oci.DataSafe.getAuditEvents
Explore with Pulumi AI
This data source provides the list of Audit Events in Oracle Cloud Infrastructure Data Safe service.
The ListAuditEvents operation returns specified compartmentId
audit Events only.
The list does not include any audit Events associated with the subcompartments
of the specified compartmentId
.
The parameter accessLevel
specifies whether to return only those compartments for which the
requestor has INSPECT permissions on at least one resource directly
or indirectly (ACCESSIBLE) (the resource can be in a subcompartment) or to return Not Authorized if
Principal doesn’t have access to even one of the child compartments. This is valid only when
compartmentIdInSubtree
is set to true
.
The parameter compartmentIdInSubtree
applies when you perform ListAuditEvents on the
compartmentId
passed and when it is set to true, the entire hierarchy of compartments can be returned.
To get a full list of all compartments and subcompartments in the tenancy (root compartment),
set the parameter compartmentIdInSubtree
to true and accessLevel
to ACCESSIBLE.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as oci from "@pulumi/oci";
const testAuditEvents = oci.DataSafe.getAuditEvents({
compartmentId: compartmentId,
accessLevel: auditEventAccessLevel,
compartmentIdInSubtree: auditEventCompartmentIdInSubtree,
scimQuery: auditEventScimQuery,
});
import pulumi
import pulumi_oci as oci
test_audit_events = oci.DataSafe.get_audit_events(compartment_id=compartment_id,
access_level=audit_event_access_level,
compartment_id_in_subtree=audit_event_compartment_id_in_subtree,
scim_query=audit_event_scim_query)
package main
import (
"github.com/pulumi/pulumi-oci/sdk/v2/go/oci/datasafe"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := datasafe.GetAuditEvents(ctx, &datasafe.GetAuditEventsArgs{
CompartmentId: compartmentId,
AccessLevel: pulumi.StringRef(auditEventAccessLevel),
CompartmentIdInSubtree: pulumi.BoolRef(auditEventCompartmentIdInSubtree),
ScimQuery: pulumi.StringRef(auditEventScimQuery),
}, nil)
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Oci = Pulumi.Oci;
return await Deployment.RunAsync(() =>
{
var testAuditEvents = Oci.DataSafe.GetAuditEvents.Invoke(new()
{
CompartmentId = compartmentId,
AccessLevel = auditEventAccessLevel,
CompartmentIdInSubtree = auditEventCompartmentIdInSubtree,
ScimQuery = auditEventScimQuery,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.oci.DataSafe.DataSafeFunctions;
import com.pulumi.oci.DataSafe.inputs.GetAuditEventsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var testAuditEvents = DataSafeFunctions.getAuditEvents(GetAuditEventsArgs.builder()
.compartmentId(compartmentId)
.accessLevel(auditEventAccessLevel)
.compartmentIdInSubtree(auditEventCompartmentIdInSubtree)
.scimQuery(auditEventScimQuery)
.build());
}
}
variables:
testAuditEvents:
fn::invoke:
function: oci:DataSafe:getAuditEvents
arguments:
compartmentId: ${compartmentId}
accessLevel: ${auditEventAccessLevel}
compartmentIdInSubtree: ${auditEventCompartmentIdInSubtree}
scimQuery: ${auditEventScimQuery}
Using getAuditEvents
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getAuditEvents(args: GetAuditEventsArgs, opts?: InvokeOptions): Promise<GetAuditEventsResult>
function getAuditEventsOutput(args: GetAuditEventsOutputArgs, opts?: InvokeOptions): Output<GetAuditEventsResult>
def get_audit_events(access_level: Optional[str] = None,
compartment_id: Optional[str] = None,
compartment_id_in_subtree: Optional[bool] = None,
filters: Optional[Sequence[_datasafe.GetAuditEventsFilter]] = None,
scim_query: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetAuditEventsResult
def get_audit_events_output(access_level: Optional[pulumi.Input[str]] = None,
compartment_id: Optional[pulumi.Input[str]] = None,
compartment_id_in_subtree: Optional[pulumi.Input[bool]] = None,
filters: Optional[pulumi.Input[Sequence[pulumi.Input[_datasafe.GetAuditEventsFilterArgs]]]] = None,
scim_query: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetAuditEventsResult]
func GetAuditEvents(ctx *Context, args *GetAuditEventsArgs, opts ...InvokeOption) (*GetAuditEventsResult, error)
func GetAuditEventsOutput(ctx *Context, args *GetAuditEventsOutputArgs, opts ...InvokeOption) GetAuditEventsResultOutput
> Note: This function is named GetAuditEvents
in the Go SDK.
public static class GetAuditEvents
{
public static Task<GetAuditEventsResult> InvokeAsync(GetAuditEventsArgs args, InvokeOptions? opts = null)
public static Output<GetAuditEventsResult> Invoke(GetAuditEventsInvokeArgs args, InvokeOptions? opts = null)
}
public static CompletableFuture<GetAuditEventsResult> getAuditEvents(GetAuditEventsArgs args, InvokeOptions options)
public static Output<GetAuditEventsResult> getAuditEvents(GetAuditEventsArgs args, InvokeOptions options)
fn::invoke:
function: oci:DataSafe/getAuditEvents:getAuditEvents
arguments:
# arguments dictionary
The following arguments are supported:
- Compartment
Id This property is required. string - A filter to return only resources that match the specified compartment OCID.
