Syslog fields
Many of the triggering events related to the BeyondTrust Administrative Interface (/login) and the B Series Appliance Interface (/appliance) result in syslog messages. These syslog messages have additional fields associated.
You can configure your B Series Appliance to send these log message to an existing syslog server. BeyondTrust Appliance B Series logs are sent using the local0 facility.
Access sponsor group fields
These fields apply to the access_sponsor_group_added, access_sponsor_group_changed, and access_sponsor_group_removed events.
| Field | Value | Explanation |
|---|---|---|
| description | string | The description of the access sponsor group. |
| id | string | The unique identifier of the access sponsor group. |
| name | string | The name of the access sponsor group. |
Access sponsor group member fields
These fields apply to the access_sponsor_group_member_added, access_sponsor_group_member_changed, and access_sponsor_group_member_removed events.
| Field | Value | Explanation |
|---|---|---|
| access_sponsor_group:id | string | The unique identifier of the access sponsor group to which this member belongs. |
| access_sponsor_group:name | string | The name of the access sponsor group to which this member belongs. |
| role | requester sponsor | The role this member plays in the access sponsor group. |
| user:id | string | The unique identifier of the user being added to or removed from this access sponsor group. |
| user:username | string | The name of the user being added to or removed from this access sponsor group. |
Account fields
These fields apply to the account_added, account_changed, and account_removed events.
| Field | Value | Explanation |
|---|---|---|
| name | string | The name of the account. |
| username | string | The username of the account |
| password | *** | Indicates if the password has changed. The actual string is never supplied. |
| auto_rotate_credentials | 1 or 0 | 1: Enables the automatic rotation for this account. 0: Disables the automatic rotation for this account. |
| allow_simultaneous_checkout | 1 or 0 | 1: Account can be checked out and used by multiple users or sessions at the same time. 0: Account can be checked out and used by single user at the same time. |
| personal | 1 or 0 | 1: Is a personal account. 0: Is a shared account. |
| group | string | The unique identifier of the account group. |
Account group fields
These fields apply to the account_group_added, account_group_changed, and account_group_removed events.
| Field | Value | Explanation |
|---|---|---|
| id | string | The unique identifier of the account group. |
| name | string | The name of the account group. |
| description | string | The description of the account group. |
Account group membership fields
These fields apply to the accounts_changed events.
| Field | Value | Explanation |
|---|---|---|
| accounts_id | comma-delimited list | The unique identifier of the vault accounts. |
| new_group | string | The unique identifier of the target account group. |
Account Jump Item association fields
These fields apply to the account_jump_item_association_added and account_jump_item_association_removed events.
| Field | Value | Explanation |
|---|---|---|
| id | number | The unique identifier of the association. |
| account_group_id | number | The unique identifier of the account group. |
| account_id | number | The unique identifier of the account. |
| criteria | string | A JSON representation of the filters, e.g., {"name":["name"],"host":["hostname"],"tag":["tag"],"comment":["comments"],"shared_jump_groups":[3]} Valid only when the filter type is criteria. |
| filter_type | applicable not_injectable criteria | The filter type of the association. |
API account fields
These fields apply to the api_account_added, api_account_changed, and api_account_removed events.
| Field | Value | Explanation |
|---|---|---|
| client_id | string | The OAuth client ID. |
| client_secret | *** | Indicates the OAuth client secret. The actual string is never supplied. |
| comments | string | Any comments associated with this API account. |
| enabled | 1 or 0 | 1: This API account is enabled. 0: This API account is disabled. |
| id | string | The unique identifier of the API account. |
| ip_addresses | comma-delimited list | The list of network address prefixes from which this account can authenticate. |
| name | string | The name of the API account. |
| permissions:backup | 1 or 0 | 1: This API account may use the backup API. 0: This API account may not use the backup API. |
| permissions:command | deny read_only full_access | Whether this API account is disallowed to use the command API, has read-only access to the command API, or has full access to the command API. |
| permissions:reporting:archive | 1 or 0 | 1: This API account may use the archive API. 0: This API account may not use the archive API. |
| permissions:reporting:license | 1 or 0 | 1: This API account may use the license reporting API. 0: This API account may not use the license reporting API. |
| permissions:reporting:presentation | 1 or 0 | 1: This API account may use the presentation reporting API. 0: This API account may not use the presentation reporting API. |
| permissions:reporting:support | 1 or 0 | 1: This API account may use the support reporting API. 0: This API account may not use the support reporting API. |
| permissions:reporting:syslog | deny read_only full_access | Whether this API account is disallowed access syslog reports, has read-only access to syslog reports, or has full access to syslog reports. |
Canned message category fields
These fields apply to the canned_message_category_added, canned_message_category_changed, and canned_message_category_removed events.
| Field | Value | Explanation |
|---|---|---|
| id | string | The unique identifier of this canned message category. |
| name | string | The name of this canned message category. |
| parent:id | string | The unique identifier of the parent category of this canned message category. |
| parent:name | string | The name of the parent category of this canned message category. |
Canned message fields
These fields apply to the canned_message_added, canned_message_changed, and canned_message_removed events.
| Field | Value | Explanation |
|---|---|---|
| category:id | string | The unique identifier of the category to which this canned message is assigned. |
| category:name | string | The name of the category to which this canned message is assigned. |
| id | string | The unique identifier of this canned message. |
| message | string | The text of this canned message. |
| title | string | The title of this canned message. |
Canned message team fields
These fields apply to the canned_message_team_added, canned_message_team_changed, and canned_message_team_removed events.
| Field | Value | Explanation |
|---|---|---|
| message:id | string | The unique identifier of the canned message to which this support team is being given access. |
| message:title | string | The name of the canned message to which this support team is being given access. |
| team:id | string | The unique identifier of the support team being given access to this canned message. |
| team:name | string | The name of the support team being given access to this canned message. |
Canned script fields
These fields apply to the canned_script_added, canned_script_changed, and canned_script_removed events.
| Field | Value | Explanation |
|---|---|---|
| allowed_in_view_only | 1 or 0 | 1: This canned script is available in view-only screen sharing, as a special action. 0: This canned script is not available in view-only screen sharing. |
| commands | string | The commands to be executed when this script is run. |
| description | string | The description of this canned script as displayed to the representative before being run. |
| elevation_mode | Both Elevated Only Unelevated Only | Whether this canned script is available only in elevated mode, only in unelevated mode, or in both elevated and unelevated modes. |
| id | string | The unique identifier of this canned script. |
| name | string | The name of this canned script. |
Canned script category fields
These fields apply to the canned_script_category_added and canned_script_category_removed events.
| Field | Value | Explanation |
|---|---|---|
| canned_script:id | string | The unique identifier of the canned script to which this category is being applied. |
| canned_script:name | string | The name of the canned script to which this category is being applied. |
| category | string | The name of the category being applied to this canned script. |
Canned script file fields
These fields apply to the canned_script_file_added and canned_script_file_removed events.
| Field | Value | Explanation |
|---|---|---|
| canned_script:id | string | The unique identifier of the canned script with which this file is being associated. |
| canned_script:name | string | The name of the canned script with which this file is being associated. |
| filename | string | The name of the file being associated with this canned script. |
Canned script team fields
These fields apply to the canned_script_team_added and canned_script_team_removed events.
| Field | Value | Explanation |
|---|---|---|
| canned_script:id | string | The unique identifier of the canned script to which this support team is being given access. |
| canned_script:name | string | The name of the canned script to which this support team is being given access. |
| team:id | string | The unique identifier of the support team being given access to this script. |
| team:name | string | The name of the support team being given access to this script. |
Canned scripts category fields
These fields apply to the canned_scripts_category_added and canned_scripts_category_removed events.
| Field | Value | Explanation |
|---|---|---|
| category | string | The name of this canned script category. |
Canned scripts file fields
These fields apply to the canned_scripts_file_added and canned_scripts_file_removed events.
| Field | Value | Explanation |
|---|---|---|
| filename | string | The filename of the file uploaded for canned script use. |
Certificate export fields
These fields apply to the certificate_export event.
| Field | Value | Explanation |
|---|---|---|
| friendly_name | string | The friendly name of the certificate being exported. |
| exported_with_private_key | 1 or 0 | 1: The private key is included in this export. 0: The private key is not included in this export. |
Change display name fields
These fields apply to the change_display_name event.
| Field | Value | Explanation |
|---|---|---|
| status | success failure | Whether the display name change attempt succeeded or failed. |
| reason | failed invalid display name | Indicates whether the new display name failed to meet formatting requirements. |
| target | web/api web/login | The authentication area from which the username change attempt was made. |
Change password fields
These fields apply to the change_password event.
| Field | Value | Explanation |
|---|---|---|
| status | success failure | Whether the password change attempt succeeded or failed. |
| reason | failed invalid password | Indicates whether the old password supplied was incorrect or the new password failed to me complexity requirements. |
| target | web/api web/appliance web/login | The authentication area from which the password change attempt was made. |
Change username fields
These fields apply to the change_username event.
| Field | Value | Explanation |
|---|---|---|
| status | success failure | Whether the username change attempt succeeded or failed. |
| reason | failed invalid password | Indicates whether the supplied password was incorrect or the new username failed to meet formatting requirements. |
| target | web/api web/appliance web/login | The authentication area from which the password change attempt was made. |
Custom rep link fields
These fields apply to the custom_rep_link_added, custom_rep_link_changed, and custom_rep_link_removed events.
| Field | Value | Explanation |
|---|---|---|
| id | string | The unique identifier of the custom link. |
| name | string | The name of the custom link. |
| url | string | The URL of the custom link. |
Custom session attribute fields
These fields apply to the custom_session_attribute_added, custom_session_attribute_changed, and custom_session_attribute_removed events.
| Field | Value | Explanation |
|---|---|---|
| code_name | string | The code name of the custom session attribute. |
| display_name | string | The display name of the custom session attribute. |
| id | string | The unique identifier of the custom session attribute. |
| show_in_rep | 1 or 0 | 1: The custom session attribute will be displayed in the representative console during a support session. 0: The custom session attribute will not be displayed in the representative console. |
Custom session policy fields
These fields apply to the custom_session_policy_added, custom_session_policy_changed, and custom_session_policy_removed events. Custom session policy events also include the Support permissions and prompting fields.
| Field | Value | Explanation |
|---|---|---|
| code_name | string | The code name of this custom session policy. |
| description | string | The description of the object to which this custom session policy is applied in the form of object(type):name. The object may be one of users or policies. A users object is followed by @ and the ID of its security provider. The type is either attended or unattended. The name is the name of the object. |
| id | string | The unique identifier of this custom session policy. |
| name | string | The name of this custom session policy. This name is assigned by the B Series Appliance and cannot be modified. |
Custom special action fields
These fields apply to the custom_special_action_added, custom_special_action_changed, and custom_special_action_removed events.
