER_ACTOR"
},
"actorIp": "xxx.xx.xx.xx",
"tenantId": "your-immuta-tenant.com",
"targetType": "PURPOSE",
"targets": [
    {
    "type": "PURPOSE",
    "id": "1",
    "name": "Human resources use"
    }
],
"relatedResources": [],
"auditPayload": {
    "type": "PurposeUpsertedAuditPayload",
    "description": "The data covered by the purpose should only be used by users within HR who will use this data for human resources purposes.",
    "name": "Human resources use",
    "acknowledgement": "I agree to use this data for internal human resources needs.",
    "subpurposes": []
},
"eventTimestamp": "2024-04-18T18:25:40.623Z",
"receivedTimestamp": "2024-04-18T18:25:40.864Z",
"type": "PurposeUpserted",
"version": "1.0.0"
}

{
    "receivedTimestamp": "2023-12-22T20:37:08.243Z",
    "actor": {
        "type": "USER_ACTOR",
        "name": "Taylor Smith",
        "identityProvider": "bim",
        "id": "[email protected]",
        "profileId": "1"
    },
    "actorIp": "xxx.xx.xx.xx",
    "sessionId": "a21eddce1c9c1e18443ae04437e7c9c0",
    "action": "CREATE",
    "eventTimestamp": "2023-12-22T20:37:08.009Z",
    "actionStatus": "SUCCESS",
    "tenantId": "your-immuta-tenant.com",
    "targetType": "SDD_CLASSIFIER",
    "id": "b4aaefc0-2880-41cb-b3af-26f2fb83fd1f",
    "requestId": "f741e950-0a72-5c8a-8e18-5bd7af7d3d92",
    "auditPayload": {
        "displayName": "My Column Name Regex Rule",
        "name": "MY_COLUMN_NAME_REGEX_RULE",
        "classifierId": "73",
        "config": {
            "columnNameRegex": "salary",
            "tags": [
                {
                    "id": "22402",
                    "name": "Discovered.column-name-regex-salary",
                    "type": "TAG",
                    "source": "curated"
                }
            ]
        },
        "version": 1,
        "type": "SDDClassifierCreatedAuditPayload"
    },
    "relatedResources": [
        {
            "id": "22402",
            "name": "Discovered.column-name-regex-salary",
            "type": "TAG",
            "source": "curated"
        }
    ],
    "targets": [
        {
            "name": "MY_COLUMN_NAME_REGEX_RULE",
            "id": "73",
            "type": "SDD_CLASSIFIER"
        }
    ]
}

{
    "id": "253cf57a-7fe7-4be8-bdd8-9d2f8860bb21",
    "targetType": "SDD_CLASSIFIER",
    "actionStatus": "SUCCESS",
    "tenantId": "your-immuta-tenant.com",
    "relatedResources": [],
    "auditPayload": {
        "classifierId": "69",
        "name": "MY_DICTIONARY_RULE",
        "version": 1,
        "type": "SDDClassifierDeletedAuditPayload"
    },
    "requestId": "29e410fc-bdbe-528c-aaa0-6b75c42ad618",
    "actorIp": "xxx.xx.xx.xx",
    "receivedTimestamp": "2023-12-18T23:09:33.882Z",
    "actor": {
        "type": "USER_ACTOR",
        "id": "[email protected]",
        "name": "Taylor Smith",
        "identityProvider": "bim",
        "profileId": "1"
    },
    "eventTimestamp": "2023-12-18T23:09:33.792Z",
    "action": "DELETE",
    "sessionId": "78fe82a7524125f911881de1721cfca4"
}

{
    "id": "4cae883b-9236-4052-a41a-893e3a734285",
    "sessionId": "3541001fcfa1e1e3dd7c26398cdfd3c6",
    "requestId": "e75761e9-c778-5e38-9933-f9ffd4192cb3",
    "action": "UPDATE",
    "actionStatus": "SUCCESS",
    "actor": {
        "name": "Taylor Smith",
        "id": "[email protected]",
        "identityProvider": "bim",
        "profileId": "1",
        "type": "USER_ACTOR"
    },
    "actorIp": "xxx.xx.xx.xx",
    "tenantId": "your-immuta-tenant.com",
    "targetType": "SDD_CLASSIFIER",
    "targets": [
        {
            "type": "SDD_CLASSIFIER",
            "id": "68",
            "name": "Email identifier"
        }
    ],
    "relatedResources": [
        {
            "type": "TAG",
            "name": "Discovered.Passport",
            "id": "8",
            "source": "curated"
        }
    ],
    "auditPayload": {
        "type": "SDDClassifierUpdatedAuditPayload",
        "version": 1,
        "classifierId": "68",
        "name": "Email identifier",
        "displayName": "A really cool new identifier updated",
        "config": {
            "tags": [
                {
                    "type": "TAG",
                    "name": "Discovered.Passport",
                    "id": "8",
                    "source": "curated"
                }
            ],
            "columnNameRegex": "^[A-Z_0-9]+$"
        }
    },
    "eventTimestamp": "2024-03-08T19:07:57.304Z",
    "receivedTimestamp": "2024-03-08T19:07:57.409Z"
}

