Admin Audit Log Fields

The descriptions and names of available log fields in a Prisma SaaS administration activity log.
The admin audit log is generated when a Prisma SaaS administrator performs an action such as the remediation of an incident, creating a new policy rule, or adding internal or external collaborators.
Field Name
Description
event_date
The time the configuration change occurred. Values are in
YYYY-MM-DD HH:MM:SS
format.
serial
Serial number of the organization using the service (tenant).
log_type
The event type recorded. (
Admin Audit
)
admin_id
The email account associated with the Prisma SaaS administrator.
admin_role
Role assigned to the administrator:
super_admin
,
admin
,
limited_admin
, or
read_only
ip
The IP address of the administrator who performed the action.
event_type
Type of configuration change:
settings
,
policy
,
remediation
,
login
item_type
The type of item in the configuration that changed:
user
,
apps
,
settings
,
content_policy
,
file
,
risk
,
general_settings
item_name
The name of the item that changed in the configuration.
field
The name of the field associated with the configuration change.
action
The configuration change activity that occurred:
create
,
edit
,
delete
,
login
,
logout
resource_value_old
The value before the configuration change occurred.
resource_value_new
The value after the configuration change occurred.
FUTURE_USE
Not currently implemented
FUTURE_USE
Not currently implemented

Related Documentation