- Access
Level string - Valid values are RESTRICTED and ACCESSIBLE. Default is RESTRICTED. Setting this to ACCESSIBLE returns only those compartments for which the user has INSPECT permissions directly or indirectly (permissions can be on a resource in a subcompartment). When set to RESTRICTED permissions are checked and no partial results are displayed.
- Compartment
Id boolIn Subtree - Default is false. When set to true, the hierarchy of compartments is traversed and all compartments and subcompartments in the tenancy are returned. Depends on the 'accessLevel' setting.
- Filters
Changes to this property will trigger replacement.
Audit Events Filter> - Scim
Query string The scimQuery query parameter accepts filter expressions that use the syntax described in Section 3.2.2.2 of the System for Cross-Domain Identity Management (SCIM) specification, which is available at RFC3339. In SCIM filtering expressions, text, date, and time values must be enclosed in quotation marks, with date and time values using ISO-8601 format. (Numeric and boolean values should not be quoted.)
Example: (operationTime ge "2021-06-04T01-00-26") and (eventName eq "LOGON") The attrExp or the field (for example, operationTime and eventName in above example) which is used to filter can be any of the fields returned by AuditEventSummary. adminUser, commonUser, sensitiveActivity, dsActivity can only have eq operation and value 1. These define admin user activity, common user activity, sensitive data activity and data safe activity Example: (adminUser eq 1)
- Compartment
Id This property is required. string - A filter to return only resources that match the specified compartment OCID.
- Access
Level string - Valid values are RESTRICTED and ACCESSIBLE. Default is RESTRICTED. Setting this to ACCESSIBLE returns only those compartments for which the user has INSPECT permissions directly or indirectly (permissions can be on a resource in a subcompartment). When set to RESTRICTED permissions are checked and no partial results are displayed.
- Compartment
Id boolIn Subtree - Default is false. When set to true, the hierarchy of compartments is traversed and all compartments and subcompartments in the tenancy are returned. Depends on the 'accessLevel' setting.
- Filters
Changes to this property will trigger replacement.
Audit Events Filter - Scim
Query string The scimQuery query parameter accepts filter expressions that use the syntax described in Section 3.2.2.2 of the System for Cross-Domain Identity Management (SCIM) specification, which is available at RFC3339. In SCIM filtering expressions, text, date, and time values must be enclosed in quotation marks, with date and time values using ISO-8601 format. (Numeric and boolean values should not be quoted.)
Example: (operationTime ge "2021-06-04T01-00-26") and (eventName eq "LOGON") The attrExp or the field (for example, operationTime and eventName in above example) which is used to filter can be any of the fields returned by AuditEventSummary. adminUser, commonUser, sensitiveActivity, dsActivity can only have eq operation and value 1. These define admin user activity, common user activity, sensitive data activity and data safe activity Example: (adminUser eq 1)
- compartment
Id This property is required. String - A filter to return only resources that match the specified compartment OCID.
- access
Level String - Valid values are RESTRICTED and ACCESSIBLE. Default is RESTRICTED. Setting this to ACCESSIBLE returns only those compartments for which the user has INSPECT permissions directly or indirectly (permissions can be on a resource in a subcompartment). When set to RESTRICTED permissions are checked and no partial results are displayed.
- compartment
Id BooleanIn Subtree - Default is false. When set to true, the hierarchy of compartments is traversed and all compartments and subcompartments in the tenancy are returned. Depends on the 'accessLevel' setting.
- filters
Changes to this property will trigger replacement.
Audit Events Filter> - scim
Query String The scimQuery query parameter accepts filter expressions that use the syntax described in Section 3.2.2.2 of the System for Cross-Domain Identity Management (SCIM) specification, which is available at RFC3339. In SCIM filtering expressions, text, date, and time values must be enclosed in quotation marks, with date and time values using ISO-8601 format. (Numeric and boolean values should not be quoted.)
Example: (operationTime ge "2021-06-04T01-00-26") and (eventName eq "LOGON") The attrExp or the field (for example, operationTime and eventName in above example) which is used to filter can be any of the fields returned by AuditEventSummary. adminUser, commonUser, sensitiveActivity, dsActivity can only have eq operation and value 1. These define admin user activity, common user activity, sensitive data activity and data safe activity Example: (adminUser eq 1)
- compartment
Id This property is required. string - A filter to return only resources that match the specified compartment OCID.