{
    "actor": {
        "id": "[email protected]",
        "profileId": "1",
        "name": "Taylor Smith",
        "identityProvider": "bim",
        "type": "USER_ACTOR"
    },
    "actionStatus": "SUCCESS",
    "targetType": "SUBSCRIPTION",
    "tenantId": "your-immuta-tenant.com",
    "action": "CREATE",
    "relatedResources": [
        {
            "id": "9",
            "name": "Public case",
            "type": "DATASOURCE",
            "technology": "SNOWFLAKE"
        },
        {
            "type": "USER",
            "name": "Taylor Smith",
            "identityProvider": "bim",
            "profileId": "1",
            "id": "[email protected]"
        }
    ],
    "targets": [
        {
            "subscriber": {
                "type": "USER",
                "identityProvider": "bim",
                "name": "Taylor Smith",
                "profileId": "1",
                "id": "[email protected]"
            },
            "model": {
                "id": "9",
                "type": "DATASOURCE",
                "technology": "SNOWFLAKE",
                "name": "Public case"
            },
            "id": "13",
            "type": "SUBSCRIPTION",
            "name": "13"
        }
    ],
    "auditPayload": {
        "modelType": "DATASOURCE",
        "subscriberId": "1",
        "subscriberType": "USER",
        "modelId": "9",
        "role": "OWNER",
        "isEntitlementsPolicyOverride": false,
        "type": "SubscriptionCreatedAuditPayload",
        "status": "APPROVED"
    },
    "receivedTimestamp": "2023-04-14T16:48:21.198Z",
    "eventTimestamp": "2023-04-14T16:48:21.159Z",
    "id": "1a0f362a-f1fd-417e-85c6-0fa7751a887e"
}

{
    "sessionId": "d8f9584665be06ae1a8e3b881c2eb635",
    "targetType": "SUBSCRIPTION",
    "actionStatus": "SUCCESS",
    "actorIp": "xxx.xx.xx.xx",
    "receivedTimestamp": "2023-04-28T17:25:15.268Z",
    "requestId": "495a22d6-bea0-5758-a8a3-7f5cc3d7b8d6",
    "id": "b6d2108e-fe93-4f05-a347-cb84c51fa528",
    "actor": {
        "id": "[email protected]",
        "identityProvider": "bim",
        "name": "Taylor Smith",
        "profileId": "1",
        "type": "USER_ACTOR"
    },
    "action": "DELETE",
    "tenantId": "your-immuta-tenant.com",
    "auditPayload": {
        "subscriptionId": "28",
        "subscriberType": "USER",
        "subscriberId": "20",
        "modelType": "DATASOURCE",
        "type": "SubscriptionDeletedAuditPayload",
        "modelId": "15",
        "denialReason": "Subscription policy removed"
    },
    "targets": [
        {
            "type": "SUBSCRIPTION",
            "name": "28",
            "subscriber": {
                "id": "[email protected]",
                "type": "USER",
                "identityProvider": "bim",
                "name": "Taylor Smith",
                "profileId": "20"
            },
            "model": {
                "id": "15",
                "name": "Public case",
                "technology": "DATABRICKS",
                "type": "DATASOURCE"
            },
            "id": "28"
        }
    ],
    "relatedResources": [
        {
            "type": "DATASOURCE",
            "technology": "DATABRICKS",
            "name": "Public case",
            "id": "15"
        },
        {
            "id": "[email protected]",
            "type": "USER",
            "profileId": "20",
            "name": "Taylor Smith",
            "identityProvider": "bim"
        }
    ],
    "eventTimestamp": "2023-04-28T17:25:14.837Z"
}

{
    "id": "f6162acd-f66c-4316-8e55-92bc89f03ab0",
    "sessionId": "17c01a6d5413eadaa831a1ccec2ce823",
    "requestId": "201d39f9-44b2-5346-bd0b-ef587651e2ce",
    "action": "SUBSCRIPTION_REQUEST_APPROVE",
    "actionStatus": "SUCCESS",
    "actor": {
        "name": "Taylor Smith",
        "id": "[email protected]",
        "identityProvider": "bim",
        "profileId": "1",
        "type": "USER_ACTOR"
    },
    "actorIp": "xxx.xx.xx.xx",
    "tenantId": "your-immuta-tenant.com",
    "targetType": "SUBSCRIPTION",
    "targets": [
        {
            "type": "SUBSCRIPTION",
            "id": "10",
            "name": "10",
            "model": {
                "type": "DATASOURCE",
                "id": "8",
                "name": "Public case",
                "technology": "STARBURST_TRINO"
            },
            "subscriber": {
                "name": "Deepu Murty",
                "id": "[email protected]",
                "identityProvider": "bim",
                "profileId": "13",
                "type": "USER"
            }
        }
    ],
    "relatedResources": [
        {
            "type": "DATASOURCE",
            "id": "8",
            "name": "Public case",
            "technology": "STARBURST_TRINO"
        },
        {
            "name": "Deepu Murty",
            "id": "[email protected]",
            "identityProvider": "bim",
            "profileId": "13",
            "type": "USER"
        }
    ],
    "auditPayload": {
        "type": "SubscriptionRequestApprovedAuditPayload",
        "version": 1,
        "subscriptionId": "10",
        "status": "APPROVED",
        "approverPermissions": ["OWNER"]
    },
    "eventTimestamp": "2024-03-08T15:53:54.800Z",
    "receivedTimestamp": "2024-03-08T15:53:54.922Z"
}

