AutoRABIT Knowledge Base
  • 👋Welcome to the Knowledge Base
  • Fundamentals
    • ⚡AutoRABIT Solutions
    • LearningHub
    • ℹ️FAQs
      • General User Definitions
        • ARM User Definitions
      • ARM-FAQs
        • Connection & Authentication
        • Common Errors and Resolutions
        • Deployment
        • Data Loader
        • CI Jobs
        • Retention Policy
        • nCino
      • CodeScan-FAQs
        • General
          • CodeScan Static IP Ranges
          • Difference b/w CodeScan Self-Hosted and CodeScan Cloud
          • Single Sign-On (SSO)
          • What is a Subscription Code?
          • What is a CodeScan License Key?
          • Can I use CodeScan with a proxy?
          • Not receiving email notifications
          • CodeScan Blocks, Lines, and Field Inquiries
          • How are Metric Definitions Defined?
          • What Is Cyclomatic Complexity?
          • Can I export my test results?
          • CodeScan requests read and update permissions while connecting to Bitbucket
          • SSL Certificates
          • Does SonarQube support test execution reports for pull requests?
        • CodeScan Self-Hosted Issues
          • Self-Hosted Errors and Solutions
          • Self-Hosted FAQs
          • License Errors
          • License Issues (IDE)
          • Setting the System Environment Variable
          • Setting Up CodeScan for Use with a Proxy
        • CodeScan Cloud Issues
          • Cloud Errors and Solutions
        • Common Issues and Solutions
      • Vault-FAQs
        • Vault-FAQs
        • Common Error Messages
        • Limitations
        • Unsupported Metadata Types
  • Release Notes
    • 🔁Release Notes
      • ARM Release Notes
        • Release Notes 25.2
        • Release Notes 25.1
          • Release Notes 25.1.4
          • Release Notes 25.1.3
          • Release Notes 25.1.2
          • Release Notes 25.1.0
        • Release Notes 24.4
          • Release Notes 24.4.5
          • Release Notes 24.4.4
          • Release Notes 24.4.3
          • Release Notes 24.4.2
          • Release Notes 24.4.1
        • Release Notes 24.3
          • Release Notes 24.3.5
          • Release Notes 24.3.4
          • Release Notes 24.3.3
          • Release Notes 24.3.2
          • Release Notes 24.3.1
        • Release Notes 24.2
        • Release Notes 24.1
        • Release Notes 23.1
        • Release Notes 22.3
        • Release Notes 22.2
        • Release Notes 22.1
        • Release Notes 21.6
        • Release Notes 21.5
      • CodeScan Release Notes
        • Cloud Releases
          • Release Notes 25.1
          • Release Notes 25.0
          • Release Notes 24.0
          • Prior Versions
            • Release Notes 23
              • Release Notes 23.2
              • Release Notes 23.1
            • Release Notes 22
              • Release Notes 22.8
              • Release Notes 22.7
              • Release Notes 22.4
              • Release Notes 22.3
              • Release Notes 22.2
              • Release Notes 22.1
            • Release Notes 21
              • Release Notes 21.5
              • Release Notes 21.4
            • Release Notes 4
              • Release Notes 4.5
              • Release Notes 4.4
              • Release Notes 4.3
              • Release Notes 4.2
        • Self Hosted Releases
          • Eagle Edition
            • Release Notes 25.1.0 Eagle 3.0
            • Release Notes 24.1.1 Eagle 2.0
            • Release Notes 24.1.0 Eagle
          • Tiger Edition
            • Release Notes 25.0.1 Tiger 3.0
            • Release Notes 24.0.13 Tiger 2.0
            • Release Notes 24.0.9 Tiger
          • Prior Editions
            • Release Notes 24
              • Release Notes 24.0.8
              • Release Notes 24.0.5
              • Release Notes 24.0.4
              • Release Notes 24.0.1
            • Release Notes 23.1
        • CodeScan for Government
      • nCino Release Notes
        • Release Notes 25.1
        • Release Notes 24.4
        • Release Notes 24.3
        • Release Notes 24.2
        • Release Notes 24.1
        • Release Notes 23.1
        • Release Notes 22.3
      • Vault Release Notes
        • Release Notes 25.0
        • Release Notes 24.0
        • Release Notes 23.0
        • Release Notes 22.0
        • Release Notes 21.0
      • Guard Release Notes
        • Release Notes 25.1
  • Product Guides
    • ARM
      • Getting Started
        • Signing Up with ARM
          • User Profile
        • Understanding ARM
          • What is ARM?
          • What can I do with ARM?
          • Who can use ARM?
          • ARM Supported Metadata Types
        • Navigating ARM
      • ARM Administration
        • User Management
          • User Types
          • Predefined Roles
          • Users, Roles & Permissions
          • Adding New Users
          • Assigning User Roles
          • Removing or Suspending Users
          • Exporting User Details
          • Managing User Account Settings
          • Resetting Account Passwords
          • Profiles
          • Permissions
          • Credential Manager
          • Delegating Approvals to Another User
          • Enforcing Single Sign-On (SSO)
          • Salesforce API Version
          • Changing Super Admin in ARM
        • Registration