- access
Level string - Valid values are RESTRICTED and ACCESSIBLE. Default is RESTRICTED. Setting this to ACCESSIBLE returns only those compartments for which the user has INSPECT permissions directly or indirectly (permissions can be on a resource in a subcompartment). When set to RESTRICTED permissions are checked and no partial results are displayed.
- compartment
Id booleanIn Subtree - Default is false. When set to true, the hierarchy of compartments is traversed and all compartments and subcompartments in the tenancy are returned. Depends on the 'accessLevel' setting.
- filters
Changes to this property will trigger replacement.
Audit Events Filter[] - scim
Query string The scimQuery query parameter accepts filter expressions that use the syntax described in Section 3.2.2.2 of the System for Cross-Domain Identity Management (SCIM) specification, which is available at RFC3339. In SCIM filtering expressions, text, date, and time values must be enclosed in quotation marks, with date and time values using ISO-8601 format. (Numeric and boolean values should not be quoted.)
Example: (operationTime ge "2021-06-04T01-00-26") and (eventName eq "LOGON") The attrExp or the field (for example, operationTime and eventName in above example) which is used to filter can be any of the fields returned by AuditEventSummary. adminUser, commonUser, sensitiveActivity, dsActivity can only have eq operation and value 1. These define admin user activity, common user activity, sensitive data activity and data safe activity Example: (adminUser eq 1)
- compartment_
id This property is required. str - A filter to return only resources that match the specified compartment OCID.
- access_
level str - Valid values are RESTRICTED and ACCESSIBLE. Default is RESTRICTED. Setting this to ACCESSIBLE returns only those compartments for which the user has INSPECT permissions directly or indirectly (permissions can be on a resource in a subcompartment). When set to RESTRICTED permissions are checked and no partial results are displayed.
- compartment_
id_ boolin_ subtree - Default is false. When set to true, the hierarchy of compartments is traversed and all compartments and subcompartments in the tenancy are returned. Depends on the 'accessLevel' setting.
- filters
Changes to this property will trigger replacement.
Get Audit Events Filter] - scim_
query str The scimQuery query parameter accepts filter expressions that use the syntax described in Section 3.2.2.2 of the System for Cross-Domain Identity Management (SCIM) specification, which is available at RFC3339. In SCIM filtering expressions, text, date, and time values must be enclosed in quotation marks, with date and time values using ISO-8601 format. (Numeric and boolean values should not be quoted.)
Example: (operationTime ge "2021-06-04T01-00-26") and (eventName eq "LOGON") The attrExp or the field (for example, operationTime and eventName in above example) which is used to filter can be any of the fields returned by AuditEventSummary. adminUser, commonUser, sensitiveActivity, dsActivity can only have eq operation and value 1. These define admin user activity, common user activity, sensitive data activity and data safe activity Example: (adminUser eq 1)
- compartment
Id This property is required. String - A filter to return only resources that match the specified compartment OCID.
- access
Level String - Valid values are RESTRICTED and ACCESSIBLE. Default is RESTRICTED. Setting this to ACCESSIBLE returns only those compartments for which the user has INSPECT permissions directly or indirectly (permissions can be on a resource in a subcompartment). When set to RESTRICTED permissions are checked and no partial results are displayed.
- compartment
Id BooleanIn Subtree - Default is false. When set to true, the hierarchy of compartments is traversed and all compartments and subcompartments in the tenancy are returned. Depends on the 'accessLevel' setting.
- filters
Changes to this property will trigger replacement.
- scim
Query String The scimQuery query parameter accepts filter expressions that use the syntax described in Section 3.2.2.2 of the System for Cross-Domain Identity Management (SCIM) specification, which is available at RFC3339. In SCIM filtering expressions, text, date, and time values must be enclosed in quotation marks, with date and time values using ISO-8601 format. (Numeric and boolean values should not be quoted.)
Example: (operationTime ge "2021-06-04T01-00-26") and (eventName eq "LOGON") The attrExp or the field (for example, operationTime and eventName in above example) which is used to filter can be any of the fields returned by AuditEventSummary. adminUser, commonUser, sensitiveActivity, dsActivity can only have eq operation and value 1. These define admin user activity, common user activity, sensitive data activity and data safe activity Example: (adminUser eq 1)
getAuditEvents Result
The following output properties are available:
- Audit
Event List<GetCollections Audit Events Audit Event Collection> - The list of audit_event_collection.
- Compartment
Id string - The OCID of the compartment containing the audit event. The compartment is the same as that of audit profile of the target database resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- Access
Level string - Compartment
Id boolIn Subtree - Filters
List<Get
Audit Events Filter> - Scim
Query string
- Audit
Event []GetCollections Audit Events Audit Event Collection - The list of audit_event_collection.