{
    "targets": [
        {
            "type": "SUBSCRIPTION",
            "name": "127",
            "subscriber": {
                "profileId": "13",
                "identityProvider": "bim",
                "name": "Deepu Murty",
                "type": "USER",
                "id": "[email protected]"
            },
            "model": {
                "id": "1",
                "projectKey": "HR",
                "name": "HR",
                "type": "PROJECT"
            },
            "id": "127"
        }
    ],
    "relatedResources": [
        {
            "id": "1",
            "type": "PROJECT",
            "name": "HR",
            "projectKey": "HR"
        },
        {
            "profileId": "13",
            "identityProvider": "bim",
            "name": "Deepu Murty",
            "type": "USER",
            "id": "[email protected]"
        }
    ],
    "auditPayload": {
        "subscriberId": "13",
        "subscriberType": "USER",
        "subscriptionId": "127",
        "modelType": "PROJECT",
        "type": "SubscriptionRequestDeniedAuditPayload",
        "modelId": "1",
        "denialReason": "Not part of the appropriate department",
        "version": 1,
        "approverPermissions": ["OWNER"]
    },
    "eventTimestamp": "2024-02-23T19:53:09.004Z",
    "actor": {
        "type": "USER_ACTOR",
        "profileId": "1",
        "identityProvider": "bim",
        "name": "Taylor Smith",
        "id": "[email protected]"
    },
    "tenantId": "your-immuta-tenant.com",
    "action": "SUBSCRIPTION_REQUEST_DENY",
    "requestId": "fcaf22c8-82ad-58d6-9443-ade4863ee11e",
    "receivedTimestamp": "2024-02-23T19:53:09.153Z",
    "id": "a3ed191a-6e8b-4429-a596-cbe1263695c8",
    "sessionId": "9040b6cf4b2368534dab8735038453c7",
    "targetType": "SUBSCRIPTION",
    "actionStatus": "SUCCESS",
    "actorIp": "xxx.xx.xx.xx"
}

{
    "auditPayload": {
        "status": "PENDING",
        "version": 1,
        "modelId": "75",
        "type": "SubscriptionRequestedAuditPayload",
        "modelType": "DATASOURCE",
        "subscriberType": "USER",
        "subscriberId": "13",
        "subscriptionId": "126"
    },
    "targets": [
        {
            "name": "Public case",
            "technology": "POSTGRESQL",
            "type": "DATASOURCE",
            "id": "75"
        }
    ],
    "relatedResources": [
        {
            "id": "126",
            "subscriber": {
                "type": "USER",
                "name": "Deepu Murty",
                "identityProvider": "bim",
                "profileId": "13",
                "id": "[email protected]"
            },
            "model": {
                "id": "75",
                "name": "Public case",
                "type": "DATASOURCE",
                "technology": "POSTGRESQL"
            },
            "name": "126",
            "type": "SUBSCRIPTION"
        },
        {
            "type": "USER",
            "profileId": "13",
            "identityProvider": "bim",
            "name": "Deepu Murty",
            "id": "[email protected]"
        }
    ],
    "eventTimestamp": "2024-02-23T19:51:24.669Z",
    "actor": {
        "type": "USER_ACTOR",
        "profileId": "13",
        "name": "Deepu Murty",
        "identityProvider": "bim",
        "id": "[email protected]"
    },
    "action": "SUBSCRIPTION_REQUESTED",
    "tenantId": "your-immuta-tenant.com",
    "receivedTimestamp": "2024-02-23T19:51:24.810Z",
    "requestId": "e1de955f-b233-5d37-a964-d5851b769dd4",
    "id": "8bd099da-2082-4447-aa9f-961319593a4c",
    "sessionId": "6ba328eafcbf736223a47b5ef3662f34",
    "targetType": "DATASOURCE",
    "actionStatus": "SUCCESS",
    "actorIp": "xxx.xx.xx.xx"
}