          • Version Control Repository
            • GIT Integration
              • GIT Tag
            • SVN
            • TFS
            • Bitbucket
          • Version Control Branch
            • GIT Branch Creation
            • Creation of a TFS Branch
            • Creation of SVN Branch
          • Salesforce Org
            • Salesforce Authentication using OAuth
            • Salesforce Org Re-Authentication
          • Static Code Analysis in CI-CD
        • Subscription Management
        • Workspaces
        • Search and Substitute
        • ALM Management
      • Getting Set Up
        • Version Control Repository
          • GIT Integration
            • GIT Tag
          • SVN
          • TFS
          • Bitbucket
        • Version Control Branch
          • GIT Branch Creation
          • Creation of a TFS Branch
          • Creation of SVN Branch
        • Salesforce Org
          • Salesforce Org Management
          • Salesforce Authentication using OAuth
          • Salesforce Org Reauthentication
        • Branching Baseline
        • Static Code Analysis in CI/CD
        • Browser Support
      • ARM Features
        • Dashboard & Pipelines
          • Dashboards & Widgets
          • Pipelines
        • Webhooks
          • Configure a Webhook in Bitbucket
          • Configure a Webhook in Bitbucket Enterprise
          • Configure a Webhook in GitHub
          • Configure a Webhook in GitHub Enterprise
          • Configure a Webhook in GitLab
          • Configure a Webhook in Microsoft Azure
          • Configure a Webhook in Slack
          • Configure a Webhook in Teams
          • Configure a Webhook in Visual Studio GIT
          • Configure a webhook in Visual Studio GIT Enterprise
        • Version Control
          • Introduction to Version Control
            • Version Control Repositories Summary
            • Version Control Branch Workflow
          • Version Control Repository
          • EZ-Commits
            • How Do I Commit?
            • Commits Summary
            • Committing Individual Forms from Form Manager (RBC Metadata)
          • EZ-Merge
            • Merge Conflicts
            • Merge Requests
            • Squash and Merge
            • Git Commit History and Merge Operations Basics
          • Change Labels
            • Commit Labels
            • Release Labels
              • Selective Deployments Using Pre-Prepared Artifacts
              • Artifact Preparation and Deployment Process
            • ALM Labels
          • External Pull Request
            • Azure Cloud Authentication
            • Pull Request Support for Azure Cloud
            • External Pull Request Summary Page
          • Commit Templates
          • GIT Revert
          • Understanding Duplicate File Change Commits in Git
          • Merge Approvals
        • Data Loader
          • Single Data Loader
            • Extract Salesforce Data
            • Insert Salesforce Data
            • Update Salesforce Data
            • Upsert Salesforce Data
            • Delete Salesforce Data
            • Using Data Loader with Lookups
          • Data Loader Pro
          • Data Loader Configuration
          • Test Environment Setup
          • Validation / Workflow Rules
          • Preparing the CSV file for ARM Data Loader
        • Automation and CI
          • Create a New CI Job
            • Build a Package from Salesforce
            • Backup your project to Version Control
            • Build a package from Version Control
            • Deploy a package from a Salesforce Org
            • Deploy from Salesforce with VC backup
            • Deploy from Version Control to a Salesforce Org
            • Deploy from SFDX branch to a Salesforce Org
            • Run Test Automation Scripts
            • Install an Unlocked Package from Version Control Branch
          • Triggering Builds for your CI Job
          • CI Job History
          • CI Job List
          • Configure Callout URL
          • CI Job Rollback
          • Parallel Processor
          • Enabling GitHub Checks
          • Automate Merge When CI Builds Pass
        • Deployment
          • Monitor Deployments
          • Apex Unit Tests
          • Connecting and Syncing Salesforce Orgs
          • Creating and Deploying Changes
          • Deploying Profile and Permission Sets
          • Deployment Rollback
          • Destructive Changes
        • nCino
          • Feature Migration
            • Create a Feature Migration Template
            • Create a Feature Migration Template with Predefined nCino Objects
            • Feature Migration Summary Page
          • Feature Deployment
            • Deployment Using Feature Migration Template
            • Deployment via Template using Salesforce Org
            • Deployment Using Version Control
            • Deployment via Version Control using Salesforce Org
            • Feature Deployment Summary
          • Feature Commits
          • Feature CI Jobs
            • Running a CI Job
            • CI Job Results
            • CI Job List screen
            • nCino Webhooks
          • Post Deployment Activities
          • Specify Baseline Revision in Continuous Integration for Version Control
          • Selecting a Range of Revisions
          • nCino RBC Deployment Rollback
