iam.sailpoint

[ 1 Introduction ] [ 2 Valid tags and data tables ] [ 3 Tag structure ]

Introduction

The tags beginning with iam.sailpoint identify events generated by Sailpoint IdentityNow.

Valid tags and data tables

The full tag must have four levels. The first two are fixed as iam.sailpoint. The third level identifies the type of events sent, and the fourth level indicated the event subtype.

Technology	Brand	Type	Subtype

Technology	Brand	Type	Subtype
iam	sailpoint	identitynow	event account_activity

These are the valid tags and corresponding data tables that will receive the parsers’ data:

Tag	Data table

Tag	Data table
iam.sailpoint.identitynow.event	iam.sailpoint.identitynow.event
iam.sailpoint.identitynow.account_activity	iam.sailpoint.identitynow.account_activity

Tag structure

[iam.sailpoint.identitynow.event] [iam.sailpoint.identitynow.account_activity]

iam.sailpoint.identitynow.event

Field	Type	Extra Label

Field	Type	Extra Label
eventdate	`timestamp`	-
hostname	`str`	-
completed	`str`	-
completion_status	`str`	-
type	`str`	-
requester_identity_summary	`str`	-
target_identity_summary__id	`str`	-
target_identity_summary__name	`str`	-
errors	`str`	-
warnings	`str`	-
execution_status	`str`	-
client_metadata	`str`	-
id	`str`	-
name	`str`	-
created	`timestamp`	-
modified	`timestamp`	-
items__id	`str`	-
items__name	`str`	-
items__requested	`timestamp`	-
items__approval_status	`str`	-
items__provisioning_status	`str`	-
items__requester_comment	`str`	-
items__reviewer_identity_summary	`str`	-
items__reviewer_comment	`str`	-
items__operation	`str`	-
items__attribute	`str`	-
items__value	`str`	-
items__native_identity	`str`	-
items__source_id	`str`	-
items__account_request_info	`str`	-
items__client_metadata	`str`	-
items__remove_date	`str`	-
items_found	`int4`	-
items_id	`int4`	-
at_devo_pulling_id	`str`	-
hostchain	`str`	✓
tag	`str`	✓
rawMessage	`str`	✓

iam.sailpoint.identitynow.account_activity

Field	Type	Extra Label

Field	Type	Extra Label
eventdate	`timestamp`	-
hostname	`str`	-
organization	`str`	-
pod	`str`	-
created	`timestamp`	-
id	`str`	-
action	`str`	-
type	`str`	-
activity_type	`str`	-
actor__name	`str`	-
destination_ip__name	`str`	-
stack	`str`	-
tracking_number	`str`	-
attributes__source_name	`str`	-
attributes__account_uuid	`str`	-
attributes__cloud_app_name	`str`	-
attributes__errors	`str`	-
attributes__app_id	`str`	-
attributes__source_id	`str`	-
attributes__interface	`str`	-
objects	`str`	-
operation	`str`	-
status	`str`	-
technical_name	`str`	-
name	`str`	-
synced	`timestamp`	-
version	`str`	-
at_devo_pulling_id	`str`	-
hostchain	`str`	✓
tag	`str`	✓
rawMessage	`str`	✓