{
    "actor": {
        "type": "USER_ACTOR",
        "profileId": "1",
        "identityProvider": "bim",
        "name": "Taylor Smith",
        "id": "[email protected]"
    },
    "tenantId": "your-immuta-tenant.com",
    "action": "UPDATE",
    "relatedResources": [
        {
            "name": "Public case",
            "type": "DATASOURCE",
            "technology": "DATABRICKS",
            "id": "17"
        },
        {
            "name": "Deepu Murty",
            "identityProvider": "bim",
            "profileId": "999111223",
            "type": "USER",
            "id": "[email protected]"
        }
    ],
    "targets": [
        {
            "subscriber": {
                "name": "Deepu Murty",
                "identityProvider": "bim",
                "profileId": "999111223",
                "type": "USER",
                "id": "[email protected]"
            },
            "model": {
                "name": "Public case",
                "technology": "DATABRICKS",
                "type": "DATASOURCE",
                "id": "17"
            },
            "id": "64",
            "type": "SUBSCRIPTION",
            "name": "64"
        }
    ],
    "auditPayload": {
        "subscriptionId": "64",
        "role": "OWNER",
        "version": 1,
        "type": "SubscriptionUpdatedAuditPayload"
    },
    "eventTimestamp": "2023-05-16T20:24:04.360Z",
    "actionStatus": "SUCCESS",
    "targetType": "SUBSCRIPTION",
    "sessionId": "8c81a018617a6aa8501597dd2c57c9c6",
    "actorIp": "xxx.xx.xx.xx",
    "requestId": "b7a717f9-7187-5889-a715-2f00ab63b160",
    "receivedTimestamp": "2023-05-16T20:24:04.475Z",
    "id": "24f5184c-ee43-40d4-8606-7dabcfb9ce23"
}

{
    "id": "b10a0dd9-1a09-4e93-a6cd-0cd232a275a0",
    "sessionId": "0fcaaf9c074330b4b875746c2e52739c",
    "requestId": "e45f1d89-69cf-5ae6-b33a-fbc94b147d7a",
    "action": "TAG_APPLY",
    "actionStatus": "SUCCESS",
    "actor": {
        "name": "Taylor Smith",
        "id": "[email protected]",
        "identityProvider": "bim",
        "profileId": "1",
        "type": "USER_ACTOR"
    },
    "actorIp": "xxx.xx.xx.xx",
    "tenantId": "your-immuta-tenant.com",
    "targetType": "DATASOURCE",
    "targets": [
        {
            "type": "DATASOURCE",
            "id": "27",
            "name": "Public case",
            "technology": "POSTGRESQL"
        }
    ],
    "relatedResources": [
        {
            "type": "TAG",
            "name": "Discovered",
            "id": "451",
            "source": "curated",
            "context": "manual"
        }
    ],
    "auditPayload": {
        "type": "TagAppliedAuditPayload",
        "version": 1,
        "appliedTags": [
            {
                "targetName": "Public case",
                "targetType": "DATASOURCE",
                "tags": [
                    {
                        "type": "TAG",
                        "name": "Discovered",
                        "id": "451",
                        "source": "curated",
                        "context": "manual"
                    }
                ]
            }
        ]
    },
    "eventTimestamp": "2024-02-22T14:39:01.342Z",
    "receivedTimestamp": "2024-02-22T14:39:01.514Z"
}

{
    "id": "7605ac37-fa98-4cf8-a736-cbed84af2d6c",
    "sessionId": "0fcaaf9c074330b4b875746c2e52739c",
    "requestId": "3a32672b-5b26-5e4b-914e-bb7217d02e43",
    "action": "CREATE",
    "actionStatus": "SUCCESS",
    "actor": {
        "name": "Taylor Smith",
        "id": "[email protected]",
        "identityProvider": "bim",
        "profileId": "1",
        "type": "USER_ACTOR"
    },
    "actorIp": "xxx.xx.xx.xx",
    "tenantId": "your-immuta-tenant.com",
    "targetType": "TAG",
    "targets": [
        {
            "type": "TAG",
            "name": "First name",
            "id": "452",
            "source": "curated"
        }
    ],
    "relatedResources": [],
    "auditPayload": {
        "type": "TagCreatedAuditPayload",
        "version": 1,
        "tags": [
            {
                "id": "452",
                "name": "First name",
                "source": "curated",
                "type": "TAG"
            }
        ]
    },
    "eventTimestamp": "2024-02-22T14:39:50.845Z",
    "receivedTimestamp": "2024-02-22T14:39:50.918Z"
}

