SecurityAuditEvent
No description
type SecurityAuditEvent implements Node {
id: ID!
occurredAt: Time!
eventType: String!
orgID: String!
userID: String
resourceType: String
resourceID: String
result: SecurityAuditEventSecurityAuditResult!
ipAddress: String
userAgent: String
correlationID: String
details: Map
}
Fields
SecurityAuditEvent.id ● ID! non-null scalar
SecurityAuditEvent.occurredAt ● Time! non-null scalar
Wall-clock time the event happened. Indexed descending for default audit-log ordering.
SecurityAuditEvent.eventType ● String! non-null scalar
Categorized event identifier (e.g. 'passphrase_set', 'byok_key_imported', 'dek_unwrap_attempt', 'trust_policy_changed'). String-typed for extensibility; new event_types append without schema migrations.
SecurityAuditEvent.orgID ● String! non-null scalar
Keycloak organization UUID this event belongs to. Indexed; the dominant audit-log query is 'all events for my org, newest first'.
SecurityAuditEvent.userID ● String scalar
Subject who initiated the operation. Null for system-initiated events (e.g. background scanner findings).
SecurityAuditEvent.resourceType ● String scalar
Type of the resource the event references, if any (e.g. 'Strategy', 'Bot', 'Exchange'). Null for org-level events.
SecurityAuditEvent.resourceID ● String scalar
Opaque resource identifier paired with resource_type. Null when resource_type is null.
SecurityAuditEvent.result ● SecurityAuditEventSecurityAuditResult! non-null enum
Outcome of the operation: ok, denied, or error. Lets admins filter their audit log to access-denials or outages.
SecurityAuditEvent.ipAddress ● String scalar
Source IP captured at request time. Null for events emitted from background workers.
SecurityAuditEvent.userAgent ● String scalar
HTTP User-Agent at request time. Null for non-HTTP-originated events.
SecurityAuditEvent.correlationID ● String scalar
Distributed-trace correlation identifier so an audit entry can be tied back to application logs.
SecurityAuditEvent.details ● Map scalar
Free-form structured context (e.g. {key_id, key_version, custody_backend, scope_required}). Schema is event_type-specific.
Interfaces
Node interface
An object with an ID. Follows the Relay Global Object Identification Specification
Member Of
SecurityAuditEventEdge object