| Field | Value | Explanation |
|---|---|---|
| arguments | list | Command line arguments to apply the command. |
| command | string | The full path of the application to run. |
| confirm | 1 or 0 | 1: Require representatives to answer a confirmation prompt before the action runs. 0: Do not prompt before running the action. |
| id | string | The unique identifier of this custom special action. |
| name | string | The name of this custom special action. |
| run_elevated | 1 or 0 | 1: Show the special action only when the customer client is running in elevated mode, and run the action with elevated privileges. 0: Always show the action, and run the action with user privileges. |
Customer notice fields
These fields apply to the customer_notice_added, customer_notice_changed, and customer_notice_removed events.
| Field | Value | Explanation |
|---|---|---|
| expiry | Unix timestamp | The date and time of the creation of the message or never. |
| id | integer | The unique identifier for this customer notice. |
| message | string | The text of the customer notice. |
| name | string | The name of this customer notice. |
Customer notice public site fields
These fields apply to the customer_notice_public_site_added and customer_notice_public_site_removed events.
| Field | Value | Explanation |
|---|---|---|
| customer_notice:id | string | The unique identifier for this customer notice. |
| customer_notice:name | string | The name of this customer notice. |
| public_site:name | string | The name of the public site. |
Customizable text fields
These fields apply to the customizable_text_changed event.
| Field | Value | Explanation |
|---|---|---|
| ios:message:[language] | string | The existing message for the Apple iOS portal has changed. |
| ios:title:[language] | string | The existing title for the Apple iOS portal has changed. |
| pre_login_agreement:body:[language] | string | The existing message for the /login prerequisite login agreement has changed. |
| pre_login_agreement:title:[language] | string | The existing title for the /login prerequisite login agreement has changed. |
| presentation:abandoned_message:[language] | string | The existing message for orphaned presentations has changed. |
| presentation:agreement:message:[language] | string | The existing message for the presentation attendee agreement has changed. |
| presentation:agreement:title:[language] | string | The existing title for the presentation attendee agreement has changed. |
| presentation:greeting_message:[language] | string | The existing message for the presentation attendee greeting has changed. |
| presentation:invite:email:in_progress:body:[language] | string | The existing message for the in-progress presentation invitation email has changed. |
| presentation:invite:email:in_progress:subject:[language] | string | The existing subject for the in-progress presentation invitation email has changed. |
| presentation:invite:email:scheduled:body:[language] | string | The existing message for the scheduled presentation invitation email has changed. |
| presentation:invite:email:scheduled:subject:[language] | string | The existing subject for the scheduled presentation invitation email has changed. |
| presentation:uninstall_message:[language] | string | The existing presentation attendee client uninstall message has changed. |
| public_site:id | integer | The unique identifier of the public site. |
| rep:invite:email:body:[language] | string | The existing message for a rep invitation email has changed. |
| rep:invite:email:subject:[language] | string | The existing subject for a rep invitation email has changed. |
| support:abandoned_message:[language] | string | The existing message for orphaned support sessions has changed. |
| support:full_client:agreement:message:[language] | string | The existing message for the full-client customer agreement has changed. |
| support:full_client:agreement:title:[language] | string | The existing title for the full-client customer agreement has changed. |
| support:greeting_message:[language] | string | The existing message for the customer greeting has changed. |
| support:invite:email:body:[language] | string | The existing message for the support session invitation email has changed. |
| support:invite:email:subject:[language] | string | The existing subject for the support session invitation email has changed. |
| support:ios:email:body:[language] | string | The existing message for the Apple iOS invitation email has changed. |
| support:ios:email:subject:[language] | string | The existing subject for the Apple iOS invitation email has changed. |
| support:please_wait_message:[language] | string | The existing on-hold message has changed. |
| support:uninstall_message:[language] | string | The existing customer client uninstall message has changed. |
| support:web_client:agreement:message:[language] | string | The existing message for the click-to-chat customer agreement has changed. |
| support:web_client:elevate_prompt:[language] | string | The existing message for the click-to-chat elevation prompt has changed. |
Note
Macros appear as %MACROS% to indicate use.
Discovery error fields
These fields apply to the discovery_error_added, discovery_error_changed, and discovery_error_removed events.
| Field | Value | Explanation |
|---|---|---|
| system_name | string | The hostname or computer name which this error belongs. |
| discovery_job_id | string | The unique identifier of the Discovery job to which this error belongs. |
| type | integer | The type of error. |
| user_error | string | The error description. |
Domain fields
These fields apply to the domain_added, domain_changed, and domain_removed events.
| Field | Value | Explanation |
|---|---|---|
| name | string | The name of the domain. |
| jumpoint:id | string | The unique identifier of the Jumpoint. |
Endpoint fields
These fields apply to the endpoint_changed and endpoint_removed events.
| Field | Value | Explanation |
|---|---|---|
| description | string | The description of the endpoint. |
| distinguished_name | string | The distinguished name of the endpoint. |
| domain_id | integer | The unique identifier of the Domain to which this endpoint belongs. |
| hostname | string | The hostname of the endpoint. |
| is_domain_controller | 1 or 0 | 1: The endpoint is a domain controller. 0: The endpoint is not domain controller. |
| name | string | The name of the endpoint. |
| operating_system | string | The operating system of the endpoint. |
| unique_id | string | The unique identifier of the endpoint. |
Endpoint automation resource fields
These fields apply to the endpoint_automation_resource_added, endpoint_automation_resource_changed, and endpoint_automation_resource_removed events.
| Field | Value | Explanation |
|---|---|---|
| id | string | The unique identifier of the endpoint automation resource. |
| file_name | string | The name of the endpoint automation resource. |
| size | integer | The size of the file in bytes. |
| hash | string | The hash value of the file. |
| URL | string | The download string of the file. |
EULA accepted syslog fields
| Field | Value | Explanation |
|---|---|---|
| auth_username | string | The username of the individual who accepted the BeyondTrust Cloud end user license agreement (EULA). |
Exit survey question fields
These fields apply to the cust_exit_survey_question_added, cust_exit_survey_question_changed, cust_exit_survey_question_removed, rep_exit_survey_question_added, rep_exit_survey_question_changed. and rep_exit_survey_question_removed events.
| Field | Value | Explanation |
|---|---|---|
| html:class | string | The unique identifier of the canned script to which this category is being applied. |
| html:id | string | The name of the canned script to which this category is being applied. |
| html:style | string | The name of the category being applied to this canned script. |
| id | string | The unique identifier for this question. |
| label:[language] | localized string | The question text that will be displayed to the user. |
| name | string | The internal name used for formatting of this question. |
| order | integer | The order in which this question will be displayed, starting from 0. |
| report_header:[language] | localized string | The header for this question to display in exit survey reports. |
| required | 1 or 0 | 1: The representative is required to answer this question before closing the session. 0: The representative is not required to answer this question. |
| select:multiple | 1 or 0 | 1: Multiple selections are allowed. 0: Only one selection is allowed. |
| text:maxlength | integer | The maximum number of characters that can be entered in the text box. |
| text:size | integer | The width of the text box. |
| textarea:cols | string | The number of columns in the text area. |
| textarea:rows | string | The number of rows in the text area. |
| type | checkbox radio select text textarea | The type of question being added, modified, or removed. |
Exit survey question option fields
These fields apply to the cust_exit_survey_question_option_added, cust_exit_survey_question_option_changed, cust_exit_survey_question_option_removed, rep_exit_survey_question_option_added, rep_exit_survey_question_option_changed, and rep_exit_survey_question_option_removed events.
| Field | Value | Explanation |
|---|---|---|
| default | 1 or blank | 1: This radio button, check box, or select option is the default value. |
| default:[language] | localized string | The default value for this text box or text area option. |
| id | string | The unique identifier for this option. |
| label:[language] | localized string | The display value shown for this option. |
| order | integer | The order in which this radio button, check box, or select option will be displayed, starting from 0. |
| question:id | string | The unique identifier of the question for which this option will be displayed. |
| question:name | string | The name of the question for which this option will be displayed. |
| value | string | The value of this radio button, check box, or select option as logged in the survey reports. |
FIDO2 credential fields
These fields apply to the fido2_credential_added, fido2_credential_changed, and fido2_credential_removed events.
| Field | Value | Explanation |
|---|---|---|
| credential_owner_id | integer | ID of the credential owner. |
| name | string | Unique name of the credential, up to 64 characters. |
| roaming | 1 or 0 | 1: The credential is cross-platform. 2: The credential is not cross-platform. |
| registration_date | date | The date the credential was registered. |
| last_used_date | date | The date the credential was last used. |
| last_signature_count | integer | How many times this authenticator has performed signatures. |
File store fields
These fields apply to the file_removed_from_file_store and file_uploaded_to_file_store events.
Fields marked with an asterisk apply only to file_uploaded_to_file_store events.
| Field | Value | Explanation |
|---|---|---|
| filename | string | The name of the file being uploaded to or removed from the file store. |
| size* | integer | The size in bytes of the file being uploaded to the file store. |
Group policy fields
These fields apply to the group_policy_added, group_policy_changed, and group_policy_removed events.
| Field | Value | Explanation |
|---|---|---|
| comments | string | Any comments associated with this group policy. |
| id | string | The unique identifier for this group policy. |
| name | string | The name of this group policy. |
| priority | integer | The priority of this group policy, in order of execution, starting from 1. |
Group policy member fields
These fields apply to the group_policy_member_added and group_policy_member_removed events.
| Field | Value | Explanation |
|---|---|---|
| policy:id | string | The unique identifier of the policy to which this member belongs. |
| policy:name | string | The name of the policy to which this member belongs. |
| provider:id | string | The unique identifier of the security provider against which this member authenticates. |
| provider:name | string | The name of the security provider against which this member authenticates. |
| user:external_id | string | The unique identifier of this group policy member. |
Group policy setting fields
These fields apply to the group_policy_setting_added, group_policy_setting_changed, and group_policy_setting_removed events. Group policy setting events also include the Permission fields.