{
    "id": "5e2e04df-0abb-4af9-bed6-a0b037777732",
    "sessionId": "0fcaaf9c074330b4b875746c2e52739c",
    "requestId": "de982c4f-ec8c-56e6-9d20-34fdcc2114f4",
    "action": "DELETE",
    "actionStatus": "SUCCESS",
    "actor": {
        "name": "Taylor Smith",
        "id": "[email protected]",
        "identityProvider": "bim",
        "profileId": "1",
        "type": "USER_ACTOR"
    },
    "actorIp": "xxx.xx.xx.xx",
    "tenantId": "your-immuta-tenant.com",
    "targetType": "TAG",
    "targets": [
        {
            "type": "TAG",
            "name": "Last name",
            "id": "452",
            "source": "curated"
        }
    ],
    "relatedResources": [],
    "auditPayload": {
        "type": "TagDeletedAuditPayload",
        "version": 1,
        "name": "Last name",
        "deleteHierarchy": false,
        "tags": [
            {
                "id": "452",
                "name": "Last name",
                "source": "curated",
                "type": "TAG"
            }
        ]
    },
    "eventTimestamp": "2024-02-22T14:44:50.986Z",
    "receivedTimestamp": "2024-02-22T14:44:51.067Z"
}

{
    "id": "5a090fe2-382e-4e80-8b95-a9ed243da8f4",
    "sessionId": "0fcaaf9c074330b4b875746c2e52739c",
    "requestId": "509c475c-d00c-5895-af79-87563ed090ce",
    "action": "TAG_REMOVE",
    "actionStatus": "SUCCESS",
    "actor": {
        "name": "Taylor Smith",
        "id": "[email protected]",
        "identityProvider": "bim",
        "profileId": "1",
        "type": "USER_ACTOR"
    },
    "actorIp": "xxx.xx.xx.xx",
    "tenantId": "your-immuta-tenant.com",
    "targetType": "DATASOURCE",
    "targets": [
        {
            "type": "DATASOURCE",
            "id": "27",
            "name": "Public case",
            "technology": "POSTGRESQL"
        }
    ],
    "relatedResources": [
        {
            "type": "TAG",
            "name": "Discovered",
            "id": "1",
            "source": "curated"
        }
    ],
    "auditPayload": {
        "type": "TagRemovedAuditPayload",
        "version": 1,
        "removedTags": [
            {
                "targetName": "Public case",
                "targetType": "DATASOURCE",
                "tags": [
                    {
                        "type": "TAG",
                        "name": "Discovered",
                        "id": "1",
                        "source": "curated"
                    }
                ]
            }
        ]
    },
    "eventTimestamp": "2024-02-22T14:44:29.943Z",
    "receivedTimestamp": "2024-02-22T14:44:30.077Z"
}

{
    "id": "cdc9d4f5-f960-487c-a5cf-22059492a806",
    "sessionId": "0fcaaf9c074330b4b875746c2e52739c",
    "requestId": "0a8e084f-354f-51b0-998d-e5aa0455b223",
    "action": "UPDATE",
    "actionStatus": "SUCCESS",
    "actor": {
        "name": "Taylor Smith",
        "id": "[email protected]",
        "identityProvider": "bim",
        "profileId": "1",
        "type": "USER_ACTOR"
    },
    "actorIp": "xxx.xx.xx.xx",
    "tenantId": "your-immuta-tenant.com",
    "targetType": "TAG",
    "targets": [
        {
            "type": "TAG",
            "name": "TestTagUpdate",
            "id": "452",
            "source": "curated"
        }
    ],
    "relatedResources": [],
    "auditPayload": {
        "type": "TagUpdatedAuditPayload",
        "version": 1,
        "rootTag": "First_name",
        "deleteHierarchy": false,
        "tags": [
            {
                "id": "452",
                "name": "First name",
                "source": "curated",
                "type": "TAG"
            }
        ]
    },
    "eventTimestamp": "2024-02-22T14:40:08.449Z",
    "receivedTimestamp": "2024-02-22T14:40:08.563Z"
}

{
    "requestId": "0aaf4825-f245-582a-935d-312b15adbf3e",
    "auditPayload": {
        "type": "UserAuthenticatedAuditPayload",
        "authenticationMethod": "apiKey"
    },
    "action": "AUTHENTICATE",
    "actor": {
        "id": "postgres_system",
        "name": "Immuta System Account",
        "type": "SYSTEM_ACCOUNT"
    },
    "targetType": "USER",
    "relatedResources": [],
    "eventTimestamp": "2023-03-03T01:47:36.225Z",
    "actionStatus": "SUCCESS",
    "receivedTimestamp": "2023-03-03T01:47:36.319Z",
    "tenantId": "your-immuta-tenant.com",
    "targets": [],
    "actorIp": "xxx.xx.xx.xx",
    "id": "5683bb3d-226a-4140-b3d9-2c3db22cf1fb",
    "sessionId": "73396d16b9330d28a68dbf171948ace3"
}

