Skip to main content

SecurityAuditEvent

No description

type SecurityAuditEvent implements Node {
id: ID!
occurredAt: Time!
eventType: String!
orgID: String!
userID: String
resourceType: String
resourceID: String
result: SecurityAuditEventSecurityAuditResult!
ipAddress: String
userAgent: String
correlationID: String
details: Map
}

Fields

SecurityAuditEvent.id ● ID! non-null scalar

SecurityAuditEvent.occurredAt ● Time! non-null scalar

Wall-clock time the event happened. Indexed descending for default audit-log ordering.

SecurityAuditEvent.eventType ● String! non-null scalar

Categorized event identifier (e.g. 'passphrase_set', 'byok_key_imported', 'dek_unwrap_attempt', 'trust_policy_changed'). String-typed for extensibility; new event_types append without schema migrations.

SecurityAuditEvent.orgID ● String! non-null scalar

Keycloak organization UUID this event belongs to. Indexed; the dominant audit-log query is 'all events for my org, newest first'.

SecurityAuditEvent.userID ● String scalar

Subject who initiated the operation. Null for system-initiated events (e.g. background scanner findings).

SecurityAuditEvent.resourceType ● String scalar

Type of the resource the event references, if any (e.g. 'Strategy', 'Bot', 'Exchange'). Null for org-level events.

SecurityAuditEvent.resourceID ● String scalar

Opaque resource identifier paired with resource_type. Null when resource_type is null.

SecurityAuditEvent.result ● SecurityAuditEventSecurityAuditResult! non-null enum

Outcome of the operation: ok, denied, or error. Lets admins filter their audit log to access-denials or outages.

SecurityAuditEvent.ipAddress ● String scalar

Source IP captured at request time. Null for events emitted from background workers.

SecurityAuditEvent.userAgent ● String scalar

HTTP User-Agent at request time. Null for non-HTTP-originated events.

SecurityAuditEvent.correlationID ● String scalar

Distributed-trace correlation identifier so an audit entry can be tied back to application logs.

SecurityAuditEvent.details ● Map scalar

Free-form structured context (e.g. {key_id, key_version, custody_backend, scope_required}). Schema is event_type-specific.

Interfaces

Node interface

An object with an ID. Follows the Relay Global Object Identification Specification

Member Of

SecurityAuditEventEdge object