Audit

accountmanagement

---

ActiveDirectoryForestTransitionCompleted

${username} transitioned from Domain view to Forest view.

Severity	Status	Audit Event
Info	Success	Yes

BrandLogoDeleted

Brand logo was deleted.

Severity	Status	Audit Event
Info	Success	Yes

BrandLogoDeleteFailed

Unable to delete brand logo. Reason: ${reason}.

Severity	Status	Audit Event
Info	Failure	Yes

BrandLogoUpdated

Brand logo or logo URL was updated.

Severity	Status	Audit Event
Info	Success	Yes

BrandLogoUpdateFailed

Unable to update brand logo or logo URL. Reason: ${reason}.

Severity	Status	Audit Event
Info	Failure	Yes

DigestListEmailDeleted

${userEmail} deleted custom event digest, ${digestListName}, which sent emails to ${emailAddressList}.

Severity	Status	Audit Event
Info	Success	Yes

DigestListEmailUpdated

${userEmail} saved custom event digest, ${digestListName}, which sends emails to ${emailAddressList}.

Severity	Status	Audit Event
Info	Success	Yes

EulaAccepted

${userEmail} accepted the EULA.

Severity	Status	Audit Event
Info	Success	Yes

PactsafeEulaAccepted

${userEmail} accepted the Rubrik End User Licence Agreement.

Severity	Status	Audit Event
Info	Success	Yes

PactsafeEulaSnoozed

${userEmail} snoozed the Rubrik End User Licence Agreement for ${numDays} days.

Severity	Status	Audit Event
Info	Success	Yes

UpgradeToRSCFailure

${userEmail} has failed to upgrade the account to RSC at ${upgradeTime}. Reason: ${reason}.

Severity	Status	Audit Event
Info	Failure	Yes

UpgradeToRSCSuccess

${userEmail} has upgraded the account to RSC at ${upgradeTime}.

Severity	Status	Audit Event
Info	Success	Yes

UrlChangeSuccess

The RSC URL has been changed from ${oldUrl} to ${newUrl}.

Severity	Status	Audit Event
Info	Success	Yes

cdm_rbac_migration

---

DownloadCdmRbacSummaryStarted

${username} started a job to download the CDM RBAC summary from ${clusterName}.

Severity	Status	Audit Event
Info	Success	Yes

DownloadCdmRbacSummaryStartFailed

${username} failed to start a job to download the CDM RBAC summary from ${clusterName}.  Failure reason: ${reason}.

Severity	Status	Audit Event
Info	Failure	Yes

FetchCDMRbacConfigStarted

${username} started a job to fetch the CDM RBAC configurations from ${clusterName}.

Severity	Status	Audit Event
Info	Success	Yes

FetchCDMRbacConfigStartFailed

${username} failed to start a job to fetch the CDM RBAC configurations from ${clusterName}. Failure reason: ${reason}.

Severity	Status	Audit Event
Info	Failure	Yes

MigrateCDMRbacConfigStarted

${username} started a job to migrate the CDM RBAC configurations from ${clusterName} to RSC.

Severity	Status	Audit Event
Info	Success	Yes

MigrateCDMRbacConfigStartFailed

${username} failed to start a job to migrate the CDM RBAC configurations from ${clusterName} to  RSC. Failure reason: ${reason}.

Severity	Status	Audit Event
Info	Failure	Yes

chatbot

---

CreatedChatbot

${userEmail} created chatbot ${chatbotName}.

Severity	Status	Audit Event
Info	Success	Yes

DeletedChatbot

${userEmail} deleted the chatbot, ${chatbotName}.

Severity	Status	Audit Event
Info	Success	Yes

UpdatedChatbotNoNameChange

${userEmail} updated chatbot. Name unchaged: ${chatbotName}.

Severity	Status	Audit Event
Info	Success	Yes

UpdatedChatbotWithNameChange

${userEmail} updated chatbot. Renamed from ${oldChatbotName} to ${newChatbotName}.

Severity	Status	Audit Event
Info	Success	Yes

cloudaccounts

---

AzureSqlServerCreateSuccessful

Successfully created Azure SQL Server ${sqlServerName} in resource group ${resourceGroupName} in subscription ${subscriptionNativeID}.

Severity	Status	Audit Event
Info	Success	Yes

AzureSqlServerDeleteSuccessful

${userName} successfully deleted Azure SQL Server ${sqlServerName} in resource group ${resourceGroupName} in subscription ${subscriptionNativeID}.