{
    "id": "8f64a4e9-cfae-4166-94a0-3899d6d6fbf5",
    "sessionId": "efb381c4e05844332a87ae265c3225dc",
    "requestId": "243bf98c-bb2e-58b7-8842-1d997137cccb",
    "action": "CLONE",
    "actionStatus": "SUCCESS",
    "actor": {
        "name": "Taylor Smith",
        "id": "[email protected]",
        "identityProvider": "bim",
        "profileId": "1",
        "type": "USER_ACTOR"
    },
    "actorIp": "xxx.xx.xx.xx",
    "tenantId": "your-immuta-tenant.com",
    "targetType": "USER",
    "targets": [
        {
            "name": "Clone of [email protected] (awaiting first login)",
            "id": "[email protected]",
            "identityProvider": "bim",
            "profileId": "999111236",
            "type": "USER"
        },
        {
            "name": "Clone of [email protected] (awaiting first login)",
            "id": "[email protected]",
            "identityProvider": "bim",
            "profileId": "999111237",
            "type": "USER"
        }
    ],
    "relatedResources": [
        {
            "name": "Taylor Smith",
            "id": "[email protected]",
            "identityProvider": "bim",
            "profileId": "999111228",
            "type": "USER"
        }
    ],
    "auditPayload": {
        "type": "UserClonedAuditPayload",
        "version": 1,
        "failedUserIds": [],
        "newUserIds": ["[email protected]", "[email protected]"],
        "clonedUserId": "[email protected]",
        "clonedUserIamProvider": "bim"
    },
    "eventTimestamp": "2024-01-05T19:07:29.141Z",
    "receivedTimestamp": "2024-01-05T19:07:29.364Z"
}

{
    "id": "f6d2443e-1a08-4e38-8a4b-ec938334e217",
    "action": "CREATE",
    "actionStatus": "SUCCESS",
    "actor": {
        "name": "Immuta System Account",
        "id": "immuta_system_account",
        "type": "SYSTEM_ACCOUNT"
    },
    "tenantId": "your-immuta-tenant.com",
    "targetType": "USER",
    "targets": [
        {
            "name": "Deepu Murty",
            "id": "[email protected]",
            "identityProvider": "okta",
            "profileId": "999111251",
            "type": "USER"
        }
    ],
    "relatedResources": [],
    "auditPayload": {
        "type": "UserCreatedAuditPayload",
        "version": 1,
        "name": "Deepu Murty",
        "email": "[email protected]"
    },
    "eventTimestamp": "2024-02-01T13:16:26.541Z",
    "receivedTimestamp": "2024-02-01T13:16:26.564Z"
}

{
    "id": "5e359dbf-414e-4bc2-90fe-66534d728a02",
    "sessionId": "fc63e473565c823682f2b1a517c71355",
    "requestId": "610ff95c-dfc1-5ac0-a1a7-07a065c13c48",
    "action": "DELETE",
    "actionStatus": "SUCCESS",
    "actor": {
        "name": "Taylor Smith",
        "id": "[email protected]",
        "identityProvider": "bim",
        "profileId": "1",
        "type": "USER_ACTOR"
    },
    "actorIp": "xxx.xx.xx.xx",
    "tenantId": "your-immuta-tenant.com",
    "targetType": "USER",
    "targets": [],
    "relatedResources": [],
    "auditPayload": {
        "type": "UserDeletedAuditPayload",
        "version": 1,
        "userId": "[email protected]",
        "userIdProvider": "okta"
    },
    "eventTimestamp": "2024-01-31T15:41:25.000Z",
    "receivedTimestamp": "2024-01-31T15:41:27.150Z"
}

{
    "sessionId": "0d8de090f542620a09cc0bf2cd103371",
    "id": "bd7713b7-a40a-4905-a5cf-68df2ed10c58",
    "actionStatusReason": null,
    "actorIp": "xxx.xx.xx.xx",
    "targets": [
        {
            "name": "Taylor Smith",
            "id": "[email protected]",
            "profileId": "1",
            "type": "USER",
            "identityProvider": "bim"
        }
    ],
    "tenantId": "your-immuta-tenant.com",
    "receivedTimestamp": "2024-02-08T15:51:54.660Z",
    "actionStatus": "SUCCESS",
    "relatedResources": [],
    "eventTimestamp": "2022-07-28T03:52:03.790Z",
    "targetType": "USER",
    "actor": {
        "type": "USER_ACTOR",
        "identityProvider": "bim",
        "name": "Taylor Smith",
        "id": "[email protected]",
        "profileId": "1"
    },
    "action": "LOGOUT",
    "auditPayload": {
        "logoutReason": "EXPIRATION",
        "authenticationMethod": "password",
        "impersonatedId": "[email protected]",
        "impersonatedIdProvider": "bim",
        "type": "UserLogoutAuditPayload",
        "version": 1
    },
    "requestId": "myRequestId"
}