| Field | Value | Explanation |
|---|---|---|
| account:disabled | 1 or 0 | 1: The accounts associated with this group policy are disabled. 0: The accounts associated with this group policy are active. |
| account:expiration | Unix timestamp | The date and time the accounts associated with this group policy will expire, if ever. |
| allow_override | 1 or 0 | 1: This setting can be overridden by a policy with a lower priority. 0: This setting cannot be overridden by a policy with a lower priority. |
| comments | string | Any comments associated with this group policy. |
| idle_timeout | integer or site_wide_setting | The maximum number of seconds these representatives can be idle within the representative console before being logged out. The site_wide_setting option defaults to the timeout set on the Management > Security page. If no timeout, uses none. |
| jumpoints | serialized labeled list | The group’s Jumpoint access in the form of permission🆔name, where permission is one of added, removed, or unknown; id is the unique identifier of the Jumpoint; and name is the name of the Jumpoint. |
| login_code:enabled | 1 or 0 | 1: Users must enter an emailed login code to log in. 0: Users may log in without an emailed login code. |
| policy:id | string | The unique identifier of the group policy for which this setting is configured. |
| policy:name | string | The name of the group policy for which this setting is configured. |
| team_memberships | serialized labeled list | The group’s team memberships in the form of permission:role🆔name, where permission is one of added, removed, or unknown; role is one of all, team_member, team_lead, or team_manager; id is the unique identifier of the team; and name is the name of the team. |
| tz | string | The time zone to use for the representative login schedule for this group policy. |
iOS content item fields
These fields apply to the ios_content_item_added, ios_content_item_changed, and ios_content_item_removed events.
| Field | Value | Explanation |
|---|---|---|
| description:[language] | string | The description of this iOS configuration profile. |
| file_name | string | The name of the file. |
| id | string | The unique identifier of this iOS configuration profile. |
| name:[language] | string | The name of this iOS configuration profile. |
| publicly_browsable | 1 or 0 | 1: This iOS configuration profile is visible to any iOS user browsing your public portal. 0: This iOS configuration profile can be downloaded only by supplying an access key generated by a representative. |
Jump Item Role fields
These fields apply to the jump_item_role_added, jump_item_role_changed, and jump_item_role_removed events.
| Field | Value | Explanation |
|---|---|---|
| comments | string | Any comments on this Jump Item. |
| computer_name | string | The hostname or IP address, up to 64 characters. |
| description | string | The description of this Jump Item Role. |
| id | string | The unique identifier of this Jump Item Role. |
| jump_group_id | integer | The unique identifier of the Jump Group or user that owns this Jump Item. |
| jump_policy_id | integer | The unique identifier of the Jump Policy used to manage access to this Jump Item. |
| name | string | The name of this Jump Item Role. |
| perm_add | 1 or 0 | 1: This role grants permission to create and deploy Jump Items. 0: This role does not grant permission to create Jump Items. |
| perm_assign_jump_group | 1 or 0 | 1: This role grants permission to move Jump Items into and out of Jump Groups. 0: This role does not grant permission to move Jump Items between Jump Groups. |
| perm_edit_behavior | 1 or 0 | 1: This role grants permission to edit Jump Item behavior and experience settings. 0: This role does not grant permission to edit behavior and experience settings. |
| perm_edit_comments | 1 or 0 | 1: This role grants permission to edit Jump Item comments. 0: This role does not grant permission to edit comments. |
| perm_edit_identity | 1 or 0 | 1: This role grants permission to edit Jump Item connectivity and authentication settings. 0: This role does not grant permission to edit connectivity and authentication settings. |
| perm_edit_jump_policy | 1 or 0 | 1: This role grants permission to assign Jump Policies to Jump Items. 0: This role does not grant permission to assign Jump Policies to Jump Items. |
| perm_edit_session_policy | 1 or 0 | 1: This role grants permission to assign session policies to Jump Items. 0: This role does not grant permission to assign session policies to Jump Items. |
| perm_edit_tag | 1 or 0 | 1: This role grants permission to edit Jump Item tags. 0: This role does not grant permission to edit tags. |
| perm_remove | 1 or 0 | 1: This role grants permission to delete Jump Items. 0: This role does not grant permission to delete Jump Items. |
| perm_start | 1 or 0 | 1: This role grants permission to start sessions with Jump Items. 0: This role does not grant permission to start sessions with Jump Items. |
| perm_view_jump_item_report | 1 or 0 | 1: This role grants permission to view Jump Item reports. 0: This role does not grant permission to view Jump Item reports. |
| port | integer | The port for this Jump Item to use. |
| push_agent_id | integer | The unique identifier of the Jumpoint through which connections are made. |
| tag | string | The tag for this Jump Item. |
Jump Policy fields
These fields apply to the jump_policy_added, jump_policy_changed, and jump_policy_removed events.
| Field | Value | Explanation |
|---|---|---|
| authorization:approvers | string | The IDs of approver users. |
| code_name | string | The code name of this Jump Policy. |
| description | string | The description of this Jump Policy. |
| display_name | string | The display name of this Jump Policy. |
| id | string | The unique identifier of this Jump Policy. |
| schedule:enabled | 1 or 0 | 1: Representatives are disallowed to access Jump Clients controlled by this policy outside of the set schedule. 0: Representatives may access Jump Clients controlled by this policy at any time. |
| schedule:force_end | 1 or 0 | 1: Open sessions with Jump Clients controlled by this policy are automatically terminated at the end of the scheduled time. 0: Open sessions with Jump Clients controlled by this policy may continue past the end of the scheduled time. |
Jump Policy schedule fields
These fields apply to the jump_policy:schedule_entry_added and jump_policy:schedule_entry_removed events.
| Field | Value | Explanation |
|---|---|---|
| jump_policy:display_name | string | The display name of the Jump Policy to which this Jump schedule entry applies. |
| jump_policy:id | string | The unique identifier of the Jump Policy to which this Jump schedule entry applies. |
| schedule:end_day_of_week | Monday Tuesday Wednesday Thursday Friday Saturday Sunday | The end day for this Jump schedule entry. |
| schedule:end_time_of_day | hh:mm (24-hour format) | The end time for this Jump schedule entry. |
| schedule:start_day_of_week | Monday Tuesday Wednesday Thursday Friday Saturday Sunday | The start day for this Jump schedule entry. |
| schedule:start_time_of_day | hh:mm (24-hour format) | The start time for this Jump schedule entry. |
Jumpoint cluster fields
These fields apply to the jumpoint_cluster_added, jumpoint_cluster_changed, and jumpoint_cluster_removed events.
| Field | Value | Explanation |
|---|---|---|
| allows_multiple_nodes | 1 or 0 | 1: This is a Jumpoint cluster. 0: This is a standalone Jumpoint. |
| code_name | string | The code name of this Jumpoint or Jumpoint cluster. |
| comment | string | Any comments associated with this Jumpoint or Jumpoint cluster. |
| disabled | 1 or 0 | 1: This Jumpoint or Jumpoint cluster is disabled. 0: This Jumpoint or Jumpoint cluster is enabled. |
| external_jump_item_network_id | string | The unique identifier of the external Jump Item. |
| id | string | The unique identifier of this Jumpoint or Jumpoint cluster. |
| name | string | The name of this Jumpoint or Jumpoint cluster. |
| platform | string | The platform of the Jumpoint Cluster. |
| shelljump | 1 or 0 | 1: This Jumpoint or Jumpoint cluster can be configured to allow Shell Jump. 0: This Jumpoint or Jumpoint cluster does not allow Shell Jump. |
Jumpoint user fields
These fields apply to the jumpoint_user_added and jumpoint_user_removed events.
| Field | Value | Explanation |
|---|---|---|
| jumpoint:id | string | The unique identifier of the Jumpoint to which this user is being added or removed. |
| jumpoint:name | string | The name of the Jumpoint to which this user is being added or removed. |
| user:id | string | The unique identifier of the user being added or removed. |
| user:username | string | The name of the user being added or removed. |
Kerberos keytab fields
These fields apply to the kerberos_keytab_added and kerberos_keytab_removed events.
Fields marked with an asterisk apply only to kerberos_keytab_added events.
| Field | Value | Explanation |
|---|---|---|
| enctype* | string | The encryption type of the keytab. |
| principal | string | The service principal of the keytab. |
| timestamp* | Unix timestamp | The timestamp of the keytab. |
| vno* | integer | The key version number of the keytab. |
License pool fields
These fields apply to the license_pool_added, license_pool_changed, and license_pool_removed events.
| Field | Value | Explanation |
|---|---|---|
| description | string | The description of the license pool. |
| id | string | The unique identifier of this license pool. |
| license_type | support_full support_chat | The type of license in this license pool. |
| maximum_license_count | integer | The maximum number of licenses which can be consumed by users of this pool. |
| name | string | The name of this license pool. |
| reserved_license_count | integer | The number of licenses which should be reserved for this pool. |
Login fields
These fields apply to the login event, triggered from the administrative interface or the representative console.
| Field | Value | Explanation |
|---|---|---|
| last_notified | string | The last time the user was notified to take an action. |
| status | success failure | Whether the login attempt succeeded or failed. |
| reason | failed account disabled account expired exceeded failed login attempts change password | Appears only if login failed. Indicates the reason for the failure, such as the account being disabled or expired, the number of failed login attempts having exceeded the permissible amount, or the password requiring reset. |
| target | web/api web/appliance web/login rep_client | The authentication area from which the login attempt was made. |
| vendor_expire_time | string | The Vendor user experation datetime. |
Login schedule entry fields
These fields apply to the login_schedule_entry_added and login_schedule_entry_removed events.
| Field | Value | Explanation |
|---|---|---|
| schedule:end_day_of_week | Monday Tuesday Wednesday Thursday Friday Saturday Sunday | The end day for this login schedule entry. |
| schedule:end_time_of_day | hh:mm (24-hour format) | The end time for this login schedule entry. |
| schedule:start_day_of_week | Monday Tuesday Wednesday Thursday Friday Saturday Sunday | The start day for this login schedule entry. |
| schedule:start_time_of_day | hh:mm (24-hour format) | The start time for this login schedule entry. |
| user:id | string | The unique identifier of the user to whom this login schedule entry applies. |
| user:username | string | The username of the user to whom this login schedule entry applies. |
Management account fields
These fields apply to the management_account_added, management_account_changed, and management_account_removed events.
| Field | Value | Explanation |
|---|---|---|
| domain_account:id | string | The unique identifier of the domain group. |
| domain:id | string | The unique identifier of the domain. |
Network fields
These fields apply to the network_changed event.
| Field | Value | Explanation |
|---|---|---|
| default_route | string | The default network route for the B Series Appliance. |
| dns:1 | string | The IP address of the primary DNS server. |
| dns:2 | string | The IP address of the secondary DNS server. |
| dns:3 | string | The IP address of the tertiary DNS server. |
| dns:opendns | 1 or 0 | 1: The B Series Appliance should fall back to OpenDNS servers if the configured DNS servers fail to reply. 0: The B Series Appliance should never fall back to OpenDNS servers. |
| gateway:interface | string | The interface to use as the default gateway. |
| gateway:ip | string | The IP address of the default gateway. |
| hostname | string | The hostname of the B Series Appliance. |
| icmp_echo | 1 or 0 | 1: The interface will respond to ICMP echoes. 0: The interface will not respond to ICMP echoes. |
| ntp_server | string | The IP address of the NTP server. |
| ssl:ciphers | comma-delimited list | The set of ciphersuites supported by the B Series Appliance for HTTPS/SSL traffic. |
| ssl:v2 | 1 or 0 | 1: SSLv2 is enabled. 0: SSLv2 is not enabled. |
| ssl:v3 | 1 or 0 | 1: SSLv3 is enabled. 0: SSLv3 is not enabled. |
Network address fields
These fields apply to the network_address_added, network_address_changed, and network_address_removed events.
