KUMA audit events

Audit events are created when certain security-related actions are completed in KUMA. These events are used to ensure system integrity.

To view audit events, go to the Events section in KUMA and add "SELECT * FROM 'events' WHERE Type=4" to the query.

As a result of executing the query, audit events are displayed in the Events section if the user role allows viewing audit events.

In this section Event fields with general information User was successfully signed in or failed to sign in User login successfully changed User role was successfully changed Other data of the user was successfully changed User successfully logged out User password was successfully changed User was successfully created User role was successfully assigned User role was successfully revoked The user has successfully edited the set of fields settings to define sources Alert assigned to the user User access token was successfully changed License successfully added using a file License successfully added using an activation code Reserve license added Reserve license deleted License renewed Invalid activation code License blocked License deleted License replaced EPS exceeded License expiration and start of grace period End of grace period Expired license added Changed the set of spaces to differentiate access to events Set of fields for source detection changed Service monitoring thresholds changed KUMA Core settings modified GeoIP databases successfully imported Service was successfully created Service was successfully deleted Service was successfully reloaded Service was successfully restarted Service was successfully started Service was successfully paired Service status was changed Storage partition was deleted by user Storage partition was deleted automatically due to expiration Storage partition was deleted automatically or moved due to exceeding the storage capacity. Active list was successfully cleared or operation failed Active list item was successfully changed, or operation was unsuccessful Active list item was successfully deleted or operation was unsuccessful Active list was successfully imported or operation failed Active list was exported successfully Context table successfully exported Context table successfully imported or operation failed Active list item successfully modified or operation failed Context table item deleted Context table successfully cleared Resource was successfully added Resource was successfully deleted Resource was successfully updated Importing resources Asset was successfully created Asset was successfully deleted Asset category was successfully added Asset category was deleted successfully Settings were updated successfully Tenant was successfully created Tenant was successfully enabled Tenant was successfully disabled Other tenant data was successfully changed Updated data retention policy after changing drives The dictionary was successfully updated on the service or operation was unsuccessful Dictionary entry successfully added Incident successfully created Incident successfully closed Incident assigned to user Alert linked to incident or unlinked from incident VictoriaMetrics alert registered for service Event linked to alert or unlinked from an alert Dictoionary entry successfully deleted or the operation failed Response in Active Directory Extended event schema field created Extended event schema field edited Extended event schema field imported Normalizer with extended event schema field imported Extended event schema field deleted Query sent to KIRA KICS/KATA response Kaspersky Automated Security Awareness Platform response KEDR response Importing MITRE ATT&CK techniques and tactics

Page top