Severity	Status	Audit Event
Info	Success	Yes

AzureSqlServerUpdateSuccessful

Successfully updated Azure SQL Server ${sqlServerName} in resource group ${resourceGroupName} in subscription ${subscriptionNativeID}.

Severity	Status	Audit Event
Info	Success	Yes

BYOKExocomputeClusterConnectSuccessful

${userEmail} successfully generated cluster setup YAML for Exocompute cluster ${clusterName}.

Severity	Status	Audit Event
Info	Success	Yes

CloudaccountsPrivilegeDeEscalationSuccessful

${userEmail} dropped a privilege escalation session for Tenant ${tenantDomain} with ID ${tenantNativeID}.

Severity	Status	Audit Event
Info	Success	Yes

CloudaccountsPrivilegeEscalationSuccessful

${userEmail} initiated a privilege escalation session for Tenant ${tenantDomain} with ID ${tenantNativeID}, using OAuth.

Severity	Status	Audit Event
Info	Success	Yes

fedramp

---

FedrampBoundaryExited

${userEmail} acknowledged that they are exiting the FedRAMP boundary and navigated to ${link}.

Severity	Status	Audit Event
Info	Success	Yes

integrations

---

CreateIntegration

User ${userID} added '${integrationType}' integration.

Severity	Status	Audit Event
Info	Success	Yes

CreateIntegrationFailed

User ${userID} failed to add '${integrationType}' integration.

Severity	Status	Audit Event
Critical	Failure	Yes

DeleteIntegration

User ${userID} deleted '${integrationType}' integration.

Severity	Status	Audit Event
Info	Success	Yes

DeleteIntegrationFailed

Deletion of '${integrationType}' integration by ${userID} failed.

Severity	Status	Audit Event
Critical	Failure	Yes

EnableIntegration

${userID} enabled the '${integrationType}' integration.

Severity	Status	Audit Event
Info	Success	Yes

o365

---

M365AzureADAppAdded

${userName} added a new authenticated Azure AD app with ID: ${appID} of type ${workloadType} for M365 tenant with ID: ${m365TenantID}.

Severity	Status	Audit Event
Info	Success	Yes

M365AzureADAppDeleted

${userName} deleted the Azure AD app with ID: ${appID} of type ${workloadType} for M365.

Severity	Status	Audit Event
Info	Success	Yes

O365RestoreFailedItemsViewed

${userID} viewed the restore failed items information of ${snappableType}  ${snappableName} corresponding to restore instance ID ${instanceID}.

Severity	Status	Audit Event
Info	Success	Yes

SwitchWorkloadToOnboardingMode

${userID} moved the ${workloadType} to onboarding mode.

Severity	Status	Audit Event
Info	Success	Yes

rkcli

---

RkcliCommandExec

Admin executed '${command}' on the ${node} node from ${ip}.

Severity	Status	Audit Event
Info	Success	Yes

saasapps

---

SaasAppsGetWorkloadTableRecords

${userID} viewed object ${objectName} of type ${snappableType}.

Severity	Status	Audit Event
Info	Success	Yes

sap_hana_database

---

CreateOnDemandSapHanaDataBackupFailed

${username} failed to start a job to create an on-demand ${backupType} backup for SAP HANA database ${dbName}. Failure reason: ${reason}.

Severity	Status	Audit Event
Info	Failure	Yes

CreateOnDemandSapHanaDataBackupStarted

${username} started a job to create an on-demand ${backupType} backup for SAP HANA database ${dbName}.

Severity	Status	Audit Event
Info	Success	Yes

CrossRestoreSapHanaDatabaseToPointInTime

${username} triggered a cross restore operation of SAP HANA database ${sourceDbName} restoring to the target database ${targetDbName}  at point in time ${pointInTime}. Reason: ${reason}

Severity	Status	Audit Event
Info	Success	Yes

RestoreSapHanaDatabaseToFullBackup

${username} triggered restore of SAP HANA database ${dbName} to full backup ${fullSnapshotId}. Reason: ${reason}

Severity	Status	Audit Event
Info	Success	Yes

RestoreSapHanaDatabaseToPointInTime

${username} triggered restore of SAP HANA database ${dbName} to point in time ${pointInTime}. Reason: ${reason}

Severity	Status	Audit Event
Info	Success	Yes

sap_hana_system

---

ConfigureRestoreSapHana

${username} configured restore on the SAP HANA ${systemName} system. Reason: ${reason}.

Severity	Status	Audit Event
Info	Success	Yes

RestoreSapHanaStorageSnapshotFailure

${username} unable to trigger a disk restore using storage snapshot with ${snapshotId} ID of SAP HANA ${systemName} system. Reason: ${reason}.