| Field | Value | Explanation |
|---|---|---|
| enabled | 1 or 0 | 1: This IP address is enabled. 0: This IP address is disabled. |
| interface | string | The NIC to use as the interface. |
| ip | string | The IP address of the interface. |
| netmask | string | The netmask for this IP address. |
| permit:http | 1 or 0 | 1: Permit HTTP traffic through this IP and interface. 0: Do not permit HTTP traffic through this IP and interface. |
| permit:https | 1 or 0 | 1: Permit HTTPS traffic through this IP and interface. 0: Do not permit HTTPS traffic through this IP and interface. |
| permit:session | 1 or 0 | 1: Permit BeyondTrust session traffic, such a representative console and customer client connections, through this IP and interface. 0: Do not permit BeyondTrust session traffic through this IP and interface. |
Network route descriptor fields
This field applies to the network_route_changed event.
| Field | Value | Explanation |
|---|---|---|
| [ip/bit=gw@NIC] | string | The IP address and CIDR bitmask, along with the gateway address at a particular interface. |
Network Tunnel Jump fields
These fields apply to the network_tunnel_jump_item_added, network_tunnel_jump_item_changed, and network_tunnel_jump_item_removed events.
| Field | Value | Explanation |
|---|---|---|
| id | string | The unique identifier of the network tunnel Jump Item. |
| name | string | The name of the network tunnel Jump Item. |
| push_agent_id | number | The unique identifier of the push agent. |
| jump_group_id | number | The unique identifier of the Jump Group. |
| tag | string | The tag of the network tunnel Jump Item. |
| comments | string | The comments of the network tunnel Jump Item. |
| jump_policy_id | number | The unique identifier of the jump_policy_id. |
| unattended_support_access_policy_id | number | The unique identifier of the session policy. |
| computer_name | string | The computer name of the network tunnel Jump Item. |
| tunnel_definitions | string | The definitions of the network tunnel Jump Item. |
| tunnel_listen_address | string | The listen address of the network tunnel Jump Item. |
Outbound event email recipient fields
These fields apply to the outbound_event_email_recipient_added, outbound_event_email_recipient_changed, and outbound_event_email_recipient_removed events.
| Field | Value | Explanation |
|---|---|---|
| disabled | 1 or 0 | 1: The outbound event email recipient is disabled. 0: The outbound event email recipient is enabled. |
| email_address | string | The email address to which the outbound event is sent. |
| id | string | The unique identifier of this outbound event email recipient. |
| name | string | The name of this outbound event email recipient. |
| require_external_key | 1 or 0 | 1: Emails are sent only for sessions that have an external key at the time the event occurs. 0: Emails are sent for all sessions, even those that do not have an external key. |
Outbound event email trigger syslog fields
These fields apply to the outbound_event_email_trigger_added and outbound_event_email_trigger_removed events.
| Field | Value | Explanation |
|---|---|---|
| event:email:body | string | The body of the email sent to the recipient. |
| event:email:enabled | 1 or 0 | 1: The email event is enabled. 0: The email event is disabled. |
| event:email:subject | string | The subject of the email sent to the recipient. |
| event:name | support_conference_end support_conference_customer_exit_survey_completed support_conference_rep_exit_survey_completed | The event to send to the recipient. There will be one event per email, with multiple events resulting in multiple emails to the recipient. |
| recipient:id | string | The unique identifier of the recipient to which this event will be emailed. |
| recipient:name | string | The name of the recipient to which this event will be emailed. |
Outbound event HTTP recipient fields
These fields apply to the outbound_event_http_recipient_added, outbound_event_http_recipient_changed, and outbound_event_http_recipient_removed events.
| Field | Value | Explanation |
|---|---|---|
| cert | <data> none | Indicates that a certificate has been uploaded or changed. Only the value <data> will be displayed for a changed certificate. |
| disabled | 1 or 0 | 1: The outbound event recipient is disabled. 0: The outbound event recipient is enabled. |
| failure:email | string | The email address to which to send a failure notification if the outbound event cannot be posted. |
| failure:first_notice | integer | The number of seconds that must have elapsed since the first error before sending a failure notification email. |
| failure:repeat_interval | integer | The number of seconds that must have elapsed since the last alert was sent before sending another failure notification email if the event is still failing. |
| id | string | The unique identifier of this outbound event recipient. |
| name | string | The name of this outbound event recipient. |
| retry:duration | integer | The number of seconds that must have elapsed since the first error before the event stops retrying and is marked as failed. |
| retry:interval | integer | The number of seconds between each retry attempt. |
| url | string | The URL of the outbound event recipient to which the event will be posted. |
Outbound event HTTP trigger syslog fields
These fields apply to the outbound_event_http_trigger_added and outbound_event_http_trigger_removed events.
| Field | Value | Explanation |
|---|---|---|
| event:name | support_conference_begin support_conference_end support_conference_owner_changed support_conference_member_added support_conference_member_departed support_conference_customer_exit_survey_completed support_conference_rep_exit_survey_completed | The event to send to the recipient. There will be one event per post, with multiple events resulting in multiple posts to the recipient. |
| recipient:id | string | The unique identifier of the recipient to which this event will be posted. |
| recipient:name | string | The name of the recipient to which this event will be posted. |
Pending user fields
These fields apply to the pending_user_added, pending_user_changed, and pending_user_removed events.
| Field | Value | Explanation |
|---|---|---|
| name | string | The user name. |
| username | string | The user username. |
| email_address | string | The user email address. |
| id | string | The user id. |
| vendor_id | string | The unique identifier of the Vendor to which this user belongs. |
| email_language | integer | The unique identifier of the email selected language. |
| email_address_confirmed | 0 or 1 | 1:The user has confirmed their email address. 0: The user has not confirmed their email address. |
| comments | string | The user comments. |
Permission fields
These fields apply to both user and group policy events.
| Field | Value | Explanation |
|---|---|---|
| permissions:access_sponsors | 1 or 0 | 1: The user may create access sponsor groups. 0: The user may not create access sponsor groups. |
| permissions:admin | 1 or 0 | 1: The user is an administrator. 0: The user is not an administrator. |
| permissions:api:command | 1 or 0 | 1: The user is allowed to use the command API. 0: The user is not allowed to use the command API. |
| permissions:api:reporting | 1 or 0 | 1: The user is allowed to use the reporting API. 0: The user is not allowed to use the reporting API. |
| permissions:api:state | 1 or 0 | 1: The user is allowed to use the real-time state API. 0: The user is not allowed to use the real-time state API. |
| permissions:support_button | 1 or 0 | 1: The user is allowed to create, modify, and delete Support Button Profiles. 0: The user is not allowed to create, modify, or delete Support Button Profiles. |
| permissions:canned_scripts | 1 or 0 | 1: The user may create and edit canned scripts. 0: The user may not create or edit canned scripts. |
| permissions:change_display_name | 1 or 0 | 1: The user may change their display name. 0: The user may not change their display name. |
| permissions:custom_rep_links | 1 or 0 | 1: The user may create and edit custom rep links. 0: The user may not create or edit custom rep links. |
| permissions:customer_notice | 1 or 0 | 1: The user may create and edit customer notices. 0: The user may not create or edit customer notices. |
| permissions:file_store | 1 or 0 | 1: The user may add or remove files from the file store. 0: The user may not edit the file store. |
| permissions:issues | 1 or 0 | 1: The user may create and edit issues. 0: The user may not create or edit issues. |
| permissions:presentations | 1 or 0 | 1: The user is allowed to perform presentations. 0: The user is not allowed to perform presentations. |
| permissions:presentations:control | 1 or 0 | 1: The user is allowed to grant mouse and keyboard control to an attendee during a presentation. 0: The user is not allowed to grant control to an attendee. |
| permissions:public_sites:templates | 1 or 0 | 1: The user may create and edit public site configurations. 0: The user may not create or edit public sites. |
| permissions:rep_to_rep_screen_sharing | 1 or 0 | 1: The user is allowed to show their screen to other representatives outside of a session. 0: The user is not allowed to show their screen to other representatives. |
| permissions:rep_to_rep_screen_sharing:control | 1 or 0 | 1: When showing their screen to another representative, the user is allowed to grant control to the viewing representative. 0: When showing their screen to another representative, the user is not allowed to grant control to the viewing representative. |
| permissions:reporting:license_reports | 1 or 0 | 1: The user is allowed to view license usage reports. 0: The user is not allowed to view license usage reports. |
| permissions:reporting:presentation_reports | none user_sessions team_sessions all_sessions | Whether the user is disallowed to generate presentation reports or is allowed to generate reports only for presentations in which they were the presenter, for presentations in which one of their teammates was the presenter, or for all presentations. |
| permissions:reporting:recordings | 1 or 0 | 1: The user is allowed to view support session recordings. 0: The user is not allowed to view support session recordings. |
| permissions:reporting:support_reports | none user_sessions team_sessions all_sessions | Whether the user is disallowed to generate reports or is allowed to generate reports only for sessions in which they were the primary representative, for sessions in which one of their teammates was the primary representative or one of their teams was the primary team, or for all sessions. |
| permissions:show_on_public_site | 1 or 0 | 1: The user may be listed in the representative list of all applicable public sites. 0: The user may not be listed in the representative list. |
| permissions:skills | 1 or 0 | 1: The user may create and edit skills. 0: The user may not create or edit skills. |
| permissions:support | not_allowed full_support chat_only | Whether the user is disallowed to offer support or is allowed to offer full remote support. The user may also be allowed to send chat messages within a support session. |
| permissions:support:accept_team_sessions | 1 or 0 | 1: The user is allowed to manually accept sessions from their team queues. 0: The user is not allowed to manually accept sessions from their team queues. |