- Compartment
Id string - The OCID of the compartment containing the audit event. The compartment is the same as that of audit profile of the target database resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- Access
Level string - Compartment
Id boolIn Subtree - Filters
[]Get
Audit Events Filter - Scim
Query string
- audit
Event List<GetCollections Audit Events Audit Event Collection> - The list of audit_event_collection.
- compartment
Id String - The OCID of the compartment containing the audit event. The compartment is the same as that of audit profile of the target database resource.
- id String
- The provider-assigned unique ID for this managed resource.
- access
Level String - compartment
Id BooleanIn Subtree - filters
List<Get
Audit Events Filter> - scim
Query String
- audit
Event GetCollections Audit Events Audit Event Collection[] - The list of audit_event_collection.
- compartment
Id string - The OCID of the compartment containing the audit event. The compartment is the same as that of audit profile of the target database resource.
- id string
- The provider-assigned unique ID for this managed resource.
- access
Level string - compartment
Id booleanIn Subtree - filters
Get
Audit Events Filter[] - scim
Query string
- audit_
event_ Sequence[datasafe.collections Get Audit Events Audit Event Collection] - The list of audit_event_collection.
- compartment_
id str - The OCID of the compartment containing the audit event. The compartment is the same as that of audit profile of the target database resource.
- id str
- The provider-assigned unique ID for this managed resource.
- access_
level str - compartment_
id_ boolin_ subtree - filters
Sequence[datasafe.
Get Audit Events Filter] - scim_
query str
- audit
Event List<Property Map>Collections - The list of audit_event_collection.
- compartment
Id String - The OCID of the compartment containing the audit event. The compartment is the same as that of audit profile of the target database resource.
- id String
- The provider-assigned unique ID for this managed resource.
- access
Level String - compartment
Id BooleanIn Subtree - filters List<Property Map>
- scim
Query String
Supporting Types
GetAuditEventsAuditEventCollection
- Items
This property is required. List<GetAudit Events Audit Event Collection Item> - Array of audit event summary.
- Items
This property is required. []GetAudit Events Audit Event Collection Item - Array of audit event summary.
- items
This property is required. List<GetAudit Events Audit Event Collection Item> - Array of audit event summary.
- items
This property is required. GetAudit Events Audit Event Collection Item[] - Array of audit event summary.
- items
This property is required. Sequence[datasafe.Get Audit Events Audit Event Collection Item] - Array of audit event summary.
- items
This property is required. List<Property Map> - Array of audit event summary.
GetAuditEventsAuditEventCollectionItem
- Action
Taken This property is required. string - The action taken for this audit event.
- Application
Contexts This property is required. string - Semicolon-seperated list of application context namespace, attribute, value information in (APPCTX_NSPACE,APPCTX_ATTRIBUTE=) format.
- Audit
Event Time This property is required. string - The time that the audit event occurs in the target database.
- Audit
Location This property is required. string - The location of the audit. Currently the value is audit table.
- Audit
Policies This property is required. string - Comma-seperated list of audit policies that caused the current audit event.
- Audit
Trail Id This property is required. string - The OCID of the audit trail that generated this audit event. To be noted, this field has been deprecated.
- Audit
Type This property is required. string - The type of the auditing.
- Client
Hostname This property is required. string - The name of the host machine from which the session was spawned.
- Client
Id This property is required. string - The client identifier in each Oracle session.
- Client
Ip This property is required. string - The IP address of the host machine from which the session was spawned.
- Client
Program This property is required. string - The application from which the audit event was generated. For example SQL Plus or SQL Developer.
- Command
Param This property is required. string - List of bind variables associated with the command text.
- Command
Text This property is required. string - The SQL associated with the audit event.
- Compartment
Id This property is required. string - A filter to return only resources that match the specified compartment OCID.
- Database
Type This property is required. string - The type of the target database that was audited. Allowed values are
- DATABASE_CLOUD_SERVICE - Represents Oracle Database Cloud Services.
- AUTONOMOUS_DATABASE - Represents Oracle Autonomous Databases.
- INSTALLED_DATABASE - Represents databases running on-premises or on compute instances.
- Database
Unique Name This property is required. string - Unique name of the database associated to the peer target database.
- Db
User Name This property is required. string - The name of the database user whose actions were audited.
This property is required. Dictionary<string, string>- Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags Example:
{"Operations.CostCenter": "42"}
- Error
Code This property is required. string - Oracle Error code generated by the action. Zero indicates the action was successful.
- Error
Message This property is required. string - The detailed message on why the error occurred.
- Event
Name This property is required. string - The name of the detail action executed by the user on the target database. For example ALTER SEQUENCE, CREATE TRIGGER or CREATE INDEX.
- Extended
Event Attributes This property is required. string - List of all other attributes of the audit event seperated by a colon other than the one returned in audit record.
- Fga
Policy Name This property is required. string - Fine-grained auditing (FGA) policy name that generated this audit record.