{
    "id": "8ddf5e1e-637f-444b-9575-7ef0cd135136",
    "sessionId": "aadf12cfbd5af292da1075f83b97716d",
    "requestId": "76b6cc50-532f-5bfc-8d71-f19befd0e93e",
    "action": "NEW_TOKEN",
    "actionStatus": "SUCCESS",
    "actor": {
        "name": "Taylor Smith",
        "id": "[email protected]",
        "identityProvider": "bim",
        "profileId": "1",
        "type": "USER_ACTOR"
    },
    "actorIp": "xxx.xx.xx.xx",
    "tenantId": "your-immuta-tenant.com",
    "targetType": "USER",
    "targets": [
        {
            "name": "Deepu Murty",
            "id": "[email protected]",
            "identityProvider": "bim",
            "profileId": "999111235",
            "type": "USER"
        }
    ],
    "relatedResources": [],
    "auditPayload": {
        "type": "UserOneTimeTokenCreatedAuditPayload",
        "version": 1
    },
    "eventTimestamp": "2024-01-22T19:57:56.319Z",
    "receivedTimestamp": "2024-01-22T19:57:56.394Z"
}

{
    "actor": {
        "type": "USER_ACTOR",
        "id": "[email protected]",
        "name": "Taylor Smith",
        "identityProvider": "bim",
        "profileId": "1"
    },
    "sessionId": "8aa5dfb94afa9bde135f6208f5290ca1",
    "requestId": "77e80707-f5c8-5238-bf70-bd71c81200e8",
    "actionStatus": "SUCCESS",
    "actorIp": "xxx.xx.xx.xx",
    "eventTimestamp": "2023-12-22T21:27:51.255Z",
    "id": "bd6b42e9-61c1-4ea0-a19a-ec38163a85a2",
    "tenantId": "your-immuta-tenant.com",
    "targets": [
        {
            "type": "USER",
            "id": "[email protected]",
            "name": "Deepu Murty",
            "identityProvider": "bim",
            "profileId": "999111226"
        }
    ],
    "action": "PASSWORD_UPDATE",
    "auditPayload": {
        "type": "UserPasswordUpdatedAuditPayload",
        "version": 1
    },
    "targetType": "USER",
    "relatedResources": [],
    "receivedTimestamp": "2023-12-22T21:27:51.394Z"
}

{
    "id": "94179969-7dae-4b1c-a14f-de80573f841a",
    "sessionId": "b2b2ab5eabaac606e171fdcc3a042c32",
    "requestId": "d3b7e572-8c5f-535d-be51-3715fa181160",
    "action": "UPDATE",
    "actionStatus": "SUCCESS",
    "actor": {
        "name": "Taylor Smith",
        "id": "[email protected]",
        "identityProvider": "bim",
        "profileId": "1",
        "type": "USER_ACTOR"
    },
    "actorIp": "xxx.xx.xx.xx",
    "tenantId": "your-immuta-tenant.com",
    "targetType": "USER",
    "targets": [
        {
            "name": "Deepu Murty",
            "id": "[email protected]",
            "identityProvider": "bim",
            "profileId": "6",
            "type": "USER"
        }
    ],
    "relatedResources": [],
    "auditPayload": {
        "type": "UserUpdatedAuditPayload",
        "version": 1,
        "userId": "[email protected]",
        "userIdProvider": "bim",
        "externalUserIds": [],
        "disabled": false
    },
    "eventTimestamp": "2024-02-08T15:46:25.949Z",
    "receivedTimestamp": "2024-02-08T15:46:26.167Z"
}

{
    "targets": [
        {
            "name": "ProjectCreateMonitorHook",
            "type": "WEBHOOK",
            "id": "12"
        }
    ],
    "actionStatus": "SUCCESS",
    "receivedTimestamp": "2023-10-19T14:15:38.160Z",
    "actorIp": "xxx.xx.xx.xx",
    "id": "5faed0d0-ff64-4c86-87eb-193c04d6e5f2",
    "auditPayload": {
        "type": "WebhookCreatedAuditPayload",
        "version": 1,
        "webhooks": [
            {
                "id": "12",
                "name": "ProjectCreateMonitorHook",
                "actionType": "TRIGGERED",
                "global": false,
                "url": "https://hooks.slack.com/triggers/your-id",
                "notificationType": [
                    "projectUpdated"
                ]
            }
        ]
    },
    "requestId": "6cfccb1c-e828-5b4b-a971-e7a02bb0aea7",
    "relatedResources": [],
    "action": "CREATE",
    "tenantId": "your-immuta-tenant.com",
    "targetType": "WEBHOOK",
    "actor": {
        "identityProvider": "bim",
        "name": "Taylor Smith",
        "type": "USER_ACTOR",
        "profileId": "1",
        "id": "[email protected]"
    },
    "eventTimestamp": "2023-10-19T14:15:38.074Z",
    "sessionId": "f29b217886b7c5fd0efee59d5f53b866"
}