| permissions:support:support_button:change_public_sites | 1 or 0 | 1: The user is allowed to change the public portal through which a Support Button connects. 0: The user is not allowed to change a Support Button's public portal. |
| permissions:support:support_button:personal:deploy | 1 or 0 | 1: The user is allowed to deploy and modify personal Support Buttons. 0: The user is not allowed to deploy or modify personal Support Buttons. |
| permissions:support:support_button:team:deploy | 1 or 0 | 1: The user is allowed to deploy team Support Buttons for teams they are a member of. 0: The user is not allowed to deploy team Support Buttons. |
| permissions:support:support_button:team:manage | 1 or 0 | 1: The user is allowed to modify Support Buttons deployed to teams they are a member of. If they are a team lead/manager they can modify the personal Support Buttons of any team members as well. 0: The user is not allowed to modify team Support Buttons or personal Support Buttons of team members. |
| permissions:support:canned_messages | 1 or 0 | 1: The user can create and edit canned messages. 0: The user cannot create or edit canned messages. |
| permissions:support:edit_ios_content | 1 or 0 | 1:The user is allowed to create, edit, and upload BeyondTrust Apple iOS Profile content. 0: The user is not allowed to create, edit, or upload BeyondTrust Apple iOS Profile content. |
| permissions:support:extended_availability_mode | 1 or 0 | 1: The user is allowed to enable extended availability. 0: The user is not allowed to enable extended availability. |
| permissions:support:external_key | 1 or 0 | 1: The user is allowed to edit the external key. 0: The user is not allowed to edit the external key. |
| permissions:support:invite_temp_rep | 1 or 0 | 1: The user is allowed to invite an external representative into a single session. 0: The user is not allowed to invite an external representative into a session. |
| permissions:support:ios_content | 1 or 0 | 1: The user is allowed to generate access keys to offer iOS content to iOS device users. 0: The user is not allowed to generate access keys to offer iOS content to iOS device users. |
| permissions:support:jump:clients | 1 or 0 | 1: The user is allowed to Jump to unattended systems via preinstalled Jump Clients. 0: The user is not allowed to Jump to unattended systems via pre-installed Jump Clients. |
| permissions:support:jump:clients:all | 1 or 0 | 1: The user is allowed to start sessions from all Jump Clients within the system. 0: The user is not allowed to start sessions from all Jump Clients within the system. |
| permissions:support:jump:clients:change_public_sites | 1 or 0 | 1: The user is allowed to change the public portal through which a Jump Client connects. 0: The user is not allowed to change a Jump Client's public portal. |
| permissions:support:jump:clients:change_session_policies | 1 or 0 | 1: The user is allowed to change the session policy associated with a Jump Client. 0: The user is not allowed to change a Jump Client's session policy. |
| permissions:support:jump:clients:config | 1 or 0 | 1: The user is allowed to deploy, remove, and modify Jump Clients for their Jump Groups or team members' personal lists of Jump Items. 0: The user is not allowed to deploy, remove, or modify Jump Clients for their Jump Groups or team members' personal lists of Jump Items. |
| permissions:support:jump:clients:config:all | 1 or 0 | 1: The user is allowed to deploy, remove, and modify Jump Clients for all Jump Groups within the system. 0: The user is not allowed to deploy, remove, or modify Jump Clients for all Jump Groups within the system. |
| permissions:support:jump:clients:private | 1 or 0 | 1: The user is allowed to deploy, remove, and modify Jump Clients for her or her personal list of Jump Items. 0: The user is not allowed to deploy, remove, or modify Jump Clients for their personal list of Jump Items. |
| permissions:support:jump:local | 1 or 0 | 1: The user is allowed to Jump to unattended computers on the same network without Jump Clients or a Jumpoint. 0: The user is not allowed to Jump to computers on the same network without Jump Clients or a Jumpoint. |
| permissions:support:jump:remote | 1 or 0 | 1: The user is allowed to Jump to unattended remote computers through a Jumpoint. 0: The user is not allowed to Jump to unattended remote computers through a Jumpoint. |
| permissions:support:jumpoint:admin | 1 or 0 | 1: The user is allowed to create and edit Jumpoints. 0: The user is not allowed to create or edit Jumpoints. |
| permissions:support:jumpoint:shell | 1 or 0 | 1: The user is allowed to use Shell Jump. 0: The user is not allowed to use Shell Jump. |
| permissions:support:next_session | 1 or 0 | 1: The user is allowed to request the longest waiting session from their teams to begin support. 0: The user is not allowed to request the longest waiting session from their teams. |
| permissions:support:rdp:local | 1 or 0 | 1: The user is allowed to use BeyondTrust to start a Remote Desktop Protocol (RDP) session with a computer on the same network. 0: The user is not allowed to use BeyondTrust for RDP on a local network. |
| permissions:support:rdp:remote | 1 or 0 | 1: The user is allowed to use BeyondTrust to start a Remote Desktop Protocol (RDP) session with a computer on a remote network. 0: The user is not allowed to use BeyondTrust for RDP on a remote network. |
| permissions:support:session_assignment:disable | 1 or 0 | 1: The user is allowed to opt-out of automatic session assignment. 0: The user is not allowed to opt-out of automatic session assignment. |
| permissions:support:session_assignment:idle_timeout | integer | The number of seconds the user must have been idle before sessions will no longer be automatically assigned to them. |
| permissions:support:session_assignment:session_limit | integer | The minimum number of sessions the user must be supporting before sessions will no longer be automatically assigned to them. |
| permissions:support:session_keys | 1 or 0 | 1: The user can create sessions keys for customers to use to start support sessions directly with that user. 0: The user cannot create session keys. |
| permissions:support:team_share | 1 or 0 | 1: The user can share sessions with teams to which they do not belong. 0: The user cannot share sessions with teams to which they do not belong. |
| permissions:support:team_transfer | 1 or 0 | 1: The user can transfer sessions to teams to which they do not belong. 0: The user cannot transfer sessions to teams to which they do not belong. |
| permissions:support:vnc:local | 1 or 0 | 1: The user is allowed to use BeyondTrust to start a VNC session with a computer on a local network. 0: The user is not allowed to use BeyondTrust for VNC on a local network. |
| permissions:support:vnc:remote | 1 or 0 | 1: The user is allowed to use BeyondTrust to start a VNC session with a computer on a remote network. 0: The user is not allowed to use BeyondTrust for VNC on a remote network. |
| permissions:support:vpro | 1 or 0 | 1: The user is allowed to control a computer using Intel® vPro Technology. 0: The user is not allowed to control a computer using Intel® vPro Technology. |
| permissions:teams | 1 or 0 | 1: The user is allowed to create and edit support teams. 0: The user is not allowed to create or edit support teams. |
| permissions:users:set_passwords | 1 or 0 | 1: The user is allowed to reset other users' passwords. 0: The user is not allowed to reset other users' passwords. |
Public site fields
These fields apply to public_site_added, public_site_changed, and public_site_removed events.
| Field | Value | Explanation |
|---|---|---|
| default_callback_button_profile:id | string | The unique identifier of the Support Button Profile associated with this public site. |
| default_callback_button_profile:title | string | The title of the Support Button Profile associated with this public site. |
| help_issues_menu:[language] | string | The help text to display for the issues menu. If the text is the default, the value will be blank. |
| help_presentation_list:[language] | string | The help text to display for the presentation list. If the text is the default, the value will be blank. |
| help_rep_list:[language] | string | The help text to display for the representative list. If the text is the default, the value will be blank. |
| help_session_keys:[language] | string | The help text to display for the session key submission field. If the text is the default, the value will be blank. |
| id | string | The unique identifier of this public site. |
| name | string | The name of this public site. |
| template:id | string | The unique identifier of the HTML template applied to this public site. |
| template:name | string | The name of the HTML template applied to this public site. |
Public site address fields
These fields apply to public_site_address_added and public_site_address_removed events.
| Field | Value | Explanation |
|---|---|---|
| address | string | The web address of this public site. |
| public_site:id | string | The unique identifier of this public site. |
| public_site:name | string | The name of this public site. |
Public site customer banner fields
These fields apply to the public_site_customer_banner_reverted_to_factory_default and public_site_customer_banner_uploaded events.
Fields marked with an asterisk apply only to public_site_customer_banner_uploaded events.
| Field | Value | Explanation |
|---|---|---|
| site:id | string | The unique identifier of the public site to which this customer client banner image is assigned. |
| site:name | string | The name of the public site to which this customer client banner image is assigned. |
| size* | integer | The size in bytes of the custom banner image. Applies only to new images being uploaded. |
Public site exit survey fields
These fields apply to public_site_exit_survey_added and public_site_exit_survey_removed events.
| Field | Value | Explanation |
|---|---|---|
| public_site:id | string | The unique identifier of the public site to which this exit survey question is assigned. |
| public_site:name | string | The name of the public site to which this exit survey question is assigned. |
| question:id | string | The unique identifier of this exit survey question. |
| question:name | string | The name of this exit survey question. |
| question:type | customer representative | Indicates whether this is a customer or a representative survey question. |
Public site session attribute fields
These fields apply to the public_site_session_attribute_added, public_site_session_attribute_changed, public_site_session_attribute_removed events.
| Field | Value | Explanation |
|---|---|---|
| public_site:id | string | The public site unique identifier. |
| public_site:name | string | The public site name. |
| attribute:id | string | The unique identifier of the attribute. |
| attribute:code_name | string | The attribute code name |
| attribute:display_number | string | The unique identifier of the Vendor to which this user belongs. |
| attribute:required | 0 or 1 | If the attribute is required. |
Public site setting fields
These fields apply to the public_site_setting_added and public_site_setting_changed events.