          • nCino Developer APIs
            • nCino API References
          • nCino Compare
          • Exclude the OwnerID from Automapping in nCino CI jobs
          • External Unique ID Validation
          • Select External Unique ID
        • Salesforce DX
          • Salesforce DX Metadata Format
          • Registering a DevHub
          • Create a Scratch Org
          • Create a Module
          • Create an Unlocked/Managed Package
          • Import an Unlocked/Managed Package
        • Reports
          • Reports Overview
          • Code Coverage Reports
          • Deployment Reports
          • Static Code Analysis
          • Audit Report
        • Environment Provisioning
          • Migration Template
            • Enable History Tracking on Objects
            • Disable History Tracking on Objects
            • Enable History Tracking on Custom Fields
            • Disable History Tracking on Custom Fields
            • Run Destructive Changes
            • Execute Anonymous Apex
            • Enable Validation Rules
            • Disable Validation Rules
            • Enable Workflow Rules
            • Disable Workflow Rules
            • Enable Flows
            • Disable Flows
            • Enable Apex Triggers
            • Disable Apex Triggers
            • Migrate Custom Settings Data
          • Unsupported Metadata Templates
            • Account Teams
              • EnableAccountTeams
              • DeleteAccount
              • DisableAccountTeams
              • NewRoleAccount
              • Reorder
              • Replace
              • SortAlphabetically
            • AddTabsinAppManager
            • ActivityButtonOverrides
            • ApexExceptionEmail
            • ComplianceBCCEmail
            • AutoNumberFields
            • Campaign Influences
              • CampaignInfluencesEnable
              • CampaignInfluencesDisable
            • Case Contact Roles
              • NewContactRoles
              • DeleteContactRoles
              • ReorderContactRoles
              • ReplaceContactRoles
            • Contact Role Templates
              • EditTeamRole
              • NewTeamRole
              • ReplaceTeamRole
            • Console Layout Assignment
              • ConsoleLayoutsAssignments
              • DeleteConsoleLayout
              • NewConsoleLayouts
            • Create Lead Mapping Rules
              • LeadMapping
            • Create Organization-Wide Email Footers
              • DeleteEmailFooters
              • EditEmailFooters
              • EmailFooters
            • Case Feed Layout
            • Create Public Groups
              • Assign Roles and Profiles to Public Groups
              • PublicGroups
            • Web to Case
            • Data Category Visibility Settings
            • Delegated Administration
              • DelegatedAdministrationNew
              • DelegatedAdministrationEdit
            • Delete Outbound Messages
            • Delete Scheduled Jobs
            • Delete Time Based Workflow
            • Disable Scheduled Reports
            • Edit Queue
            • Email to Case Settings
              • Email to Case
              • Update Email to Case
            • File Upload and Download Security
            • Fiscal Year
            • Edit Lead
            • Email Admin Settings
            • Email Relay Activation
            • Manage Email Services
              • DeleteEmailServices
              • EditEmailServices
              • NewEmailServices
            • Manage Libraries
            • Page Layout Assignment
            • Manage User Records
            • Mobile Administration
              • Mobile Dashboard Settings
              • Mobile Notifications
              • Mobile Salesforce Settings
              • Salesforce Navigation
              • Salesforce Offline
            • Multiline Layout Fields For Contract Line Items
            • Multi Line Layout Fields for Opportunity Teams
            • Territory Model Options
              • New Territory Model
              • Edit Territory Model
              • Delete Territory Model
            • Offline Briefcase Configuration
              • Offline Briefcase Configuration New
              • Offline Briefcase Configuration Edit
              • Offline Briefcase Configuration Delete
            • Opportunity Deal Alerts
              • Edit Deal Alert
              • New Deal Alert
            • Opportunity Update Reminders
              • EditReminder
            • Organization Wide Email Addresses
              • Delete
              • Edit All
              • Organization All Profile
            • Predefined Case Teams
              • DelPredefined
              • NewPredefined
              • EditAdd
              • EditRemove
              • EditName
            • Product Schedule Settings
            • Public Calendar
              • Public Calendar Delete
              • Public Calendar Edit
              • Public Calendar New
            • Public Calendars and Resources Sharing
              • Public Calendar and Resources Sharing Add
              • Public Calender and Resources Sharing Edit
              • Public Calendar and Resources Sharing Delete
            • Publish Communities
            • Quote Templates