{
    "id": "0f89c84c-ce64-49e7-a08e-8cac34b5b820",
    "actorIp": "xxx.xx.xx.xx",
    "auditPayload": {
        "name": "ProjectCreateMonitorHook",
        "webhookId": "12",
        "type": "WebhookDeletedAuditPayload",
        "version": 1
    },
    "targets": [
        {
            "id": "12",
            "name": "ProjectCreateMonitorHook",
            "type": "WEBHOOK"
        }
    ],
    "actionStatus": "SUCCESS",
    "receivedTimestamp": "2023-10-19T14:20:50.152Z",
    "tenantId": "your-immuta-tenant.com",
    "targetType": "WEBHOOK",
    "actor": {
        "id": "[email protected]",
        "profileId": "1",
        "type": "USER_ACTOR",
        "name": "Taylor Smith",
        "identityProvider": "bim"
    },
    "sessionId": "302c4af6b147b6bfe8bed550030f6594",
    "eventTimestamp": "2023-10-19T14:20:50.077Z",
    "requestId": "ffe61b45-cb8b-5a96-83cb-5d366c735558",
    "action": "DELETE",
    "relatedResources": []
}

Audit

hashtagHow-to guides

hashtagReference guides

How-to Guides

Export Audit Logs to Amazon S3

Export Audit Logs to ADLS

hashtagCreate an ADLS shared access signature token for the export

hashtagConfigure the audit export to ADLS

hashtagTroubleshooting

Use Immuta Audit

hashtagApplying filters to find audit events

Run Governance Reports

hashtagBuild and export Immuta reports

Reference Guides

Universal Audit Model (UAM)

hashtagImmuta audit service

hashtagAudit export workflow

hashtagAudit support for platform queries

hashtagLimitations

hashtagSnowflake query audit limitation

hashtagUnity Catalog query audit limitations

hashtagStarburst (Trino) limitation

Query Audit Logs

Databricks Unity Catalog Query Audit Logs

hashtagRequirements

hashtagAudit frequency

hashtagAudit scope

hashtagAudit schema

hashtagExample audit record

hashtagLimitations

Audit Export GraphQL Reference Guide

hashtagDisable a configuration

hashtagEnable a configuration

hashtagDelete a configuration

hashtagUpdate a configuration

Unknown Users in Audit Logs

hashtagIdentify users

hashtagRegister users

Governance Report Types

hashtagUser reports options

hashtagAll users report option

hashtagIndividual user report options

hashtagGroup reports options

hashtagAll groups report option

hashtagIndividual group report options

hashtagProject reports options

hashtagData source reports options

hashtagAll data sources report option

hashtagIndividual data source reports options

hashtagPurpose reports options

hashtagPolicy type reports option

hashtagGlobal policy reports options

hashtagAll global policies report options

hashtagIndividual global policy reports option

hashtagConnection reports option

hashtagTag reports options

hashtagAll tag reports options

hashtagIndividual tag options

hashtagSensitive data discovery reports option

How-to Guides

Reference Guides

Audit

hashtagHow-to guides

hashtagReference guides

Export Audit Logs to ADLS

hashtagCreate an ADLS shared access signature token for the export

hashtagConfigure the audit export to ADLS

hashtagTroubleshooting

Query Audit Logs

Audit Export GraphQL Reference Guide

hashtagDisable a configuration

hashtagEnable a configuration

hashtagDelete a configuration

hashtagUpdate a configuration

Unknown Users in Audit Logs

hashtagIdentify users

hashtagRegister users

Run Governance Reports

hashtagBuild and export Immuta reports

Export Audit Logs to Amazon S3

How-to guides

Reference guides

Create an ADLS shared access signature token for the export

Configure the audit export to ADLS

Troubleshooting

Applying filters to find audit events

Build and export Immuta reports

Immuta audit service

Audit export workflow

Audit support for platform queries

Limitations

Snowflake query audit limitation

Unity Catalog query audit limitations

Starburst (Trino) limitation

Requirements

Audit frequency

Audit scope

Audit schema

Example audit record

Limitations

Disable a configuration

Enable a configuration

Delete a configuration

Update a configuration

Identify users

Register users

User reports options

All users report option

Individual user report options

Group reports options

All groups report option

Individual group report options

Project reports options

Data source reports options

All data sources report option

Individual data source reports options

Purpose reports options

Policy type reports option

Global policy reports options

All global policies report options

Individual global policy reports option

Connection reports option

Tag reports options

All tag reports options

Individual tag options

Sensitive data discovery reports option

How-to guides

Reference guides

Create an ADLS shared access signature token for the export

Configure the audit export to ADLS

Troubleshooting

Disable a configuration

Enable a configuration

Delete a configuration

Update a configuration

Identify users

Register users

Build and export Immuta reports

How to export using an IAM user with access key

1 - Configure an IAM user and policy

2 - Create an S3 bucket policy for the export

3 - Configure the audit export to S3

4 - Verify the export configuration connection

How to export using an AWS IAM role

1 - Configure an IAM role and policy

2 - Create an S3 bucket policy for the export

3 - Configure the audit export to S3

4 - Create a trust relationship and assume role policy

5 - Verify the export configuration connection

Troubleshooting

Applying filters to find audit events

Setting a time range

Manually sync new events

Immuta audit service

Audit export workflow

Audit support for platform queries

Limitations

Snowflake query audit limitation

Unity Catalog query audit limitations

Starburst (Trino) limitation