Introduction
Tags beginning with auth.ping identify events generated by PingIdentity.
Valid tags and data tables
The full tag must have 4 levels. The first two are fixed as auth.ping. The third level identifies the type of events sent, and the fourth level indicates the event subtype.
Technology | Brand | Type | Subtype |
|---|---|---|---|
auth | ping | id | mfa |
federate | security_audit |
These are the valid tags and corresponding data tables that will receive the parsers' data:
Tag | Data table |
|---|---|
auth.ping.id.mfa | auth.ping.id.mfa |
auth.ping.federate.security_audit | auth.ping.federate.security_audit |
Table structure
auth.ping.id.mfa
Field | Value | Extra field |
eventdate |
| - |
hostname |
| - |
action |
| - |
actors__type_str |
| - |
actors__id_str |
| - |
actors__name_str |
| - |
source |
| - |
id |
| - |
client2 |
| - |
result__status |
| - |
result__message |
| - |
recorded |
| - |
hostchain |
| ✓ |
tag |
| ✓ |
rawMessage |
| ✓ |
auth.ping.federate.security_audit
Field | Value | Extra field |
eventdate |
| - |
hostname |
| - |
transactionTime |
| - |
trackingId |
| - |
event |
| - |
subject |
| - |
ip |
| - |
app |
| - |
connectionId |
| - |
protocol |
| - |
host |
| - |
role |
| - |
status |
| - |
adapterId |
| - |
description |
| - |
responseTime |
| - |
hostchain |
| ✓ |
tag |
| ✓ |
rawMessage |
| ✓ |