Saltar al contenido principal

Catálogo de Eventos de Auditoría

Este catálogo enumera todos los nombres de eventos de auditoría de VaultPAM de nivel público y sus categorías. Está destinado a ingenieros de SIEM que construyen reglas de detección y revisores de cumplimiento que validan la cobertura de auditoría — no para construir integraciones de cliente contra el esquema completo de eventos. El esquema de campos completo (actor, objetivo, metadatos, retención) está disponible en la referencia de API restringida; contacte con el soporte para solicitar acceso.

Este catálogo se genera automáticamente desde la fuente. No edite directamente. Para regenerar, ejecute scripts/docs/generate_audit_event_catalog.sh.

Eventos del Plano de Control

ConstanteCadena de TransmisiónCategoría
AGENT_PAIRING_INITIATEDAgent Pairing InitiatedAgent / Connectivity
AGENT_PAIRING_COMPLETEDAgent Pairing CompletedAgent / Connectivity
AGENT_PAIRING_FAILEDAgent Pairing FailedAgent / Connectivity
AGENT_HEARTBEAT_RECEIVEDAgent Heartbeat ReceivedAgent / Connectivity
AGENT_CONNECTIVITY_CHECKAgent Connectivity CheckAgent / Connectivity
CONNECTOR_REGISTRATIONConnector RegistrationAgent / Connectivity
CONNECTOR_UPGRADEConnector UpgradeAgent / Connectivity
CONNECTOR_DECOMMISSIONEDConnector DecommissionedAgent / Connectivity
USER_ACCESS_REQUEST_CREATEDUser Access Request CreatedIdentity / Access / Sharing
ACCESS_REQUEST_APPROVEDAccess Request ApprovedIdentity / Access / Sharing
ACCESS_REQUEST_REJECTEDAccess Request RejectedIdentity / Access / Sharing
ACCESS_DELEGATION_GRANTEDAccess Delegation GrantedIdentity / Access / Sharing
ACCESS_DELEGATION_REVOKEDAccess Delegation RevokedIdentity / Access / Sharing
ROLE_ASSIGNMENT_CHANGEDRole Assignment ChangedIdentity / Access / Sharing
POLICY_ASSIGNMENT_CHANGEDPolicy Assignment ChangedIdentity / Access / Sharing
MFA_CHALLENGE_TRIGGEREDMFA Challenge TriggeredIdentity / Access / Sharing
MFA_VERIFICATION_SUCCEEDEDMFA Verification SucceededIdentity / Access / Sharing
MFA_VERIFICATION_FAILEDMFA Verification FailedIdentity / Access / Sharing
MFA_SESSIONS_INVALIDATEDMFA Sessions InvalidatedIdentity / Access / Sharing
MFA_RECOVERY_REQUESTEDmfa.recovery.requestedIdentity / Access / Sharing
MFA_RECOVERY_VERIFIEDmfa.recovery.verifiedIdentity / Access / Sharing
MFA_RECOVERY_PENDING_ADMIN_APPROVALmfa.recovery.pending_admin_approvalIdentity / Access / Sharing
MFA_RECOVERY_APPROVEDmfa.recovery.approvedIdentity / Access / Sharing
MFA_RECOVERY_DENIEDmfa.recovery.deniedIdentity / Access / Sharing
MFA_RECOVERY_GRANT_ISSUEDmfa.recovery.grant_issuedIdentity / Access / Sharing
MFA_RECOVERY_GRANT_CONSUMEDmfa.recovery.grant_consumedIdentity / Access / Sharing
MFA_RECOVERY_EXPIREDmfa.recovery.expiredIdentity / Access / Sharing
MFA_RECOVERY_COMPLETEDmfa.recovery.completedIdentity / Access / Sharing
MFA_BACKUP_CODES_GENERATEDmfa.backup_codes.generatedIdentity / Access / Sharing
MFA_BACKUP_CODES_USEDmfa.backup_codes.usedIdentity / Access / Sharing
MFA_BACKUP_CODES_REGENERATEDmfa.backup_codes.regeneratedIdentity / Access / Sharing
PRIVILEGED_ACCOUNT_CREATEDPrivileged Account CreatedAccounts / Secrets / Credentials
PRIVILEGED_ACCOUNT_UPDATEDPrivileged Account UpdatedAccounts / Secrets / Credentials
PRIVILEGED_ACCOUNT_DISABLEDPrivileged Account DisabledAccounts / Secrets / Credentials
CREDENTIAL_CHECKOUT_STARTEDCredential Check-out StartedAccounts / Secrets / Credentials
CREDENTIAL_CHECKOUT_COMPLETEDCredential Check-out CompletedAccounts / Secrets / Credentials