              • Active Quote
              • Deactive Quote
              • Delete Quote
              • New Quote
            • Report Dashboards Create Manage Folders
              • Create New Dashboard Folder
              • Create New Report Folder
              • Delete Folder
              • Share Settings
            • Resource Calendar
              • Resources Calendar Delete
              • Resources Calendar Edit
              • Resources Calendar New
            • Sandbox Refresh
            • Enable Salesforce to Salesforce
            • Schedule Apex Classes Monthly
            • Schedule Apex Classes Weekly
            • Search Settings
            • Self Service Public Solutions Edit
            • Site
            • Social Accounts Contacts and Lead Settings
            • SoftPhone Layouts
              • Softphone Layout New
              • SoftPhone Layout Edit
              • SoftPhone Layout Delete
            • Solution Categories
              • Solution Category Add
              • Solution Category Edit
            • Solution Settings Edit
            • Tag Settings
            • Territory View Rules
              • Delete Territory View Rules
              • Edit Territory View Rules
              • New Territory View Rules
            • User Interface Settings
            • Update Custom Label
            • Update Url for Remote Site Settings
            • Web to Lead
              • Edit Web Lead
              • Web To Lead
      • Integration and Plugins
        • SSO
          • SSO With Microsoft Entra ID
          • SSO for OKTA
          • SSO For PingFederate
          • SSO For ADFS
          • SAML SSO (Generic IdP)
        • Active Directory
        • JIRA
        • Azure DevOps
        • OmniStudio
          • Deploying OmniStudio Components
          • OmniStudio Configuration Settings
          • Committing OmniStudio Components to a Branch
        • AccelQ
        • HashiCorp Vault
        • Provar
        • SCA for Checkmarx
          • Checkmarx One Integration
        • Apex PMD
        • CodeScan Overview
        • SonarQube
        • Jenkins
        • Visual Code Extension
          • Installing VS Code Extension
          • Configuring VS Code Extension
          • Working with VS Code Extension
        • Integrate ServiceNow with ARM
        • URL Callout Integration with Tricentis
        • ARM for Salesforce Data Cloud
      • Security Information and Event Management
        • Common Event Format (CEF) Data
        • ARM Event Type
        • Retrieval APIs
      • Developer APIs
        • Authentication
        • API Access
        • Errors
        • API References
      • On-Premises / Dedicated Instances
        • Upgrade Guides
      • Troubleshooting
        • Best Practices
          • Salesforce Deployment Best Practices
          • Version Control Best Practices
          • CI Job Configurations
          • Vlocity
          • IP Whitelist
          • How to Include Network Settings in Commit or Deployment
          • Branching Strategy & CI/CD Pipeline
          • Metadata comparison between two Salesforce Orgs
          • Working with Translations in ARM
          • Revision Range & Release Label Deployment
          • Salesforce API Version Mismatch for the CI Build and Custom Deployment
          • Prerequisite while performing a commit using AutoRABIT
          • Flows in Salesforce
        • Known Issues / Limitations
          • ARM Known Issues
          • ARM Known Limitations
          • Salesforce Known Limitations
        • How-To's
          • Configure Merge Approval
          • Check Time Stamp for Commit/Merge
          • Enable SCA Apex PMD validation criteria.
          • Create API Token
          • Create Users' Credentials
          • Configure Record Types Picklist Values
          • Configure Multi-Proxy
          • Configure Mail Server Settings
          • Notifications (Mail Server Settings)
          • Enable Delta on PermissionSets
          • Default Apex Class Configuration
          • Enable Enhanced Domains
          • Provide branch access to users
        • FAQs
    • CodeScan
      • CodeScan Overview
      • System Requirements and Installation Self-Hosted
        • Installing CodeScan Self-Hosted
      • Getting Started
        • Users, Roles and Permissions
          • User Account
          • Reset the Password
          • Adding Users to a CodeScan Cloud Organization
            • Accepting invitations to add a user to a CodeScan Organization
          • Deleting User from a CodeScan Organization
          • Member Permissions
          • IDP Group Mapping
        • Setting up a CodeScan Cloud Organization
          • About CodeScan Cloud Organizations
          • Deleting Projects and Organizations
          • Generate a Security Token
          • Finding your Organization Key
          • Finding your Project Key
          • Setting up Payment
          • Understanding branches in CodeScan Cloud
          • Understanding branches for Salesforce project
          • Understanding the New Code Tab
        • Adding Projects to CodeScan
          • Add a project to CodeScan from Salesforce
          • Add a project to CodeScan from GitHub
          • Add a Project to CodeScan from Bitbucket
          • Add a Project to CodeScan from Git