This property is required. Dictionary<string, string>- Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags Example:
{"Department": "Finance"}
- Id
This property is required. string - The OCID of the audit event.
- Is
Alerted This property is required. bool - Indicates whether an alert was raised for this audit event.
- Object
This property is required. string - The name of the object affected by the action.
- Object
Owner This property is required. string - The schema name of the object affected by the action.
- Object
Type This property is required. string - The type of the object in the source database affected by the action. For example PL/SQL, SYNONYM or PACKAGE BODY.
- Operation
This property is required. string - The name of the action executed by the user on the target database. For example ALTER, CREATE or DROP.
- Operation
Status This property is required. string - Indicates whether the operation was a success or a failure.
- Os
Terminal This property is required. string - The operating system terminal of the user session.
- Os
User Name This property is required. string - The name of the operating system user for the database session.
- Peer
Target Database Key This property is required. int - The secondary id assigned for the peer database registered with Data Safe.
- Target
Class This property is required. string - The class of the target that was audited.
- Target
Id This property is required. string - The OCID of the target database that was audited.
- Target
Name This property is required. string - The name of the target database that was audited.
- Time
Collected This property is required. string - The timestamp when this audit event was collected from the target database by Data Safe.
- Trail
Source This property is required. string - The underlying source of unified audit trail.
- Action
Taken This property is required. string - The action taken for this audit event.
- Application
Contexts This property is required. string - Semicolon-seperated list of application context namespace, attribute, value information in (APPCTX_NSPACE,APPCTX_ATTRIBUTE=) format.
- Audit
Event Time This property is required. string - The time that the audit event occurs in the target database.
- Audit
Location This property is required. string - The location of the audit. Currently the value is audit table.
- Audit
Policies This property is required. string - Comma-seperated list of audit policies that caused the current audit event.
- Audit
Trail Id This property is required. string - The OCID of the audit trail that generated this audit event. To be noted, this field has been deprecated.
- Audit
Type This property is required. string - The type of the auditing.
- Client
Hostname This property is required. string - The name of the host machine from which the session was spawned.
- Client
Id This property is required. string - The client identifier in each Oracle session.
- Client
Ip This property is required. string - The IP address of the host machine from which the session was spawned.
- Client
Program This property is required. string - The application from which the audit event was generated. For example SQL Plus or SQL Developer.
- Command
Param This property is required. string - List of bind variables associated with the command text.
- Command
Text This property is required. string - The SQL associated with the audit event.
- Compartment
Id This property is required. string - A filter to return only resources that match the specified compartment OCID.
- Database
Type This property is required. string - The type of the target database that was audited. Allowed values are
- DATABASE_CLOUD_SERVICE - Represents Oracle Database Cloud Services.
- AUTONOMOUS_DATABASE - Represents Oracle Autonomous Databases.
- INSTALLED_DATABASE - Represents databases running on-premises or on compute instances.
- Database
Unique Name This property is required. string - Unique name of the database associated to the peer target database.
- Db
User Name This property is required. string - The name of the database user whose actions were audited.
This property is required. map[string]string- Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags Example:
{"Operations.CostCenter": "42"}
- Error
Code This property is required. string - Oracle Error code generated by the action. Zero indicates the action was successful.
- Error
Message This property is required. string - The detailed message on why the error occurred.
- Event
Name This property is required. string - The name of the detail action executed by the user on the target database. For example ALTER SEQUENCE, CREATE TRIGGER or CREATE INDEX.
- Extended
Event Attributes This property is required. string - List of all other attributes of the audit event seperated by a colon other than the one returned in audit record.
- Fga
Policy Name This property is required. string - Fine-grained auditing (FGA) policy name that generated this audit record.
This property is required. map[string]string- Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags Example:
{"Department": "Finance"}
- Id
This property is required. string - The OCID of the audit event.
- Is
Alerted This property is required. bool - Indicates whether an alert was raised for this audit event.
- Object
This property is required. string - The name of the object affected by the action.
- Object
Owner This property is required. string - The schema name of the object affected by the action.
- Object
Type This property is required. string - The type of the object in the source database affected by the action. For example PL/SQL, SYNONYM or PACKAGE BODY.
- Operation
This property is required. string - The name of the action executed by the user on the target database. For example ALTER, CREATE or DROP.
- Operation
Status This property is required. string - Indicates whether the operation was a success or a failure.
- Os
Terminal This property is required. string - The operating system terminal of the user session.
- Os
User Name This property is required. string - The name of the operating system user for the database session.
- Peer
Target Database Key This property is required. int - The secondary id assigned for the peer database registered with Data Safe.
- Target
Class This property is required. string - The class of the target that was audited.
- Target
Id This property is required. string - The OCID of the target database that was audited.
- Target
Name This property is required. string - The name of the target database that was audited.
- Time
Collected This property is required. string - The timestamp when this audit event was collected from the target database by Data Safe.
