KUMA audit events

Audit events are created when certain security-related actions are completed in KUMA. These events are used to ensure system integrity.

To view audit events, go to the Events section in KUMA and add "SELECT * FROM 'events' WHERE Type=4" to the query.

As a result of executing the query, audit events are displayed in the Events section if the user role allows viewing audit events.

In this section

Event fields with general information

User was successfully signed in or failed to sign in

User login successfully changed

User role was successfully changed

Other data of the user was successfully changed

User successfully logged out

User password was successfully changed

User was successfully created

User role was successfully assigned

User role was successfully revoked

The user has successfully edited the set of fields settings to define sources

User access token was successfully changed

Service was successfully created

Service was successfully deleted

Service was successfully reloaded

Service was successfully restarted

Service was successfully started

Service was successfully paired

Service status was changed

Victoria Metrics alert registered for the service

Monitoring thresholds changed for the service

Storage partition was deleted by user

Storage partition was deleted automatically due to expiration

Active list was successfully cleared or operation failed

Active list item was successfully changed, or operation was unsuccessful

Active list item was successfully deleted or operation was unsuccessful

Active list was successfully imported or operation failed

Active list was exported successfully

Resource was successfully added

Resource was successfully deleted

Resource was successfully updated

Asset was successfully created

Asset was successfully deleted

Asset category was successfully added

Asset category was deleted successfully

Settings were updated successfully

Tenant was successfully created

Tenant was successfully enabled

Tenant was successfully disabled

Other tenant data was successfully changed

Updated data retention policy after changing drives

The dictionary was successfully updated on the service or operation was unsuccessful

Response in Active Directory

Response via KICS for Networks

Kaspersky Automated Security Awareness Platform response

KEDR response

Page top