Document toolboxDocument toolbox

iam.sailpoint

Owned by Juan Tomás Alonso Nieto (Deactivated)
May 08, 2023
1 min read
[ 1 Introduction ] [ 2 Valid tags and data tables ] [ 3 Tag structure ]

Introduction

The tags beginning with iam.sailpoint identify events generated by Sailpoint IdentityNow.

Valid tags and data tables

The full tag must have four levels. The first two are fixed as iam.sailpoint. The third level identifies the type of events sent, and the fourth level indicated the event subtype.

Technology

Brand

Type

Subtype

Technology

Brand

Type

Subtype

iam

sailpoint

  • identitynow

  • event

  • account_activity

These are the valid tags and corresponding data tables that will receive the parsers’ data:

Tag

Data table

Tag

Data table

iam.sailpoint.identitynow.event

iam.sailpoint.identitynow.event

iam.sailpoint.identitynow.account_activity

iam.sailpoint.identitynow.account_activity

Tag structure

[iam.sailpoint.identitynow.event] [iam.sailpoint.identitynow.account_activity]

iam.sailpoint.identitynow.event

Field

Type

Extra Label

Field

Type

Extra Label

eventdate

timestamp

-

hostname

str

-

completed

str

-

completion_status

str

-

type

str

-

requester_identity_summary

str

-

target_identity_summary__id

str

-

target_identity_summary__name

str

-

errors

str

-

warnings

str

-

execution_status

str

-

client_metadata

str

-

id

str

-

name

str

-

created

timestamp

-

modified

timestamp

-

items__id

str

-

items__name

str

-

items__requested

timestamp

-

items__approval_status

str

-

items__provisioning_status

str

-

items__requester_comment

str

-

items__reviewer_identity_summary

str

-

items__reviewer_comment

str

-

items__operation

str

-

items__attribute

str

-

items__value

str

-

items__native_identity

str

-

items__source_id

str

-

items__account_request_info

str

-

items__client_metadata

str

-

items__remove_date

str

-

items_found

int4

-

items_id

int4

-

at_devo_pulling_id

str

-

hostchain

str

✓

tag

str

✓

rawMessage

str

✓

iam.sailpoint.identitynow.account_activity

Field

Type

Extra Label

Field

Type

Extra Label

eventdate

timestamp

-

hostname

str

-

organization

str

-

pod

str

-

created

timestamp

-

id

str

-

action

str

-

type

str

-

activity_type

str

-

actor__name

str

-

destination_ip__name

str

-

stack

str

-

tracking_number

str

-

attributes__source_name

str

-

attributes__account_uuid

str

-

attributes__cloud_app_name

str

-

attributes__errors

str

-

attributes__app_id

str

-

attributes__source_id

str

-

attributes__interface

str

-

objects

str

-

operation

str

-

status

str

-

technical_name

str

-

name

str

-

synced

timestamp

-

version

str

-

at_devo_pulling_id

str

-

hostchain

str

✓

tag

str

✓

rawMessage

str

✓