Activity Monitoring Log Fields

The descriptions and names of available log fields in a SaaS Security API activity monitoring log.
The activity monitoring log is generated when a user activity rule is matched.
Field Name
Description
timestamp
Time the activity occurred. Values are in
YYYY-MM-DD HH:MM:SS
format.
serial
Serial number of the organization using the service (tenant).
log_type
Type of log. In this case,
activity_monitoring
.
cloud_app_instance
Instance name of the cloud application (not the type of cloud application) associated with the activity.
severity
Policy violation or incident severity valued between
0
and
5
.
item_name
Name of the file, folder, or user associated with the activity.
item_type
Values are
File
,
Folder
, or
User
.
user
Cloud app user who performed the activity.
source_ip
Source IP address where the activity was performed.
location
Location where the activity was performed.
action
Activity that occurred. For example,
Login
or
Upload
.
target_name
Field name updated or target of the activity.
target_type
Target type. For example,
FieldName
,
Report
, or
File
.
item_unique_id
Unique ID number for an asset’s related asset.

Recommended For You