Document toolboxDocument toolbox

iam.sailpoint

Owned by Former user (Deleted)
Last updated: Mar 19, 2024 by Juan Tomás Alonso Nieto (Deactivated)
1 min read
[ 1 Introduction ] [ 2 Valid tags and data tables ] [ 3 Table structure ]

Introduction

The tags beginning with iam.sailpoint identify events generated by SailPoint IdentityNow.

Valid tags and data tables

The full tag must have four levels. The first two are fixed as iam.sailpoint. The third level identifies the type of events sent, and the fourth level indicated the event subtype.

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service

Tags

Data tables

Product / Service

Tags

Data tables

SailPoint IdentityNow

iam.sailpoint.events.ERROR

iam.sailpoint.events

iam.sailpoint.events.DEBUG

iam.sailpoint.identitynow.account_activities

iam.sailpoint.identitynow.account_activities

iam.sailpoint.identitynow.account_activity

iam.sailpoint.identitynow.account_activity

iam.sailpoint.identitynow.event

iam.sailpoint.identitynow.event

iam.sailpoint.identitynow.events

iam.sailpoint.identitynow.events

For more information, read more about Devo tags.

Table structure

These are the fields displayed in these tables:

iam.sailpoint.events

Field

Type

Field transformation

Source field name

Extra field

Field

Type

Field transformation

Source field name

Extra field

eventdate

timestamp

 

 

 

host

str

split(hostchain, "=", 0)

hostchain

 

level

str

 

 

 

type

str

 

 

 

source

str

 

 

 

message

str

 

 

 

hostchain

str

 

 

✓

tag

str

 

 

✓

rawMessage

str

 

rawSource

✓

iam.sailpoint.identitynow.account_activities

Field

Type

Extra field

Field

Type

Extra field

eventdate

timestamp

 

hostname

str

 

organization

str

 

pod

str

 

created

timestamp

 

id

str

 

action

str

 

type

str

 

_type

str

 

actor__name

str

 

destination_ip__name

str

 

stack

str

 

tracking_number

str

 

attributes__source_name

str

 

attributes__account_uuid

str

 

attributes__cloud_app_name

str

 

attributes__errors

str

 

attributes__app_id

str

 

attributes__source_id

str

 

attributes__interface

str

 

objects

str

 

operation

str

 

status

str

 

technical_name

str

 

name

str

 

synced

timestamp

 

version

str

 

at_devo_pulling_id

str

 

hostchain

str

✓

tag

str

✓

rawMessage

str

✓

iam.sailpoint.identitynow.account_activity

Field

Type

Extra field

Field

Type

Extra field

eventdate

timestamp

 

hostname

str

 

organization

str

 

pod

str

 

created

timestamp

 

id

str

 

action

str

 

type

str

 

activity_type

str

 

actor__name

str

 

destination_ip__name

str

 

stack

str

 

tracking_number

str

 

attributes__source_name

str

 

attributes__account_uuid

str

 

attributes__cloud_app_name

str

 

attributes__errors

str

 

attributes__app_id

str

 

attributes__source_id

str

 

attributes__interface

str

 

objects

str

 

operation

str

 

status

str

 

technical_name

str

 

name

str

 

synced

timestamp

 

version

str

 

completed

timestamp

 

completion_status

str

 

requester_identity_summary

str

 

target_identity_summary__id

str

 

target_identity_summary__name

str

 

errors

str

 

warnings

str

 

execution_status

str

 

client_metadata

str

 

modified

timestamp

 

items__id

str

 

items__name

str

 

items__requested

timestamp

 

items__approval_status

str

 

items__provisioning_status

str

 

items__requester_comment

str

 

items__reviewer_identity_summary

str

 

items__reviewer_comment

str

 

items__operation

str

 

items__attribute

str

 

items__value

str

 

items__native_identity

str

 

items__source_id

str

 

items__account_request_info

str

 

items__client_metadata

str

 

items__remove_date

str

 

items_found

int4

 

items_id

int4

 

at_devo_pulling_id

str

 

hostchain

str

✓

tag

str

✓

rawMessage

str

✓

iam.sailpoint.identitynow.event

Field

Type

Field transformation

Source field name

Extra fields

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

 

 

 

hostname

str

 

 

 

completed

str

 

 

 

completion_status

str

 

 

 

type

str

 

 

 

requester_identity_summary

str

 

 

 

target_identity_summary__id

str

 

 

 

target_identity_summary__name

str

 

 

 

errors

str

 

 

 

warnings

str

 

 

 

execution_status

str

 

 

 

client_metadata

str

 

 

 

id

str

 

 

 

name

str

 

 

 

created

timestamp

 

 

 

modified

timestamp

 

 

 

items__id

str

 

 

 

items__name

str

 

 

 

items__requested

timestamp

 

 

 

items__approval_status

str

 

 

 

items__provisioning_status

str

 

 

 

items__requester_comment

str

 

 

 

items__reviewer_identity_summary

str

 

 

 

items__reviewer_comment

str

 

 

 

items__operation

str

 

 

 

items__attribute

str

 

 

 

items__value

str

 

 

 

items__native_identity

str

 

 

 

items__source_id

str

 

 

 

items__account_request_info

str

 

 

 

items__client_metadata

str

 

 

 

items__remove_date

str

 

 

 

items_found

int4

 

 

 

items_id

int4

 

 

 

organization

str

 

 

 

pod

str

 

 

 

action

str

 

 

 

actor__name

str

 

 

 

destination_ip__name

str

 

 

 

stack

str

 

 

 

tracking_number

str

 

 

 

ip4

ip4

ip4(ip)

ip

 

ip6

ip6

ip6(ip)

ip

 

details

str

 

 

 

attributes__pod

str

 

 

 

attributes__org

str

 

 

 

attributes__source_name

str

 

 

 

attributes__info

str

 

 

 

attributes__host_name_ip4

ip4

attributes__host_name

 

attributes__host_name_ip6

ip6

attributes__host_name

 

attributes__cloud_app_name

str

 

 

 

attributes__app_id

str

 

 

 

attributes__errors

str

 

 

 

attributes__account_name

str

 

 

 

attributes__attribute_name

str

 

 

 

attributes__attribute_value

str

 

 

 

objects

str

 

 

 

operation

str

 

 

 

status

str

 

 

 

technical_name

str

 

 

 

synced

timestamp

 

 

 

version

str

 

 

 

message_type

str

 

 

 

at_devo_pulling_id

str

 

 

 

hostchain

str

 

 

✓

tag

str

 

 

✓

rawMessage

str

 

 

✓

iam.sailpoint.identitynow.events

Field

Type

Extra field

Field

Type

Extra field

eventdate

timestamp

 

hostname

str

 

completed

str

 

completion_status

str

 

type

str

 

requester_identity_summary

str

 

target_identity_summary__id

str

 

target_identity_summary__name

str

 

errors

str

 

warnings

str

 

execution_status

str

 

client_metadata

str

 

id

str

 

name

str

 

created

timestamp

 

modified

timestamp

 

items__id

str

 

items__name

str

 

items__requested

timestamp

 

items__approval_status

str

 

items__provisioning_status

str

 

items__requester_comment

str

 

items__reviewer_identity_summary

str

 

items__reviewer_comment

str

 

items__operation

str

 

items__attribute

str

 

items__value

str

 

items__native_identity

str

 

items__source_id

str

 

items__account_request_info

str

 

items__client_metadata

str

 

items__remove_date

str

 

items_found

int4

 

items_id

int4

 

at_devo_pulling_id

str

 

hostchain

str

✓

tag

str

✓

rawMessage

str

✓