- Trail
Source This property is required. string - The underlying source of unified audit trail.
- action
Taken This property is required. String - The action taken for this audit event.
- application
Contexts This property is required. String - Semicolon-seperated list of application context namespace, attribute, value information in (APPCTX_NSPACE,APPCTX_ATTRIBUTE=) format.
- audit
Event Time This property is required. String - The time that the audit event occurs in the target database.
- audit
Location This property is required. String - The location of the audit. Currently the value is audit table.
- audit
Policies This property is required. String - Comma-seperated list of audit policies that caused the current audit event.
- audit
Trail Id This property is required. String - The OCID of the audit trail that generated this audit event. To be noted, this field has been deprecated.
- audit
Type This property is required. String - The type of the auditing.
- client
Hostname This property is required. String - The name of the host machine from which the session was spawned.
- client
Id This property is required. String - The client identifier in each Oracle session.
- client
Ip This property is required. String - The IP address of the host machine from which the session was spawned.
- client
Program This property is required. String - The application from which the audit event was generated. For example SQL Plus or SQL Developer.
- command
Param This property is required. String - List of bind variables associated with the command text.
- command
Text This property is required. String - The SQL associated with the audit event.
- compartment
Id This property is required. String - A filter to return only resources that match the specified compartment OCID.
- database
Type This property is required. String - The type of the target database that was audited. Allowed values are
- DATABASE_CLOUD_SERVICE - Represents Oracle Database Cloud Services.
- AUTONOMOUS_DATABASE - Represents Oracle Autonomous Databases.
- INSTALLED_DATABASE - Represents databases running on-premises or on compute instances.
- database
Unique Name This property is required. String - Unique name of the database associated to the peer target database.
- db
User Name This property is required. String - The name of the database user whose actions were audited.
This property is required. Map<String,String>- Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags Example:
{"Operations.CostCenter": "42"}
- error
Code This property is required. String - Oracle Error code generated by the action. Zero indicates the action was successful.
- error
Message This property is required. String - The detailed message on why the error occurred.
- event
Name This property is required. String - The name of the detail action executed by the user on the target database. For example ALTER SEQUENCE, CREATE TRIGGER or CREATE INDEX.
- extended
Event Attributes This property is required. String - List of all other attributes of the audit event seperated by a colon other than the one returned in audit record.
- fga
Policy Name This property is required. String - Fine-grained auditing (FGA) policy name that generated this audit record.
This property is required. Map<String,String>- Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags Example:
{"Department": "Finance"}
- id
This property is required. String - The OCID of the audit event.
- is
Alerted This property is required. Boolean - Indicates whether an alert was raised for this audit event.
- object
This property is required. String - The name of the object affected by the action.
- object
Owner This property is required. String - The schema name of the object affected by the action.
- object
Type This property is required. String - The type of the object in the source database affected by the action. For example PL/SQL, SYNONYM or PACKAGE BODY.
- operation
This property is required. String - The name of the action executed by the user on the target database. For example ALTER, CREATE or DROP.
- operation
Status This property is required. String - Indicates whether the operation was a success or a failure.
- os
Terminal This property is required. String - The operating system terminal of the user session.
- os
User Name This property is required. String - The name of the operating system user for the database session.
- peer
Target Database Key This property is required. Integer - The secondary id assigned for the peer database registered with Data Safe.
- target
Class This property is required. String - The class of the target that was audited.
- target
Id This property is required. String - The OCID of the target database that was audited.
- target
Name This property is required. String - The name of the target database that was audited.
- time
Collected This property is required. String - The timestamp when this audit event was collected from the target database by Data Safe.
- trail
Source This property is required. String - The underlying source of unified audit trail.
- action
Taken This property is required. string - The action taken for this audit event.
- application
Contexts This property is required. string - Semicolon-seperated list of application context namespace, attribute, value information in (APPCTX_NSPACE,APPCTX_ATTRIBUTE=) format.
- audit
Event Time This property is required. string - The time that the audit event occurs in the target database.
- audit
Location This property is required. string - The location of the audit. Currently the value is audit table.
- audit
Policies This property is required. string - Comma-seperated list of audit policies that caused the current audit event.
- audit
Trail Id This property is required. string - The OCID of the audit trail that generated this audit event. To be noted, this field has been deprecated.
- audit
Type This property is required. string - The type of the auditing.
- client
Hostname This property is required. string - The name of the host machine from which the session was spawned.
- client
Id This property is required. string - The client identifier in each Oracle session.
- client
Ip This property is required. string - The IP address of the host machine from which the session was spawned.
- client
Program This property is required. string - The application from which the audit event was generated. For example SQL Plus or SQL Developer.
- command
Param This property is required. string - List of bind variables associated with the command text.
- command
Text This property is required. string - The SQL associated with the audit event.
- compartment
Id This property is required. string - A filter to return only resources that match the specified compartment OCID.