| Field | Value | Explanation |
|---|---|---|
| exit_survey:representative | 1 or 0 | 1: Enable the representative survey for this public site. 0: Disable the representative survey for this public site. |
| public_site:customer_notice:display | 1 or 0 | 1: Enable display of customer notice for this public site. 0: Disable display of customer notice for this public site. |
| public_site:front_end_survey | disabled api public_site | Whether the front-end survey is disabled, enabled for use by the API, or enabled for use on the public site and by the API. |
| public_site:front_end_survey:click_to_chat | 1 or 0 | 1: Sessions started via front-end survey will begin with web-based chat. 0: Sessions started via front-end survey will begin with the full customer client download. |
| public_site:front_end_survey:company_code | 1 or 0 | 1: Show a company code field on the front-end survey for this public site. 0: Do not show the company code field for this public site. |
| public_site:front_end_survey:help | 1 or 0 | 1: Show a help option for the front-end survey on this public site. 0: Do not show help for the front-end survey on this public site. |
| public_site:front_end_survey:options | issues reps | Whether to display a list of issues or a list of representatives on the front-end survey for this public site. An issue list places customers in a team queue; a representative lists places customers in the selected representative’s personal queue. |
| public_site:id | string | The unique identifier of the public site to which this settings is applied. |
| public_site:name | string | The name of the public site to which this setting is applied. |
| public_site:presentation_list | 1 or 0 | 1: The presentation is enabled for use on the public site. 0: The presentation list is disabled. |
| public_site:presentation_list:help | 1 or 0 | 1: Show a help option for the presentation list on this public site. 0: Do not show help for the presentation list on this public site. |
| public_site:rep_list | disabled api public_site | Whether the representative list is disabled, enabled for use by the API, or enabled for use on the public site and by the API. |
| public_site:rep_list:click_to_chat | 1 or 0 | 1: Sessions started via representative list will begin with web-based chat. 0: Sessions started via representative list will begin with the full customer client download. |
| public_site:rep_list:help | 1 or 0 | 1: Show a help option for the representative list on this public site. 0: Do not show help for the representative list on this public site. |
| public_site:session_keys | disabled api public_site | Whether session key submission is disabled, enabled for use by the API, or enabled for use on the public site and by the API. |
| public_site:session_keys:click_to_chat | 1 or 0 | 1: Sessions started via session keys will begin with web-based chat. 0: Sessions started via session keys will begin with the full customer client download. |
| public_site:session_keys:confirm_prompt | 1 or 0 | 1: Sessions started via session keys will prompt before downloading the customer client or presentation attendee client. 0: Sessions started via session keys will not prompt before downloading the customer client or presentation attendee client. |
| public_site:session_keys:help | 1 or 0 | 1: Show a help option for session key submission on this public site. 0: Do not show help for session key submission on this public site. |
| rep:history:enabled | 1 or 0 | 1: Enable Team chat history. 0: Team chat history is disabled. |
| rep:history:hours | integer from 1 to 24 | Hours (1 to 24) of Team chat history to replay. |
| support:abandoned | 1 or 0 | 1: Display an orphaned session message if no one is available to take a support session initiated from this public site. 0: Do not display an orphaned session message if no representatives are available for this public site. |
| support:abandoned:url | string | Redirect an orphaned session initiated from this public site to this URL. If blank, no redirect will occur. |
| support:agreement:timeout | integer | The number of seconds to wait for a response to the customer agreement before defaulting to deny. |
| support:allow_elevate_at_install | always never without_prompting | Always attempt to elevate the customer client on Windows® platforms, never attempt to elevate, or attempt to elevate only if doing so will not prompt the customer. |
| support:app_sharing | 1 or 0 | 1: Allow customers to choose which applications to share at any point of a screen sharing session initiated from this public site. 0: Do not allow customers to choose which applications to share unless specifically requested by the representative. |
| support:chat:send_file | 1 or 0 | 1: Allow the customer to offer files using the chat interface. 0: Do not allow the customer to offer files using the chat interface. |
| support:display_customer_notice | 1 or 0 | 1: Enable display of customer notice for this public site. 0: Disable display of customer notice for this public site. |
| support:full_client:agreement | 1 or 0 | 1: Show a customer agreement message before full client support sessions initiated from this public site. 0: Do not display a customer agreement before full client support sessions for this public site. |
| support:greeting | 1 or 0 | 1: Display a customer greeting message before support sessions initiated from this public site. 0: Do not display a customer greeting for this public site. |
| support:initial_interface_mode | chat mini | Start the customer client in chat mode or in mini mode. |
| support:invite📧from_address | string | The email address from which server-side invitation emails are sent. |
| support:ios:config_page_enabled | 1 or 0 | 1: The iOS configuration profiles page is enabled. 0: The iOS configuration profiles page is disabled. |
| support:jump_client:minimize_ui | 1 or 0 | 1: Start Jump Client minimized. 0: Do not start Jump Client minimized. |
| support:landing_page:chat:download | 1 or 0 | 1: Allow customers to view and download chat transcripts at the end of support sessions from this public site. 0: Do not allow customers to view chat transcripts on this public site. |
| support:landing_page:custom_url | string | The URL to which to direct the customer at the end of the session if post-session customer redirect is enabled. |
| support:landing_page:exit_survey | 0, 1, or 2 | 0: Disable the customer exit survey for this public site. 1: Enable the BeyondTrust customer exit survey for this public site. 2: Redirect the customer to the URL specified for this public site. |
| support:landing_page:recordings:download | 1 or 0 | 1: Allow customers to view and download session recordings at the end of support sessions from this public site. 0: Do not allow customers to view recordings on this public site. |
| support:minimize_ui | 1 or 0 | 1: Start customer client minimized for attended sessions. 0: Do not start customer client minimized for attended sessions. |
| support:on_hold | 1 or 0 | 1: Display a hold message before support sessions initiated from this public site. 0: Do not display a hold message for this public site. |
| support:on_hold:interval | integer | The number of seconds to wait between each time the hold message is sent from this public site. |
| support:prompt_mode | links pop-ups | Whether customer client prompts should be shown as links or as pop-ups. |
| support:prompts:session_recording | 1 or 0 | 1: Display a prompt to allow or deny session recording before full client support sessions initiated from this public site. 0: Do not display a prompt to allow or deny session recording. |
| support:reconnect_interval | integer | The number of seconds a customer client should attempt to reconnect if the connection is lost from this public site. |
| support:recordings:command_shell | always never use_site_wide_setting | Always record Flash videos of command shell sessions, never record command shell sessions, or follow the site-wide setting. |
| support:recordings:screen_sharing | always never use_site_wide_setting | Always record Flash videos of screen sharing sessions, never record screen sharing sessions, or follow the site-wide setting. |
| support:rep_presence_indicator | 1 or 0 | 1: Show an on-screen indicator when a representative is in session with the customer (Windows® only). 0: Do not show an on-screen indicator. |
| support:show_hostname_in_window_title | 1 or 0 | 1: Show the public site hostname in the customer client window title. 0: Do not show the hostname in the window title. |
| support:system_info:auto_log | disable enable use_site_wide_setting | For sessions run through this public site, disable automatic logging of session information, enable automatic logging, or use the site-wide setting. |
| support:termination_behavior:rep_override | 1 or 0 | 1: Enable reps to override the administratively set session termination setting from the representative console. 0: Disable allowing reps to override the administratively set session termination setting from the representative console. |
| support:termination_behavior:restrict_access | 1 or 0 | 1: Enable the restriction of your customer's access to their system in the event of a session disruption. 0: Disable the restriction of your customer's access to their system in the event of a session disruption. |
| support:wait_time | integer | The maximum estimated wait time to display in the customer greeting or on-hold message. |
| support:web_client:agreement | 1 or 0 | 1: Show a customer agreement message before click-to-chat sessions initiated from this public site. 0: Do not display a customer agreement before click-to-chat sessions for this public site. |
| support:windows:prompts : secure_attention_sequence_override | 1 or 0 | 1: When supporting Windows Vista or later, the Secure Attention Sequence injection policy can be attempted to be overridden. 0: The Secure Attention Sequence injection policy should not be attempted to be overridden. |
| support:system_info:auto_log | always never use_site_wide_setting | Always log the remote computer's system information at the beginning of session, never log system information, or follow the site-wide setting. |
Public site team fields
These fields apply to public_site_team_added and public_site_team_removed events.
| Field | Value | Explanation |
|---|---|---|
| public_site:id | string | The unique identifier of the public site to which this team’s issues are assigned. |
| public_site:name | string | The name of the public site to which this team’s issues are assigned. |
| team:id | string | The unique identifier of this support team or 0 for all teams. |
| team:name | string | The name of this support team or All Teams. |
Public site template asset fields
These fields apply to the public_site_template_asset_uploaded and public_site_template_asset_reverted events.
Fields marked with an asterisk apply only to public_site_template_asset_uploaded events.
| Field | Value | Explanation |
|---|---|---|
| asset:id | string | The unique identifier of this asset. |
| template:id | string | The unique identifier of the HTML template to which this asset applies. |
| size* | integer | The size in bytes of the asset being uploaded. |
Public template fields
These fields apply to the public_template_deleted and public_template_written events.
| Field | Value | Explanation |
|---|---|---|
| id | string | The unique identifier of this HTML template. |
| name | string | The name of this HTML template. |
Remote RFB Jump Item fields
These fields apply to the remote_rfb_jump_item_added and remote_rfb_jump_item_removed events.
| Field | Value | Explanation |
|---|---|---|
| id | string | The unique identifier of the Remote Rfb Jump Item to which this user is being added or removed. |
| computer_name | string | The hostname or computer name for the Remote RFB Jump Item. |
| jump_group_id | string | The unique identifier of the Jump Group. |
| name | string | The name for the Remote RFB Jump Item. |
| push_agent_id | string | The unique identifier of the push agent id. |
| jump_policy_id | string | The unique identifier of the Jump Policy ID. |
| tag | string | The tag for the Remote RFB Jump Item. |
| comments | string | The comments for the Remote RFB Jump Item. |
| port | string | The port for the Remote RFB Jump Item. |
Rep console connection fields
These fields apply to the rep_client_connection_terminated event.
| Field | Value | Explanation |
|---|---|---|
| display_name | string | The display name of the representative whose connection to the representative console has been terminated. |
| username | string | The username of the representative whose connection to the representative console has been terminated. |
Rep console setting fields
These fields apply to the rep_console_setting_added, rep_console_setting_changed, and rep_console_setting_removed events.
