Audit Log Schema 1.0.0
Introduction
The following table lists the fields that can be included in an audit log record generated by the Carbon Black Cloud.
This Data Forwarder Schema is aligned with the Audit Logs API schema.
Resources
Data Types
Find more detail on the data types here.
Fields
| Field Name | Definition | Datatype |
|---|---|---|
actor |
Name of the entity that caused the creation of this audit log | String |
actor_ip |
IP address of the entity that caused the creation of this audit log | String |
create_time |
Timestamp when this audit log was created in ISO-8601 string format | String |
description |
Text description of this audit log | String |
flagged |
Whether the audit has been flagged | Boolean |
org_key |
Organization Key | String |
request_url |
URL of the request that caused the creation of this audit log | String |
verbose |
Whether the audit has been marked verbose | Boolean |
Note: flagged and verbose are not included in Audit Log Forwarder output if FALSE; other fields will not be included in output when empty.
Data Samples
The following are samples of data: auditlog
auditlog
{
"actor_ip": "10.10.1.2",
"actor": "john.doe@example.com",
"create_time": "2025-05-15T12:23:27Z",
"description": "john.doe@example.com logged in successfully",
"org_key": "ABCDE12345"
}Last modified on June 13, 2025