          • Add a project to CodeScan from GitLab
      • Quality Profiles
        • Setting a Default Quality Profile
        • Customizing Quality Profiles
        • Exporting CodeScan Quality Profiles
      • Quality Gates
        • Understanding Quality Gates
        • Assigning Specific Quality Gates to a Project
        • Customizing Quality Gates
      • CodeScan Rules
        • CodeScan Rule List
        • Security-Related Rules
        • Creating Custom Rules with XPath
        • Configuration for Polyfill.io Vulnerability Rules
        • Configuration for Salesforce Metadata Rules
        • Metadata Rules on CodeScan Self-Hosted
      • Issues
        • Filtering Issues in CodeScan
        • Export issues to CSV in CodeScan Cloud
        • Exporting Issues using CodeScan-Export Tool
        • About Issue Status
        • Security Hotspots
      • Report and Analysis
        • Scheduled Reports
        • Analysis Scope on CodeScan Cloud
        • Ignoring Violations
        • Importing Salesforce CLI Code Coverage
        • Housekeeping
      • CodeScan Support
        • Raise a Service Request
      • CodeScan Integration
        • Integration Requirements
        • Project Naming Conventions
        • Single Sign-On (SSO)
          • Single Sign-On with OKTA
          • Single Sign-On with Entra ID
          • Single Sign-On with ADFS
          • Single Sign-On with PingOne
        • ARM
          • CodeScan Integration with ARM
        • CodeScan SFDX Plugin
          • Run analysis locally using SFDX
          • Importing Code Coverage from SFDX projects
        • IDE Plugins
          • Installing CodeScan for VS Code
          • Installing CodeScan for IntelliJ
        • Copado
          • Copado SFDX Integration
          • Copado MDAPI Integration
        • Flosum
          • CodeScan and Flosum Integration
        • Azure DevOps
          • Scan CodeScan Cloud projects in Azure DevOps
        • GitLab
          • Integrating CodeScan in GitLab
        • Bitbucket Pipelines
          • Integrating CodeScan in Bitbucket Pipelines
          • Reattaching Bitbucket Projects
        • GitHub Actions
          • CodeScan in Github Actions using the SFDX Plugin
          • Integrating CodeScan with GitHub Actions
        • Jenkins
          • CodeScan with Windows Agents
          • CodeScan with Linux/Unix Agents
          • Use Jenkins with CodeScan Salesforce project
        • Webhooks
          • Slack integration with Zapier
    • Vault
      • Vault™ Overview
      • Getting Started
        • Registering for an Account
        • Signing In
        • Resetting your Password
        • Managing Users and Roles
        • Setting Up Multifactor Authentication in Vault
        • Managing User Sessions
        • User Profile and Permission Access for Salesforce Users
        • Transferring Admin Ownership
        • Controlling Access to the Salesforce Org
      • Configuring Vault
        • Configure Backup Environment
          • Amazon AWS S3 Storage Environment
            • Bring your own Key (BYOK) with Vault
            • IAM Role Support
          • Google Cloud Platform
          • Create an Azure Storage Account
          • Azure Blob Storage Environment
          • Microsoft Azure Blob Retention Policy
        • Licenses
        • SSO Configuration
          • SSO for OKTA
          • SSO with Microsoft Entra ID for Vault
        • Registering Salesforce Org
          • Setup backup configuration for Salesforce Org
          • Archival Configuration
          • Unique Identifier (UID)
        • Scheduled Backup List
        • Alerts & Notifications
        • Workflow/Validation Rules
        • TLS Supported
        • Creating and Configuring Proxy Servers
      • Vault Features
        • Archive
          • Archiving Your Salesforce Data
          • Parent-Child Record Archival
        • Backup
          • Start the Backup
          • Schedule a Vault Backup
          • Understanding Backup Behavior
        • Compare
          • Comparing Two Backups
        • Compliance
          • GDPR - Secure and Comply
            • Right to Be Forgotten Request
          • PCI DSS
        • Replicate
          • Job Configuration
          • Job History
          • Masking Rules
        • Reporting
          • Archive Reports
          • Stale Jobs
        • Restore
          • Restoring the Metadata/Data to the Salesforce Org
        • SIEM Logs
        • Vault Connect
      • Vault Best Practices
      • Vault-FAQs
      • Knowledge Articles
        • Backup Support for Knowledge Articles
        • Restoring Knowledge Articles with Vault
        • nCino
          • Registering nCino configured Salesforce Org
          • Backup Configuration for your Salesforce Org
          • Archival Configuration for your Salesforce Org
          • Restoring nCino Features
    • Guard
      • Risk Assessment
      • Permissions Explorer
      • Change Monitoring
      • Policies
      • Integration User License
      • Data Classification
  • Resources
    • 🖥️AutoRABIT Support
    • 💬Community Forum
    • 📙Glossary
Powered by GitBook
On this page
  • SIEM Logging – Event Logs
  • Introduction
  • How to Access SIEM Logs
  • APIs
  • SIEM Log Structure
  • Custom Keys
  • Vault Event Type
  • Messages