Severity	Status	Audit Event
Info	Failure	Yes

RestoreSapHanaStorageSnapshotStarted

${username} triggered a disk restore using storage snapshot with ${snapshotId} ID of SAP HANA ${systemName} system.

Severity	Status	Audit Event
Info	Success	Yes

UnconfigureRestoreSapHana

${username} reset the restore configuration on the SAP HANA ${systemName} system. Reason: ${reason}.

Severity	Status	Audit Event
Info	Success	Yes

sessionmanagement

---

CreateOrgSwitchSessionFailure

${userEmail} failed to switch to organization ${orgName}.

Severity	Status	Audit Event
Info	Failure	Yes

CreateOrgSwitchSessionSuccess

${userEmail} successfully switched to organization ${orgName}.

Severity	Status	Audit Event
Info	Success	Yes

snapshot

---

DeleteSnapshotsOfObject

${username} deleted snapshots of snappable type '${snappableType}' with name '${objName}'

Severity	Status	Audit Event
Info	Success	Yes

DeleteSnapshotsOfObjectFailed

${username} failed to delete snapshots of snappable type '${snappableType}' with name '${objName}'

Severity	Status	Audit Event
Info	Failure	Yes

support_case

---

SupportCaseCreated

${userEmail} created a support case with id: ${caseId}.

Severity	Status	Audit Event
Info	Success	Yes

SupportCaseModified

${userEmail} modified the support case with id: ${caseId}.

Severity	Status	Audit Event
Info	Success	Yes

tpr

---

TprExecuteComplete

${username} completed executing Quorum Authorization request ${requestID} to ${description}

Severity	Status	Audit Event
Info	Success	Yes

TprExecuteFail

${username} was unable to execute Quorum Authorization request ${requestID} to ${description}. Reason: ${reason}

Severity	Status	Audit Event
Warning	Failure	Yes

TprPolicyDeleteFailed

${username} was unable to delete the Quorum Authorization policy ${policyName}. Reason: ${reason}

Severity	Status	Audit Event
Warning	Failure	Yes

TprPolicyUpdateFailed

${username} was unable to update the Quorum Authorization policy ${policyName}. Reason: ${reason}

Severity	Status	Audit Event
Warning	Failure	Yes

TprStatusChange

${username} updated the status to ${status} for the Quorum Authorization request, ${requestID}, to ${description}

Severity	Status	Audit Event
Info	Success	Yes

trial

---

TrialActivationStarted

${userEmail} has started activation of the ${trialType} trial.

Severity	Status	Audit Event
Info	Success	Yes

TrialDismissed

${userEmail} dismissed the ${trialType} trial.

Severity	Status	Audit Event
Info	Success	Yes

TrialInvite

${invitorEmail} invited ${inviteeEmail} to join the ${trialType} trial.

Severity	Status	Audit Event
Info	Success	Yes

TrialOnboardingComplete

${userEmail} completed the setup for the ${trialType} trial.

Severity	Status	Audit Event
Info	Success	Yes

TrialRefreshReports

${userEmail} scheduled the refresh of the ${trialType} trial report.

Severity	Status	Audit Event
Info	Success	Yes

TrialReportSharedFailure

${userEmail} was unable to share the ${trialType} trial report with ${recipientEmail}.

Severity	Status	Audit Event
Info	Failure	Yes

TrialReportSharedSuccess

${userEmail} successfully shared the ${trialType} trial report with ${recipientEmail}.

Severity	Status	Audit Event
Info	Success	Yes

unmanaged_objects

---

SnapshotsDeletetionOnClusterProcessed

${userEmail} successfully expired unmanaged snapshots ${snapshotIdList} of object ${objectName} on cluster ${clusterName}.

Severity	Status	Audit Event
Info	Success	Yes

SnapshotsDeletetionOnPolarisProcessed

${userEmail} successfully expired unmanaged snapshots ${snapshotIdList} on polaris.

Severity	Status	Audit Event
Info	Success	Yes

SnapshotsOfObjectDeletionOnClusterProcessed

${userEmail} successfully queued request to expire all unprotected snapshots of unmanaged objects ${objectNameList} on cluster ${clusterName}.

Severity	Status	Audit Event
Info	Success	Yes

SnapshotsOfObjectDeletionOnPolarisProcessed

${userEmail} successfully expired all unprotected snapshots of unmanaged objects ${objectNameList} on polaris.

Severity	Status	Audit Event
Info	Success	Yes