CREDENTIAL_CHECKIN_COMPLETEDCredential Check-in CompletedAccounts / Secrets / Credentials
CREDENTIAL_ROTATION_STARTEDCredential Rotation StartedAccounts / Secrets / Credentials
CREDENTIAL_ROTATION_COMPLETEDCredential Rotation CompletedAccounts / Secrets / Credentials
CREDENTIAL_ROTATION_FAILEDCredential Rotation FailedAccounts / Secrets / Credentials
SECRET_ACCESSEDSecret Accessed (Metadata-only)Accounts / Secrets / Credentials
CONNECTION_DEFINITION_CREATEDConnection Definition CreatedConnections / Sessions
CONNECTION_DEFINITION_UPDATEDConnection Definition UpdatedConnections / Sessions
CONNECTION_DEFINITION_DELETEDConnection Definition DeletedConnections / Sessions
SESSION_START_REQUESTEDSession Start RequestedConnections / Sessions
SESSION_ESTABLISHEDSession EstablishedConnections / Sessions
SESSION_RECORDING_STARTEDSession Recording StartedConnections / Sessions
SESSION_POLICY_ENFORCEDSession Policy EnforcedConnections / Sessions
SESSION_SUSPENDEDSession SuspendedConnections / Sessions
SESSION_TERMINATED_BY_USERSession Terminated by UserConnections / Sessions
SESSION_TERMINATED_BY_ADMINSession Terminated by AdminConnections / Sessions
SESSION_TERMINATED_BY_SYSTEMSession Terminated by SystemConnections / Sessions
SESSION_RECORDING_FINALIZEDSession Recording FinalizedConnections / Sessions
SESSION_PLAYBACK_ACCESSEDSession Playback AccessedConnections / Sessions
HTTP_SESSION_STARTEDHTTP_SESSION_STARTEDConnections / Sessions
HTTP_SESSION_ENDEDHTTP_SESSION_ENDEDConnections / Sessions
HTTP_URL_DENIEDHTTP_URL_DENIEDConnections / Sessions
HTTP_CREDENTIAL_INJECTEDHTTP_CREDENTIAL_INJECTEDConnections / Sessions
AUDIT_LOG_VIEWEDAudit Log ViewedAdmin / Platform / Audit
AUDIT_LOG_EXPORT_REQUESTEDAudit Log Export RequestedAdmin / Platform / Audit
AUDIT_LOG_EXPORT_COMPLETEDAudit Log Export CompletedAdmin / Platform / Audit
RETENTION_POLICY_CHANGEDRetention Policy ChangedAdmin / Platform / Audit
TENANT_SETTINGS_UPDATEDTenant Settings UpdatedAdmin / Platform / Audit
API_TOKEN_CREATEDAPI Token CreatedAdmin / Platform / Audit
API_TOKEN_REVOKEDAPI Token RevokedAdmin / Platform / Audit
SECURITY_INCIDENT_FLAGGEDSecurity Incident FlaggedAdmin / Platform / Audit
SYSTEM_ERROR_LOGGEDSystem Error LoggedAdmin / Platform / Audit
INVITATION_SENTInvitation SentInvitation Lifecycle
INVITATION_ACCEPTEDInvitation AcceptedInvitation Lifecycle
INVITATION_REVOKEDInvitation RevokedInvitation Lifecycle
INVITATION_RESENTInvitation ResentInvitation Lifecycle
INVITATION_EXPIREDInvitation ExpiredInvitation Lifecycle
INVITATION_ACCEPT_BLOCKEDInvitation Accept BlockedInvitation Lifecycle
INVITE_ACCEPT_STARTEDinvite_accept_startedInvitation Lifecycle
INVITE_TOKEN_INVALID_OR_EXPIREDinvite_token_invalid_or_expiredInvitation Lifecycle
INVITE_EMAIL_MISMATCH_BLOCKEDinvite_email_mismatch_blockedInvitation Lifecycle
INVITE_ACCEPTEDinvite_acceptedInvitation Lifecycle
ORG_SUBMISSION_STARTEDorg_submission_startedInvitation Lifecycle
ORG_SUBMISSION_SUBMITTEDorg_submission_submittedInvitation Lifecycle
ORG_SUBMISSION_APPROVEDorg_submission_approvedInvitation Lifecycle
ORG_SUBMISSION_REJECTEDorg_submission_rejectedInvitation Lifecycle
PROVIDER_FLOW_FAILEDprovider_flow_failedInvitation Lifecycle
PENDING_STATE_VIEWEDpending_state_viewedInvitation Lifecycle
PLATFORM_USER_INVITEDPlatform User InvitedPlatform Users Management
PLATFORM_USER_REMOVEDPlatform User RemovedPlatform Users Management
PLATFORM_USER_ROLE_CHANGEDPlatform User Role ChangedPlatform Users Management
