Activity Log Event SystemPrivilege/ChangeSystemPermission
Event for user permissions change
| Field Type | Type | Value | Availability | Description |
|---|---|---|---|---|
| @id | Â | Â | Â | A unique identifier for the event. Can be used to refer to and re-find specific events. |
| @ingesttimestamp | Â | Â | Â | The timestamp of when the event was ingested. The value is milliseconds-since-epoch. |
| @rawstring | Â | Â | Â | The original text of the event. As it keeps the original data on ingestion, this field allows you to do free-text searching across all logs and to extract virtual fields in queries. |
| @timestamp | Â | Â | Â | Timestamp in milliseconds since the epoch (1st Jan 1970, 00:00) of the ingested event, e.g. 2022-11-22 09:50:20.100 if the event has an identifiable timestamp. |
| @timestamp.nanos | Â | Â | Â | Extended precision of timestamp below millisecond. E.g. 295000 |
| @timezone | Â | Â | Â | The timezone the event originated in, if known. This is often set when the event's timestamp is parsed. |
| category | Â | Â | Â | Category of the event, such as Alert, Request, IngestFeed, Fdr, Query, Action, and ScheduledSearch |
| #category | Â | Â | Â | Category of the event |
| #repo | Â | Â | Â | Name of the repo where the event is stored |
| #severity | Â | Â | Â | Severity of the event from original log source |
| logId | Â | Â | Â | Log ID |
| message | Â | Â | Â | Message of the alert or event |
| orgId | Â | Â | Â | Organization ID |
| severity | Â | Â | Â | Severity of the event |
| subCategory | Â | Â | Â | Subcategory of the event |
| timestamp | Â | Â | Â | Timestamp in milliseconds of the event |
| tokenId | Â | Â | Â | ID of token |
| tokenName | Â | Â | Â | Name of token |
| userId | Â | Â | Â | User ID |
| userName | Â | Â | Â | User name |