- database
Type This property is required. string - The type of the target database that was audited. Allowed values are
- DATABASE_CLOUD_SERVICE - Represents Oracle Database Cloud Services.
- AUTONOMOUS_DATABASE - Represents Oracle Autonomous Databases.
- INSTALLED_DATABASE - Represents databases running on-premises or on compute instances.
- database
Unique Name This property is required. string - Unique name of the database associated to the peer target database.
- db
User Name This property is required. string - The name of the database user whose actions were audited.
This property is required. {[key: string]: string}- Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags Example:
{"Operations.CostCenter": "42"}
- error
Code This property is required. string - Oracle Error code generated by the action. Zero indicates the action was successful.
- error
Message This property is required. string - The detailed message on why the error occurred.
- event
Name This property is required. string - The name of the detail action executed by the user on the target database. For example ALTER SEQUENCE, CREATE TRIGGER or CREATE INDEX.
- extended
Event Attributes This property is required. string - List of all other attributes of the audit event seperated by a colon other than the one returned in audit record.
- fga
Policy Name This property is required. string - Fine-grained auditing (FGA) policy name that generated this audit record.
This property is required. {[key: string]: string}- Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags Example:
{"Department": "Finance"}
- id
This property is required. string - The OCID of the audit event.
- is
Alerted This property is required. boolean - Indicates whether an alert was raised for this audit event.
- object
This property is required. string - The name of the object affected by the action.
- object
Owner This property is required. string - The schema name of the object affected by the action.
- object
Type This property is required. string - The type of the object in the source database affected by the action. For example PL/SQL, SYNONYM or PACKAGE BODY.
- operation
This property is required. string - The name of the action executed by the user on the target database. For example ALTER, CREATE or DROP.
- operation
Status This property is required. string - Indicates whether the operation was a success or a failure.
- os
Terminal This property is required. string - The operating system terminal of the user session.
- os
User Name This property is required. string - The name of the operating system user for the database session.
- peer
Target Database Key This property is required. number - The secondary id assigned for the peer database registered with Data Safe.
- target
Class This property is required. string - The class of the target that was audited.
- target
Id This property is required. string - The OCID of the target database that was audited.
- target
Name This property is required. string - The name of the target database that was audited.
- time
Collected This property is required. string - The timestamp when this audit event was collected from the target database by Data Safe.
- trail
Source This property is required. string - The underlying source of unified audit trail.
- action_
taken This property is required. str - The action taken for this audit event.
- application_
contexts This property is required. str - Semicolon-seperated list of application context namespace, attribute, value information in (APPCTX_NSPACE,APPCTX_ATTRIBUTE=) format.
- audit_
event_ time This property is required. str - The time that the audit event occurs in the target database.
- audit_
location This property is required. str - The location of the audit. Currently the value is audit table.
- audit_
policies This property is required. str - Comma-seperated list of audit policies that caused the current audit event.
- audit_
trail_ id This property is required. str - The OCID of the audit trail that generated this audit event. To be noted, this field has been deprecated.
- audit_
type This property is required. str - The type of the auditing.
- client_
hostname This property is required. str - The name of the host machine from which the session was spawned.
- client_
id This property is required. str - The client identifier in each Oracle session.
- client_
ip This property is required. str - The IP address of the host machine from which the session was spawned.
- client_
program This property is required. str - The application from which the audit event was generated. For example SQL Plus or SQL Developer.
- command_
param This property is required. str - List of bind variables associated with the command text.
- command_
text This property is required. str - The SQL associated with the audit event.
- compartment_
id This property is required. str - A filter to return only resources that match the specified compartment OCID.
- database_
type This property is required. str - The type of the target database that was audited. Allowed values are
- DATABASE_CLOUD_SERVICE - Represents Oracle Database Cloud Services.
- AUTONOMOUS_DATABASE - Represents Oracle Autonomous Databases.
- INSTALLED_DATABASE - Represents databases running on-premises or on compute instances.
- database_
unique_ name This property is required. str - Unique name of the database associated to the peer target database.
- db_
user_ name This property is required. str - The name of the database user whose actions were audited.
This property is required. Mapping[str, str]- Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags Example:
{"Operations.CostCenter": "42"}
- error_
code This property is required. str - Oracle Error code generated by the action. Zero indicates the action was successful.
- error_
message This property is required. str - The detailed message on why the error occurred.
- event_
name This property is required. str - The name of the detail action executed by the user on the target database. For example ALTER SEQUENCE, CREATE TRIGGER or CREATE INDEX.
- extended_
event_ attributes This property is required. str - List of all other attributes of the audit event seperated by a colon other than the one returned in audit record.
- fga_
policy_ name This property is required. str - Fine-grained auditing (FGA) policy name that generated this audit record.
This property is required. Mapping[str, str]- Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags Example:
{"Department": "Finance"}
- id
This property is required. str - The OCID of the audit event.