PLATFORM_USER_MFA_RESETPlatform User MFA ResetPlatform Users Management
PLATFORM_INVITATION_ACCEPTEDPlatform Invitation AcceptedPlatform Users Management
PLATFORM_USER_INVITE_REJECTEDPlatform User Invite RejectedPlatform Users Management
PLATFORM_SELF_REMOVAL_BLOCKEDPlatform Self Removal BlockedPlatform Users Management
PLATFORM_LAST_ADMIN_REMOVAL_BLOCKEDPlatform Last Admin Removal BlockedPlatform Users Management
PLATFORM_LAST_ADMIN_MFA_RESET_BLOCKEDPlatform Last Admin MFA Reset BlockedPlatform Users Management
PLATFORM_USERS_LISTEDPlatform Users ListedPlatform Users Management
PLATFORM_INVITATIONS_LISTEDPlatform Invitations ListedPlatform Users Management
GROUP_CREATEDgroup.createdGroups / Safe Access
GROUP_UPDATEDgroup.updatedGroups / Safe Access
GROUP_DELETEDgroup.deletedGroups / Safe Access
GROUP_MEMBER_ADDEDgroup.member.addedGroups / Safe Access
GROUP_MEMBER_REMOVEDgroup.member.removedGroups / Safe Access
SAFE_GROUP_ASSIGNMENT_CREATEDsafe.group_assignment.createdGroups / Safe Access
SAFE_GROUP_ASSIGNMENT_UPDATEDsafe.group_assignment.updatedGroups / Safe Access
SAFE_GROUP_ASSIGNMENT_REMOVEDsafe.group_assignment.removedGroups / Safe Access
SAFE_MEMBER_ADDEDsafe.member.addedGroups / Safe Access
SAFE_MEMBER_ROLE_UPDATEDsafe.member.role_updatedGroups / Safe Access
SAFE_MEMBER_REMOVEDsafe.member.removedGroups / Safe Access
SAFE_DERIVED_ACCESS_GRANTEDsafe.derived_access.grantedGroups / Safe Access
SAFE_DERIVED_ACCESS_REVOKEDsafe.derived_access.revokedGroups / Safe Access
SAFE_DERIVED_ACCESS_ROLE_CHANGEDsafe.derived_access.role_changedGroups / Safe Access
GROUP_MUTATION_DENIEDgroup.mutation.deniedGroups / Safe Access
ORG_GOVERNANCE_ACTION_REQUESTEDorg_governance.action_requestedOrg-Scoped Governance Actions
ORG_GOVERNANCE_ACTION_APPROVEDorg_governance.action_approvedOrg-Scoped Governance Actions
ORG_GOVERNANCE_ACTION_REJECTEDorg_governance.action_rejectedOrg-Scoped Governance Actions
PLATFORM_CROSS_ORG_GOVERNANCE_VIEWEDplatform.cross_org_governance_viewedCross-Org Governance
ORG_GOVERNANCE_QUEUE_EXPORTEDorg_governance.queue_exportedCross-Org Governance
ORG_GOVERNANCE_SELF_APPROVAL_BLOCKEDorg_governance.self_approval_blockedCross-Org Governance
PHONE_VERIFICATION_CODE_SENTphone_verification_code_sentPhone / SMS Verification
PHONE_VERIFICATION_SUCCEEDEDphone_verification_succeededPhone / SMS Verification
PHONE_VERIFICATION_FAILEDphone_verification_failedPhone / SMS Verification
PHONE_VERIFICATION_EXPIREDphone_verification_expiredPhone / SMS Verification
PHONE_CHANGE_REQUESTEDphone_change_requestedPhone / SMS Verification
PHONE_CHANGE_COMMITTEDphone_change_committedPhone / SMS Verification
PHONE_CHANGE_ABANDONEDphone_change_abandonedPhone / SMS Verification
AUDIT_PHONE_DIGEST_KEY_ROTATEDaudit_phone_digest_key_rotatedPhone / SMS Verification
PHONE_VERIFICATION_CODE_SEND_BLOCKED_PROVIDER_UNAVAILABLEphone_verification_code_send_blocked_provider_unavailablePhone / SMS Verification
PHONE_VERIFICATION_BOOT_PROVIDER_GATE_PASSEDphone_verification_boot_provider_gate_passedPhone / SMS Verification
PHONE_VERIFICATION_CODE_SEND_BLOCKED_RATE_LIMITphone_verification_code_send_blocked_rate_limitPhone / SMS Verification
PHONE_CHANGE_CONCURRENT_MODIFICATIONphone_change_concurrent_modificationPhone / SMS Verification
PHONE_CHANGE_CANCELphone_change_cancelPhone / SMS Verification
USERS_PHONE_PROPAGATED_FROM_REGISTRATIONusers_phone_propagated_from_registrationPhone / SMS Verification
USERS_PHONE_PROPAGATION_SKIPPED_CONFLICTusers_phone_propagation_skipped_conflictPhone / SMS Verification