Was this helpful?

Edit on GitHub
Export as PDF
  1. Product Guides
  2. Vault
  3. Vault Features

SIEM Logs

PreviousRestoring the Metadata/Data to the Salesforce OrgNextVault Connect

Last updated 9 months ago

Was this helpful?

SIEM Logging – Event Logs

Introduction

Security Information and Event Management (SIEM) system logs allow you to record and transport event data.

How to Access SIEM Logs

Users have the option to download logs from the UI. Access logs using the steps below.

  • Click on "Profiles" to access the "Session Information."

  • Click on the “Session Information” tab to access the “Activity” button.

  • Click on the “Activity Log” to access user activity.

  • On “Activity Logs”, click on the “Download” dropdown to access the available options.

  • Click any of the options available to download the logs.

APIs

The following APIs are available for SIEM logs.

View or Download Event Logs as a Single File:

Use the API below to view or download event logs as a single file. Ensure you minimize the date range if a large amount of data is present within the given date range. You can use the date parameters to manipulate the response per the requirement and increment the data accordingly to fetch the next set of records.

GET: {{url}}/ARVault/eventlogs?from=2023-10-09&to=2023-10-10

  • The from and to parameters are optional.

  • If the to parameter is not provided, it downloads the logs up to the current date. If the from parameter is not provided, it will download the logs from today up to the current time.

  • If the from value is greater than the to value, the API will consider the from value as the to value and vice versa.

  • If you request a file with the same from and to parameters, it will download the log file for that day.

  • The API will prepare a single user file for the given date range without loading the files into Java memory.

  • It will save the consolidated file in the file system.

  • If the user is an admin, it will consolidate all user logs for that organization within the date range.

To download the zip:

Two APIs are involved: one to prepare the zip file and the other to download the zip file. Details are given below:

  1. GET: {{url}}/ARVault/eventlogs/prepare-zip?from=2023-10-09&to=2023-10-10

Output: A temporary token for the file, which is valid for a minute.

  • The API works in the same manner as described above, with the same from and to parameter validation and process.

  • It will prepare a consolidated zip file for the user.

