Skip to main content
Version: 2.9.X

Logged Actions

The following tables identify and describe which user actions performed across various Cogynt applications are logged in the Audit Viewer application. Each audit log creates an entry with an Object and Action captured:

  • Object: The data item that an action was performed against.
  • Action: The action performed upon the object.

User Management

ObjectActionDescription
useruser logged inLogs when a user logs into Cogynt. This may not log if your authentication provider is a customized setup.
useruser logged outLogs when a user logs out of Cogynt.
useruser account createdAccounts are created through users logging in through the authentication provider.
useruser account updatedLogs changes to a user's first name, last name, role, or group(s).
useruser account deletedLogs when a user account is deleted.
groupgroup createdLogs when a group is created.
groupgroup updatedLogs when a group is updated.
groupgroup deletedLogs when a group is deleted.
rolerole createdLogs when a role is created.
rolerole updatedLogs when a role is updated.
rolerole deletedLogs when a role is deleted.

Authoring

ObjectActionDescription
deployment_targetdeployment target createdLogs when a deployment target is created.
deployment_targetdeployment target editedLogs when a deployment target is edited.
deployment_targetdeployment target deletedLogs when a deployment target is deleted.
deployment_targetdeployment target duplicatedLogs when a deployment target is duplicated.
flink_deploymentflink deployment createdLogs when a flink deployment is created.
flink_deploymentflink deployment deletedLogs when a flink deployment is deleted.
flink_deploymentflink deployment editedLogs when a flink deployment is edited.
flink_deploymentflink deployment duplicatedLogs when a flink deployment is duplicated.
flink_deploymentflink deployment startedLogs when a flink deployment is started.
flink_deploymentflink deployment pausedLogs when a flink deployment is paused.
flink_deploymentflink deployment resumedLogs when a flink deployment is resumed.
flink_deploymentflink deployment cancelledLogs when a flink deployment is cancelled/stopped.
projectproject createdLogs when a project is created.
projectproject editedLogs when a project is edited.
projectproject deletedLogs when a project is deleted.
schema_discoveryschema discoveredLogs when a user runs a Schema Discovery.
user_data_schemauser data schema createdLogs when a user data schema is created.
user_data_schemauser data schema editedLogs when a user data schema is edited.
user_data_schemauser data schema deletedLogs when a user data schema is deleted.
user_data_schemauser data schema duplicatedLogs when a user data schema is duplicated.
event_typeevent type createdLogs when an event type is created.
event_typeevent type editedLogs when an event type is edited.
event_typeevent type deletedLogs when an event type is deleted.
event_typeevent type duplicatedLogs when an event type is duplicated.

Data Management

ObjectActionDescription
data_importattempted to import dataLogs when a user attempts to import data.
data_importdata import failedLogs when a data import has failed.
data_importdata importedLogs when a data was successfully imported.
data_importdata import aborted by userLogs when a data import was aborted.
data_importdata manually enteredLogs when a user manual inputs data.
kafka_connectorconnector createdLogs when a connector is created.
kafka_connectorconnector editedLogs when a connector is edited.
kafka_connectorconnector deletedLogs when a connector is deleted.
kafka_connectorconnector launchedLogs when a connector is launched.
kafka_connectorconnector pausedLogs when a connector is paused.
kafka_connectorconnector resumedLogs when a connector is resumed.
kafka_connectorconnector stoppedLogs when a connector is stopped.

Workstation

ObjectActionDescription
collectioncollection createdLogs when a user creates a collection/case file.
collectioncollection updatedUpdates to a collection's tags, priority, name, description, assignee, etc. Adding notes or events are logged as separate actions. Attached events are logged as collection_item. Notes are logged as notes. Custom field value changes are logged as custom_field_value.
collectioncollection deletedLogs when a collection is deleted.
collection_itemcollection item was added to collectionCollection items are events added to a collection.
collection_itemcollection item was deleted from collectionCollection items are events added to a collection.
collection_field_templatecreated a new custom field templateLogs when a custom field template is created.
collection_field_templatedeleted a new custom field templateLogs when a custom field template is deleted.
collection_field_templateupdated a new custom field templateLogs when a custom field template is updated.
collection_field_templateupdated a new custom field templates optionsLogs when options are modified on select and checkbox custom field templates.
custom_field_valueupdated a custom fields valueLogs when a user updated a custom field value on a collection.
ingestionevent definition was updatedLogs when an event_type's ingestion status is toggled between active, suspended, etc.
export_builderexport builder was createdLogs when an export builder template is created.
export_builderexport builder was updatedLogs when an export builder template is updated.
export_builderexport builder was deletedLogs when an export builder template is deleted.
notenote was createdLogs when users creates comments on a collection.
notenote was updatedLogs when users update comments on a collection.
notenote was deletedLogs when users delete comments on a collection.
notificationnotification was dismissedLogs when a user dismisses an event notification.
notificationnotification was updatedLogs when a user updates an event notification. Updates include changing priority, tags, and assignee.
notification_settingnotification setting was createdLogs when a notification setting is created.
notification_settingnotification setting was updatedLogs when a notification setting is updated.
notification_settingnotification setting was deletedLogs when a notification setting is deleted.
system_tagsystem tag was createdLogs when a system tag is created.
system_tagsystem tag was updatedLogs when a system tag is updated.
system_tagsystem tag was deletedLogs when a system tag is deleted.
manual_actionmanual action was created/publishedLogs when a user performs a manual action on an event.
text_searchtext search was initiatedLogs when a user performs a "text" string search in the Events Stream widget of Workstation.
search_facetsearch facet filter modifiedLogs when a user applies filters in Search Facets.
workstation_datadelete all dataLogs when a user performs the "Delete All Data" action in the Admin screen of Workstation. This deletes the majority of data from Workstation. Collections, notes on a collection, and any attachment tags do not get deleted.
workstation_datareset drilldown dataLogs when a user clicks the Reset Drilldown Data button in the Admin screen of Workstation.
workstation_datadelete event definition dataLogs when a user deletes one or multiple selected event_types in the "Event Mode" deletion in the Admin screen of Workstation.
attachmentdownload attachmentLogs when a user downloads an attachment from a note on a collection.
attachmentattachment was createdLogs when a user uploads an attachment to a note.
attachmentattachment was deletedLogs when a user deletes an attachment from a note.
report_builderreport builder was createdLogs when a report builder template is created.
report_builderreport builder was updatedLogs when a report builder template is updated.
report_builderreport builder was deletedLogs when a report builder template is deleted.
event_detail_templateevent_detail_template createdLogs when an event_detail_template is created.
event_detail_templateevent_detail_template updatedLogs when an event_detail_template is updated.
event_detail_templateevent_detail_template deletedLogs when an event_detail_template is deleted.