Eventos SSH Compartidos por Proxy

Re-exportados por el plano de control como tipos de eventos PROXY_SSH_*.

ConstanteCadena de TransmisiónDescripción
PROXY_SSH_SESSION_OPENEDproxy.ssh.session.openedSesión SSH abierta correctamente — post-grant verify, upstream connect, channel ready.
PROXY_SSH_SESSION_CLOSEDproxy.ssh.session.closedSesión SSH cerrada — channel close, upstream EOF, o client disconnect.
PROXY_SSH_AUTH_REJECTEDproxy.ssh.auth.rejectedAutenticación SSH rechazada en el proxy — invalid grant, expired grant, replay, o unauthorized key.
PROXY_SSH_RECORDING_WRITTENproxy.ssh.recording.writtenArtefacto de grabación SSH finalizado y persistido en el almacén de grabaciones.

Niveles de Gravedad

ValorSignificado
DEBUGDiagnóstico de bajo nivel; no se reenvía a SIEM de forma predeterminada.
INFORegistro de operación normal.
WARNCondición recuperable que puede requerir atención.
ERROROperación fallida; puede requerir investigación.
CRITICALFallo significativo desde el punto de vista de la seguridad; siempre se reenvía a SIEM.

Tipos de Actor

ValorDescripción
UserUsuario final actuando en su propio nombre.
TenantAdminAdministrador a nivel de organización.
SystemAcción del sistema automatizada sin disparo directo del usuario.
ServiceAccountToken de API o cuenta de máquina.
PlatformAdminOperador de plataforma entre organizaciones.
OrgAdminRol de administrador con alcance de organización.
ConnectorAgente Connector actuando de forma autónoma.

Tipos de Objetivo

ValorDescripción
AccountCuenta privilegiada u objeto de credencial.
ConnectionDefinición de conexión.
SessionSesión activa o completada.
AgentAgente Connector o proxy.
PolicyPolítica de acceso o sesión.
SecretSecreto o carga útil de credencial.
TenantEntidad Tenant/org.
API TokenObjeto de token de API.
InvitationRegistro de invitación.
AuditLogConsulta o exportación de registro de auditoría.
GovernanceActionSolicitud de aprobación de gobernanza.
SafeContenedor Safe.