| Field | Value | Explanation |
|---|---|---|
rep_console_setting:alerts:chat_audible:enabled | 1 or 0 | 1: Play a sound when a chat message is received. 0: Do not play a sound when a chat message is received. |
rep_console_setting:alerts:chat_audible:forced | 1 or 0 | 1: The associated setting is forced. 0: The associated setting is not forced. |
rep_console_setting:alerts:chat_visual:enabled | 1 or 0 | 1: Flash the application icon when a chat message is received. 0: Do not flash the application icon when a chat message is received. |
rep_console_setting:alerts:chat_visual:forced | 1 or 0 | 1: The associated setting is forced. 0: The associated setting is not forced. |
rep_console_setting:alerts:idle_session_audible:enabled | 1 or 0 | 1: Play a sound when a session is overdue in a team queue. 0: Do not play a sound when a session is overdue in a team queue. |
rep_console_setting:alerts:idle_session_audible:forced | 1 or 0 | 1: The associated setting is forced. 0: The associated setting is not forced. |
rep_console_setting:alerts:idle_session_visual:enabled | 1 or 0 | 1: Flash the application icon when a session is overdue in a team queue. 0: Do not flash the application icon when a session is overdue in a team queue. |
rep_console_setting:alerts:idle_session_visual:forced | 1 or 0 | 1: The associated setting is forced. 0: The associated setting is not forced. |
rep_console_setting:alerts:queue_audible:enabled | 1 or 0 | 1: Play a sound when a session enters any queue. 0: Do not play a sound when a session enters any queue. |
rep_console_setting:alerts:queue_audible:forced | 1 or 0 | 1: The associated setting is forced. 0: The associated setting is not forced. |
rep_console_setting:alerts:queue_visual:enabled | 1 or 0 | 1: Flash the application icon when a session enters any queue. 0: Do not flash the application icon when a session enters any queue. |
rep_console_setting:alerts:queue_visual:forced | 1 or 0 | 1: The associated setting is forced. 0: The associated setting is not forced. |
rep_console_setting:alerts:session_assignment:enabled | 1 or 0 | 1: Play a sound when a session is assigned. 0: Do not play a sound when a session is assigned. |
rep_console_setting:alerts:session_assignment:forced | 1 or 0 | 1: The associated setting is forced. 0: The associated setting is not forced. |
rep_console_setting:alerts:session_expiring_sound | sound system_beep | Play a sound or a system beep when a session assignment is about to expire. |
rep_console_setting:alerts:session_expiring_sound:forced | 1 or 0 | 1: The associated setting is forced. 0: The associated setting is not forced. |
rep_console_setting:alerts:session_prompt:enabled | 1 or 0 | 1: Prompt when a new session enters the personal queue. 0: Do not prompt when a new session enters the personal queue. |
rep_console_setting:alerts:session_prompt:forced | 1 or 0 | 1: The associated setting is forced. 0: The associated setting is not forced. |
rep_console_setting:automatic:local_jumps_elevate:enabled | 1 or 0 | 1: Automatically elevate local network Jump attempts. 0: Do not automatically elevate local network Jump attempts. |
rep_console_setting:automatic:local_jumps_elevate:forced | 1 or 0 | 1: The associated setting is forced. 0: The associated setting is not forced. |
rep_console_setting:automatic:prompt_to_elevate:enabled | 1 or 0 | 1: Prompt to elevate if customer's secure desktop is enabled. 0: Do not prompt to elevate if customer's secure desktop is enabled. |
rep_console_setting:automatic:prompt_to_elevate:forced | 1 or 0 | 1: The associated setting is forced. 0: The associated setting is not forced. |
rep_console_setting:automatic:screen_sharing:enabled | 1 or 0 | 1: Automatically request screen sharing. 0: Do not automatically request screen sharing. |
rep_console_setting:automatic:screen_sharing:forced | 1 or 0 | 1: The associated setting is forced. 0: The associated setting is not forced. |
rep_console_setting:automatic:session_window_detach:enabled | 1 or 0 | 1: Automatically detach new session tabs into separate windows. 0: Do not automatically detach new session tabs into separate windows. |
rep_console_setting:automatic:session_window_detach:forced | 1 or 0 | 1: The associated setting is forced. 0: The associated setting is not forced. |
rep_console_setting:chat_show_support_session_pop-up_notifications:enabled | 1 or 0 | 1: Display a pop-up notification when a session chat is received. 0: Do not display pop-up notifications for session chat. |
rep_console_setting:chat_show_support_session_pop-up_notifications:forced | 1 or 0 | 1: The associated setting is forced. 0: The associated setting is not forced. |
rep_console_setting:chat_show_team_pop-up_notifications:enabled | 1 or 0 | 1: Display a pop-up notification when a team chat is received. 0: Do not display pop-up notifications for team chat. |
rep_console_setting:chat_show_team_pop-up_notifications:forced | 1 or 0 | 1: The associated setting is forced. 0: The associated setting is not forced. |
rep_console_setting:chat_show_team_status_messages:enabled | 1 or 0 | 1: Show status messages in team chat windows. 0: Do not show status messages in team chat windows. |
rep_console_setting:chat_show_team_status_messages:forced | 1 or 0 | 1: The associated setting is forced. 0: The associated setting is not forced. |
rep_console_setting:command_history_length | integer | The number of lines of available command history. |
rep_console_setting:command_history_length:forced | 1 or 0 | 1: The associated setting is forced. 0: The associated setting is not forced. |
rep_console_setting:enable_dockable_widgets:enabled | 1 or 0 | 1: The session sidebar can be configured. 0: The session sidebar cannot be configured. |
rep_console_setting:enable_dockable_widgets:forced | 1 or 0 | 1: The associated setting is forced. 0: The associated setting is not forced. |
rep_console_setting:pop-up:personal_queue_new_session:enabled | 1 or 0 | 1: Display a pop-up notification when a new session enters the personal queue. 0: Do not display a pop-up notification when a new session enters the personal queue. |
rep_console_setting:pop-up:personal_queue_new_session:forced | 1 or 0 | 1: The associated setting is forced. 0: The associated setting is not forced. |
rep_console_setting:pop-up:personal_queue_shared_session:enabled | 1 or 0 | 1: Display a pop-up notification when a session is shared in the personal queue. 0: Do not display a pop-up notification when a session is shared in the personal queue. |
rep_console_setting:pop-up:personal_queue_shared_session:forced | 1 or 0 | 1: The associated setting is forced. 0: The associated setting is not forced. |
rep_console_setting:pop-up:personal_queue_transferred_session:enabled | 1 or 0 | 1: Display a pop-up notification when a session is transferred to the personal queue. 0: Do not display a pop-up notification when a session is transferred to the personal queue. |
rep_console_setting:pop-up:personal_queue_transferred_session:forced | 1 or 0 | 1: The associated setting is forced. 0: The associated setting is not forced. |
rep_console_setting:pop-up:session_duration:enabled | integer | The number of seconds that pop-up notifications should appear. |
rep_console_setting:pop-up:session_duration:forced | 1 or 0 | 1: The associated setting is forced. 0: The associated setting is not forced. |
rep_console_setting:pop-up:session_location | bottom_left bottom_right top_left top_right | The location where pop-up notifications should appear. |
rep_console_setting:pop-up:session_location:forced | 1 or 0 | 1: The associated setting is forced. 0: The associated setting is not forced. |
rep_console_setting:pop-up:team_queue_idle_session:enabled | 1 or 0 | 1: Display a pop-up notification when a session is overdue in a team queue. 0: Do not display a pop-up notification when a session is overdue in a team queue. |
rep_console_setting:pop-up:team_queue_idle_session:forced | 1 or 0 | 1: The associated setting is forced. 0: The associated setting is not forced. |
rep_console_setting:pop-up:team_queue_new_session:enabled | 1 or 0 | 1: Display a pop-up notification when a new session enters a team queue. 0: Do not display a pop-up notification when a new session enters a team queue. |
rep_console_setting:pop-up:team_queue_new_session:forced | 1 or 0 | 1: The associated setting is forced. 0: The associated setting is not forced. |
rep_console_setting:pop-up:team_queue_shared_session:enabled | 1 or 0 | 1: Display a pop-up notification when a session is shared in a team queue. 0: Do not display a pop-up notification when a session is shared in a team queue. |
rep_console_setting:pop-up:team_queue_shared_session:forced | 1 or 0 | 1: The associated setting is forced. 0: The associated setting is not forced. |
rep_console_setting:pop-up:team_queue_transferred_session:enabled | 1 or 0 | 1: Display a pop-up notification when a session is transferred to a team queue. 0: Do not display a pop-up notfication when a session is transferred to a team queue. |
rep_console_setting:pop-up:team_queue_transferred_session:forced | 1 or 0 | 1: The associated setting is forced. 0: The associated setting is not forced. |
rep_console_setting:quick_start:callback_buttons:enabled | 1 or 0 | 1: Show a quick start button for Support Buttons. 0: Do not show a quick start button for Support Buttons. |
rep_console_setting:quick_start:callback_buttons:forced | 1 or 0 | 1: The associated setting is forced. 0: The associated setting is not forced. |
rep_console_setting:quick_start:jump_to:enabled | 1 or 0 | 1: Show a quick start button for Jump To access. 0: Do not show a quick start button for Jump To access |
rep_console_setting:quick_start:jump_to:forced | 1 or 0 | 1: The associated setting is forced. 0: The associated setting is not forced. |
rep_console_setting:quick_start:presentation:enabled | 1 or 0 | 1: Show a quick start button for presentations. 0: Do not show a quick start button for presentations. |
rep_console_setting:quick_start:presentation:forced | 1 or 0 | 1: The associated setting is forced. 0: The associated setting is not forced. |
rep_console_setting:quick_start:rdp:enabled | 1 or 0 | 1: Show a quick start button for RDP access. 0: Do not show a quick start button for RDP access. |
rep_console_setting:quick_start:rdp:forced | 1 or 0 | 1: The associated setting is forced. 0: The associated setting is not forced. |
rep_console_setting:quick_start:session_key:enabled | 1 or 0 | 1: Show a quick start button for session key generation. 0: Do not show a quick start button for session key generation. |
rep_console_setting:quick_start:session_key:forced | 1 or 0 | 1: The associated setting is forced. 0: The associated setting is not forced. |
rep_console_setting:quick_start:shell_jump:enabled | 1 or 0 | 1: Show a quick start button for Shell Jump. 0: Do not show a quick start button for Shell Jump. |
rep_console_setting:quick_start:shell_jump:forced | 1 or 0 | 1: The associated setting is forced. 0: The associated setting is not forced. |
rep_console_setting:quick_start:start_session:enabled | 1 or 0 | 1: Show a quick start button for session start options. 0: Do not show a quick start button for session start options. |
rep_console_setting:quick_start:start_session:forced | 1 or 0 | 1: The associated setting is forced. 0: The associated setting is not forced. |
rep_console_setting:quick_start:vpro:enabled | 1 or 0 | 1: Show a quick start button for vPro access. 0: Do not show a quick start button for vPro access. |
rep_console_setting:quick_start:vpro:forced | 1 or 0 | 1: The associated setting is forced. 0: The associated setting is not forced. |
rep_console_setting:screen_sharing_fullscreen:enabled | 1 or 0 | 1: Automatically enter full screen mode when screen sharing starts. 0: Do not automatically enter full screen mode when screen sharing starts. |
rep_console_setting:screen_sharing_fullscreen:forced | 1 or 0 | 1: The associated setting is forced. 0: The associated setting is not forced. |
rep_console_setting:screen_sharing_quality | low performance_color performance_quality quality performance lossless | low: Black and white performance_color: Few colors performance_quality: More colors quality: Full color performance: Best performance lossless: Lossless |
rep_console_setting:screen_sharing_quality:forced | 1 or 0 | 1: The associated setting is forced. 0: The associated setting is not forced. |
rep_console_setting:screen_sharing_scaling | scaled actual | Whether screen sharing starts with the remote screen scaled to fit or at actual size. |
rep_console_setting:screen_sharing_scaling:forced | 1 or 0 | 1: The associated setting is forced. 0: The associated setting is not forced. |
rep_console_setting:screen_sharing_sidebar_collapse:enabled | 1 or 0 | 1: Automatically collapse the sidebar when full screen mode is used. 0: Do not automatically collapse the sidebar when full screen mode is used. |
rep_console_setting:screen_sharing_sidebar_collapse:forced | 1 or 0 | 1: The associated setting is forced. 0: The associated setting is not forced. |
rep_console_setting:session_assignment_on_login:enabled | 1 or 0 | 1: Automatic session assignment is disabled on login. 0: Automatic session assignment is not disabled on login. |
rep_console_setting:session_assignment_on_login:forced | 1 or 0 | 1: The associated setting is forced. 0: The associated setting is not forced. |
rep_console_setting:show_my_screen_minimize:enabled | 1 or 0 | 1: Automatically minimize the window when showing your screen. 0: Do not automatically minimize the window when showing your screen. |
rep_console_setting:show_my_screen_minimize:forced | 1 or 0 | 1: The associated setting is forced. 0: The associated setting is not forced. |
rep_console_setting:spell_checking:enabled | 1 or 0 | 1: Spell checking is turned on. 0: Spell checking is not turned on. |
rep_console_setting:spell_checking:forced | 1 or 0 | 1: The associated setting is forced. 0: The associated setting is not forced. |
Rep invite fields
These fields apply to the rep_invite_added and rep_invite_removed events.