  • File names are the user's email for that day, with special characters in the email replaced by '_'.

  • It returns a temporary token cached for the file for a minute.

  1. GET: {{url}}/ARVault/eventlogs/download/code/{token}

  • The token is mandatory and should be sent as input to the API.

  • If the token is invalid/expired, the API will respond with a forbidden message.

  • If the token is valid, it will download the zip file, and the token cannot be used again.

To download the consolidated file:

Two APIs are involved: one to prepare the consolidated file and the other to download the zip file. Details are given below:

  1. GET: {{url}}/ARVault/eventlogs/prepare-log?from=2023-10-09&to=2023-10-10

Output: A temporary token for the file, which is valid for a minute.

  • The API works in the same manner as described above, with the same validation and process.

  • It will prepare a consolidated file for the user. All validations are the same as the above API.

  • It returns a temporary token cached for the file for a minute.

  1. GET: {{url}}/ARVault/eventlogs/download/code/{token}

  • The token is mandatory and should be sent as input to the API.

  • If the token is invalid/expired, the API will respond with a forbidden message.

  • If the token is valid, it will download the consolidated log file.

SIEM Log Structure

The following is the structure of the log.

Date (ISO Format) SIEM:Version|Device Vendor|Device Product|Device Version|Thread Id|Name|Severity|Extension

Example: 2024-06-17T06:37:44.145Z CEF:0|AutoRabit|Vault|23.2|http-nio-8081-exec-1|ArchivalReport|Low|sessionId=<sessionid> username=example@example.com customerId=<customer id> action=<user loggedin> ip=0:0:0:0:0:0:0:1 userAgent=Chrome

The following table describes the fields of the SIEM log structure.

SL.No
Field
Data Type
Length
Description

1

Date (ISO Format) SIEM

Date Time

24

This field describes the date on which the log is created.

2

CEF Version

Number

2

This defines the version of the SIEM log.

3

Device Vendor

Text

9

This field denotes the vendor providing the device.

4

Device Product

Text

5

This denotes which product of the SIEM logs.

5

Device Version

Number

10

This denotes the product version.

6

Thread Id

Text

32

This is the ID from the server for a request.

7

Name

Text

256

This denotes the module of the product being accessed.

8

Severity

Text

10

This denotes the severity of the event logged.

9

Extension

Text

5120

This provides additional information on the event logged.

Custom Keys

The custom keys or extensions will have the following tracked in the event logs.

Key Name
Key Type
Module
Data Type
Length
Description

SessionId

Custom

All

Text

32

Identifies the user login

User Name

Custom

All

Text

255

Identifies the Loggedin User

Action

Custom

All

Text

2048

Identifies the API call

IP

Custom

All

IP

39

Identifies the device address

User Agent

Custom

All

Text

32

Identifier the browser used by the customer

CustomerId

Custom

All

Text

255

Identifies the customer

Message

Custom

All

Text

2048

Audit Log message

Vault Event Type

SI No
Event Type
Module
Description

1

AnamolyDetails

Setup > Alerts

Event type to track the configured triggers activity in Vault

2

Archival

Archive

Event type to track the activity on the Archival module

3

ArchivalReport

Archive Reports

Event type to track the user activity on the Archive Reports module

4

ArchivalReportDownload

Archive Reports

Event type to track the user download on the reports module

5

ArchivalReportItem

Archive Reports

Event type to track the user activity on the Archival Report Items

6

ArchivalReportItemQuery

Archive Reports

Event type to track the user activity on the Archival Report Item Queries

7

ArchivalReportQuery

Archive Reports

Event type to track the user activity on the Archival Report Queries

8

AwsEnviReg

Settings

Event type for tracking the AWS storage registration

9

BakupSchedulesManage

Config

Event type for tracking all the user actions on the schedules

10

BlackList

GDPR

Event type to track the user activity on GDPR module

11

Customer

User Management

Event type to track the activity every time the user details are fetched

12

DataMasking

Replicate

Event type to track activity every time the data masking is performed

13

EventLog

CEF Logs

Event type to track the user activity when the CEF logs are downloaded by the user either from API or UI

14

FileDownload

File Downloads

Event type to track the UI file downloads

15

MultiFactorAuth

User Management

Event type to track the login and access of the user(s)