- is_
alerted This property is required. bool - Indicates whether an alert was raised for this audit event.
- object
This property is required. str - The name of the object affected by the action.
- object_
owner This property is required. str - The schema name of the object affected by the action.
- object_
type This property is required. str - The type of the object in the source database affected by the action. For example PL/SQL, SYNONYM or PACKAGE BODY.
- operation
This property is required. str - The name of the action executed by the user on the target database. For example ALTER, CREATE or DROP.
- operation_
status This property is required. str - Indicates whether the operation was a success or a failure.
- os_
terminal This property is required. str - The operating system terminal of the user session.
- os_
user_ name This property is required. str - The name of the operating system user for the database session.
- peer_
target_ database_ key This property is required. int - The secondary id assigned for the peer database registered with Data Safe.
- target_
class This property is required. str - The class of the target that was audited.
- target_
id This property is required. str - The OCID of the target database that was audited.
- target_
name This property is required. str - The name of the target database that was audited.
- time_
collected This property is required. str - The timestamp when this audit event was collected from the target database by Data Safe.
- trail_
source This property is required. str - The underlying source of unified audit trail.
- action
Taken This property is required. String - The action taken for this audit event.
- application
Contexts This property is required. String - Semicolon-seperated list of application context namespace, attribute, value information in (APPCTX_NSPACE,APPCTX_ATTRIBUTE=) format.
- audit
Event Time This property is required. String - The time that the audit event occurs in the target database.
- audit
Location This property is required. String - The location of the audit. Currently the value is audit table.
- audit
Policies This property is required. String - Comma-seperated list of audit policies that caused the current audit event.
- audit
Trail Id This property is required. String - The OCID of the audit trail that generated this audit event. To be noted, this field has been deprecated.
- audit
Type This property is required. String - The type of the auditing.
- client
Hostname This property is required. String - The name of the host machine from which the session was spawned.
- client
Id This property is required. String - The client identifier in each Oracle session.
- client
Ip This property is required. String - The IP address of the host machine from which the session was spawned.
- client
Program This property is required. String - The application from which the audit event was generated. For example SQL Plus or SQL Developer.
- command
Param This property is required. String - List of bind variables associated with the command text.
- command
Text This property is required. String - The SQL associated with the audit event.
- compartment
Id This property is required. String - A filter to return only resources that match the specified compartment OCID.
- database
Type This property is required. String - The type of the target database that was audited. Allowed values are
- DATABASE_CLOUD_SERVICE - Represents Oracle Database Cloud Services.
- AUTONOMOUS_DATABASE - Represents Oracle Autonomous Databases.
- INSTALLED_DATABASE - Represents databases running on-premises or on compute instances.
- database
Unique Name This property is required. String - Unique name of the database associated to the peer target database.
- db
User Name This property is required. String - The name of the database user whose actions were audited.
This property is required. Map<String>- Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags Example:
{"Operations.CostCenter": "42"}
- error
Code This property is required. String - Oracle Error code generated by the action. Zero indicates the action was successful.
- error
Message This property is required. String - The detailed message on why the error occurred.
- event
Name This property is required. String - The name of the detail action executed by the user on the target database. For example ALTER SEQUENCE, CREATE TRIGGER or CREATE INDEX.
- extended
Event Attributes This property is required. String - List of all other attributes of the audit event seperated by a colon other than the one returned in audit record.
- fga
Policy Name This property is required. String - Fine-grained auditing (FGA) policy name that generated this audit record.
This property is required. Map<String>- Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags Example:
{"Department": "Finance"}
- id
This property is required. String - The OCID of the audit event.
- is
Alerted This property is required. Boolean - Indicates whether an alert was raised for this audit event.
- object
This property is required. String - The name of the object affected by the action.
- object
Owner This property is required. String - The schema name of the object affected by the action.
- object
Type This property is required. String - The type of the object in the source database affected by the action. For example PL/SQL, SYNONYM or PACKAGE BODY.
- operation
This property is required. String - The name of the action executed by the user on the target database. For example ALTER, CREATE or DROP.
- operation
Status This property is required. String - Indicates whether the operation was a success or a failure.
- os
Terminal This property is required. String - The operating system terminal of the user session.
- os
User Name This property is required. String - The name of the operating system user for the database session.
- peer
Target Database Key This property is required. Number - The secondary id assigned for the peer database registered with Data Safe.
- target
Class This property is required. String - The class of the target that was audited.
- target
Id This property is required. String - The OCID of the target database that was audited.
- target
Name This property is required. String - The name of the target database that was audited.
- time
Collected This property is required. String - The timestamp when this audit event was collected from the target database by Data Safe.
- trail
Source This property is required. String - The underlying source of unified audit trail.
GetAuditEventsFilter
Package Details
- Repository
- oci pulumi/pulumi-oci
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
oci
Terraform Provider.