KUMA audit events

Audit events are created when certain security-related actions are completed in KUMA. These events are used to ensure system integrity.

To view audit events, go to the Events section in KUMA and add "SELECT * FROM 'events' WHERE Type=4" to the query.

As a result of executing the query, audit events are displayed in the Events section if the user role allows viewing audit events.

In this section

Event fields with general information

User was successfully signed in or failed to sign in

User login successfully changed

User role was successfully changed

Other data of the user was successfully changed

User successfully logged out

User password was successfully changed

User was successfully created

User role was successfully assigned

User role was successfully revoked

The user has successfully edited the set of fields settings to define sources

Alert assigned to the user

User access token was successfully changed

License successfully added using a file

License successfully added using an activation code

Reserve license added

Reserve license deleted

License renewed

Invalid activation code

License blocked

License deleted

License replaced

EPS exceeded

License expiration and start of grace period

End of grace period

Expired license added

Changed the set of spaces to differentiate access to events

Set of fields for source detection changed

Service monitoring thresholds changed

KUMA Core settings modified

GeoIP databases successfully imported

Service was successfully created

Service was successfully deleted

Service was successfully reloaded

Service was successfully restarted

Service was successfully started

Service was successfully paired

Service status was changed

Storage partition was deleted by user

Storage partition was deleted automatically due to expiration

Storage partition was deleted automatically or moved due to exceeding the storage capacity.

Active list was successfully cleared or operation failed

Active list item was successfully changed, or operation was unsuccessful

Active list item was successfully deleted or operation was unsuccessful

Active list was successfully imported or operation failed

Active list was exported successfully

Context table successfully exported

Context table successfully imported or operation failed

Active list item successfully modified or operation failed

Context table item deleted

Context table successfully cleared

Resource was successfully added

Resource was successfully deleted

Resource was successfully updated

Importing resources

Asset was successfully created

Asset was successfully deleted

Asset category was successfully added

Asset category was deleted successfully

Settings were updated successfully

Tenant was successfully created

Tenant was successfully enabled

Tenant was successfully disabled

Other tenant data was successfully changed

Updated data retention policy after changing drives

The dictionary was successfully updated on the service or operation was unsuccessful

Dictionary entry successfully added

Incident successfully created

Incident successfully closed

Incident assigned to user

Alert linked to incident or unlinked from incident

VictoriaMetrics alert registered for service

Event linked to alert or unlinked from an alert

Dictoionary entry successfully deleted or the operation failed

Response in Active Directory

Extended event schema field created

Extended event schema field edited

Extended event schema field imported

Normalizer with extended event schema field imported

Extended event schema field deleted

Query sent to KIRA

KICS/KATA response

Kaspersky Automated Security Awareness Platform response

KEDR response

Importing MITRE ATT&CK techniques and tactics

Page top