16

Proxy

Vault Settings

Event type to track the activity on the proxy settings page

17

Restore

Replicate Restore

Event type to track the user activity on the Replicate & Restore modules

18

Role

User Management

Event type to track the user activity every time the user role details are fetched

19

SalesforceFeatures

Setup > Config

Event type to track the nCino Features accessed by the Vault application

20

SforgBakupCfg

Setup > BackupConfig

Event type to track the activities performed on the backup config

21

SforgBakupStatus

Backup Restore Replicate

Event type to track the user activity on the Backup Restore Replicate module

22

SfOrgConnectConfig

Setup > Config

Event type to track the Vault connect configuration

23

SfOrgConnectSync

Setup > Config

Event type to track the user activity on the Vault Connect ‘Sync With Salesforce’

24

SforgEnviReg

Settings

Event type to track the storage registration in Vault

25

SforgUniqueFiledsConfig

Unique Identifiers

Event type to track the user activity on the Unique Identifiers tabs

26

SFReader

All Modules

Event type to track the activity every time the SFORG details are read

27

StartBackup

Backup & Archive

Event type to track the activity every time the “Backup & Archive” are triggered

28

User

User Management

Event type to track the activity on the user management

29

Zoho

Zoho Integration

Event type to track the user activity when the user accesses “Zoho”

Messages

Following are the audit log messages

  • Storage

    • Storage configuration request has been submitted."

    • "Storage configuration update request has been submitted.”

  • User Management

    • "User addition request has been submitted."

    • "User activation request has been submitted."

    • "Create password request has been submitted."

    • "Reset password request has been submitted."

    • "Change password request has been submitted."

    • "Delete user request has been submitted."

    • "Deactivate user request has been submitted."

    • "Create user request has been submitted."

    • "Update user request has been submitted."

    • "User profile update request has been submitted."

    • "User logged in with details: "

    • "User logged out with details: "

    • "Session terminated by: "

    • "User got blocked with details: "

    • "MFA verification code validated successfully for user."

    • "MFA is enabled for user."

    • "MFA is disabled for user."

    • "MFA is reset for user."

    • "MFA device is successfully registered by user.”

  • Setup

    • "Backup schedule disable request has been submitted."

    • "Backup schedule enable request has been submitted.”

  • Customer Management

    • "Customer activation request has been submitted."

    • "Customer deactivation request has been submitted."

    • "Customer deletion request has been submitted.”

    • "Enable/disable org access control request has been submitted."

  • Salesforce Operations

    • "Salesforce org creation request has been submitted."

    • "Salesforce org update request has been submitted."

  • Vault Connect

    • "Sforg Odata Connector Config creation/update request has been submitted."

Backup

  • "Backup configuration creation request has been submitted."

  • "Backup configuration update request has been submitted."

  • "Backup configuration delete request has been submitted."

  • "Backup download operation has been initiated."

  • "Backup has been downloaded."

  • "Object has been downloaded from backup."

  • "Backup has been initiated."

  • "Stop backup process has been initiated."

Restore

  • "Restore operation has been initiated.”

  • "Restore deletion request has been submitted."

  • Hierarchial

    • "Hierarchical backup process has been initiated."

    • "Hierarchical backup configuration creation request has been submitted."

    • "Hierarchical backup configuration update request has been submitted."

    • "Hierarchical backup configuration delete request has been submitted.”

    • "Stop hierarchical process has been initiated.”

    • "Hierarchical backup download operation has been initiated."

  • Archive

    • "Archive process has been initiated."

    • "Archive backup configuration creation request has been submitted."

    • "Archive backup configuration update request has been submitted."

    • "Archive backup delete request has been submitted."

    • "Stop archive process has been initiated."

    • "Archive download operation has been initiated."

  • Replication

    • "Replicate operation has been initiated."

    • "Replicate configuration creation request has been submitted."

    • "Replicate configuration update request has been submitted."

    • "Replicate deletion request has been submitted."

  • Alert rules

    • "Create alert rule request has been submitted."

    • "Delete alert rule request has been submitted."

    • "Anomaly detection process has been initiated."

    • "Object has been downloaded for anomaly detection."

    • "All records have been downloaded for anomaly detection."

  • GDPR

    • "Create GDPR request has been submitted."

    • "Delete GDPR request has been submitted."

    • "Object has been downloaded from GDPR."

    • "Upload search file for GDPR request has been initiated."