| Field | Value | Explanation |
|---|---|---|
| comments | string | The description associated with the session policy used for this rep invite. |
| name | string | The name of the session policy used for this rep invite. |
Rep invite setting fields
These fields apply to the repinvite_setting_added and repinvite_setting_removed events.
| Field | Value | Explanation |
|---|---|---|
| permissions:admin | 0 | A rep invite user will never be an administrator. |
| permissions:show_on_public_site | 0 | A rep invite user will never be listed in the representative list of the public site. |
| permissions:support:session_policy:attended | string | The name of the session policy used for attended sessions for this rep invite user. This will always be the same as the unattended session policy. |
| permissions:support:session_policy:unattended | string | The name of the session policy used for unattended sessions for this rep invite user. This will always be the same as the attended session policy. |
| permissions:support | full_support | A rep invite user will always be allowed to offer full remote support. |
| repinvite:id | string | The unique identifier of the rep invite session policy to which this setting applies. |
| repinvite:name | string | The name of the rep invite session policy to which this setting applies. |
Report fields
These fields apply to the license_usage_report_generated, presentation_session_report_generated, presentation_session_detail_generated, sdcust_exit_survey_report_generated, sdrep_exit_survey_report_generated, support_session_report_generated, support_session_detail_generated, support_session_summary_report_generated, and team_activity_report_generated events.
| Field | Value | Explanation |
|---|---|---|
| api | 1 or 0 | 1: The report query was made via the API. 0: The report query was not made via the API. |
| company_name | string | The company name filter used in the query, if specified. |
| computer_name | string | The computer name filter used in the query, if specified. |
| customer_name | string | The customer name filter used in the query, if specified. |
| end_time | date | The readable date and time of the last date to be included in the report, if date filters were specified. |
| end_timestamp | Unix timestamp | The exact timestamp of the last date to be included in the report, if date filters were specified. |
| external_key | string | The external key filter used in the query, if specified. |
| group_by | rep team site OR hour day month | For Support Summary reports, the category by which to group results. OR For License Usage reports, the time period by which to group results. |
| lseq | integer | The session sequence number used to query for a detailed session report, if specified. |
| lsid | string | The unique session identifier used to query for a detailed session report, if specified. |
| lsids | comma-separated strings | A comma-separated list of unique session identifiers used to query for multiple detailed session reports, if specified. |
| members_of_team_id | string | The unique identifier of the team used to filter the query to include only sessions that involved reps who are members of the specified team. |
| members_of_team_name | string | The name of the team specified by members_of_team_id. |
| only_completed | 1 or 0 | 1: The report contains only completed sessions. 0: The report contains both completed and uncompleted sessions. |
| primary_rep | 1 or 0 | 1: The representatives specified by rep_id or members_of_team_id must be the primary representatives in the sessions returned. 0: The representatives specified by rep_id or members_of_team_id can be any participating representative in the sessions returned. |
| primary_team | 1 or 0 | 1: The team specified by team_id must be the primary team in the sessions returned. 0: The team specified by team_id can be any team that had the returned sessions transferred to it. |
| private_ip | string | The private IP address filter used in the query, if specified. |
| public_ip | string | The public IP address filter used in the query, if specified. |
| rep_id | string | The representative filter value, if specified. The value is either a unique representative identifier, the string any, or the string none. |
| rep_name | string | The display name of the representative specified by rep_id, when applicable. |
| row_count | integer | The maximum number of rows to display at one time. |
| row_start | integer | The first row shown on this page of the report. |
| session_count | integer | The number of support session detail reports returned in search results. This will be 0 or 1 for web requests and 0 or more for API requests. |
| site_id | string | The unique identifier of the public site by which to filter results. |
| site_name | string | The name of the public site specified by site_id. |
| start_time | date | The readable date and time of the first date to be included in the report, if any date filters were used. |
| start_timestamp | Unix timestamp | The exact timestamp of the first date to be included in the report, if any date filters were used. |
| team_id | string | The team filter value, if specified. The value is either a unique team identifier, the string all, or the string none. |
| team_name | string | The name of the team specified by team_id, when applicable. |
Reporting erasure fields
These fields apply to the reporting_erasure event.
| Field | Value | Explanation |
|---|---|---|
| request_date | Unix timestamp | The timestamp presented in reports for the anonymization action. |
| subject | user customer | An identifier of what type of person was anonymized, either a representative or a customer. |
| user_name | string | The original private display name or username of the anonymized user. |
| user_id | string | The user ID of the anonymized user. |
| support_sessions_affected | integer | The number of support session affected by the anonymization action. |
| support_sessions_replace | string | A comma-separated list of replacement terms used. |
| presentation_sessions_affected | integer | The number of presentation sessions affected by the anonymization action. |
| presentation_session_replace | string | A comma-separated list of replacement terms used. |
| team_activity_affected | integer | The number of teams affected by the anonymization action. |
| team_activity_replace | string | A comma-separated list of replacement terms used. |
Scheduled discovery job fields
These fields apply to the scheduled_discovery_job_added and scheduled_discovery_job_changed events.
| Field | Value | Explanation |
|---|---|---|
| domain:id | number | The unique identifier of the domain. |
| enabled | 1 or 0 | The scheduled discovery job is either enabled or disabled. |
| endpoint_search_path | string | The LDAP search path to discovery endpoints. |
| endpoint_search_ldap_filter | string | The LDAP filter to discovery endpoints. |
| id | number | The unique identifier of the scheduled job. |
| include_domain_accounts | 1 or 0 | The discovery must include domain accounts. |
| include_endpoints | 1 or 0 | The discovery must include endpoints. |
| include_local_accounts | 1 or 0 | The discovery must include local accounts. |
| include_services | 1 or 0 | The discovery must include Windows services. |
| frequency | number | The days when discovery will run. |
| start_time | time | Hours and minutes when the discovery will run. |
| template | string | Internal use only. |
| push_agent_id | number | The unique identifier of the Jumpoint. |
| domain_distinguished_name | string | The distinguished name of the domain. |
| username | string | The user for the discovery. |
| credential_id | number | The unique identifier of the scheduled job. |
| domain_unique_id | string | The unique identifier of the domain. |
| domain_dns_name | string | The domain DNS name. |
| user_unique_id | string | The user unique ID. |
| user_distinguished_name | string | The distinguished name of the user. |
| management_account_domain | string | The parent domain account. |
| user_search_ldap_filter | string | The LDAP filter to discovery users. |
| user_search_path | string | The LDAP search path to discovery users. |
Security provider fields
These fields apply to the security_provider_added, security_provider_changed, and security_provider_removed events.
| Field | Value | Explanation |
|---|---|---|
| enabled | 1 or 0 | 1: The security provider is enabled. 0: The security provider is disabled. |
| id | string | The unique identifier of the security provider to which this setting applies. |
| name | string | The name of the security provider to which this setting applies. |
| priority | integer | The priority of this security provider configuration, in the order in which authentication should be attempted, starting from 1. Two providers may share the same priority but only if one of these providers is a user provider and the other is a group provider. |
| provider_type | local cluster kerberos ldap radius saml | The type of service this provider configuration is set to access. |
| service_type | users groups | The type of authentication or authorization information this provider supplies. |
Security provider setting fields
These fields apply to the security_provider_setting_added, security_provider_setting_changed, and security_provider_setting_removed events.
| Field | Value | Explanation |
|---|---|---|
| cluster:mode | failover random | The mode in which this cluster is set to operate. |
| cluster:retry:delay | integer | The number of seconds to wait after a cluster member becomes unavailable before trying that cluster member again. |
| default_group_policy:id | string | The unique identifier of the default group policy to apply to users who authenticate against this security provider. |
| default_group_policy:name | string | The name of the default group policy to apply to users who authenticate against this security provider. |
| kerberos:spns:list | string | The list of SPNs by which this provider is identified if the Kerberos SPN handling mode is set to list. |
| kerberos:spns:mode | all list | The way SPNs are matched to this provider. All handles any SPN recognized by the keytab, while list handles only the specified list of SPNs. |
| kerberos:strip_realm | 1 or 0 | 1: The REALM portion will be stripped from the User Principal Name when constructing the username and (optionally) the display name. 0: The REALM portion will not be stripped from the User Principal Name. |
| kerberos:users:mode | all list regex | The way users are matched to this provider. All handles any valid authentication attempt, list handles only the specified list of users, and regex handles only users who match the specified regular expression. |
| kerberos:users:regex | string | The Perl-compatible regular expression that user principals must match to be considered part of this provider if the Kerberos user handling mode is set to regex. |
| ldap:agent | 1 or 0 | 1: A connection agent is being used to enable communication. 0: The LDAP server and the B Series Appliance communicate directly. |
| ldap:agent:password | *** | The readable date and time of the first date to be included in the report. |
| ldap:binding:anonymous | 1 or 0 | 1: Anonymous binding is being used. 0: A bind username and password are required. |
| ldap:binding:password | *** | The password used for binding. |
| ldap:binding:username | string | The username used for binding. |
| ldap:cache | 1 or 0 | 1: LDAP object cache is enabled. 0: LDAP object cache is disabled. |
| ldap:cert | <data> blank | Indicates that a certificate has been uploaded or changed. Only the value <data> will be displayed. |
| ldap:display_name | string | The set of LDAP attributes used to populate group display names. |
| ldap:display_query | string | The LDAP query used to determine which users and groups to display when browsing via group policies. |
| ldap:encryption | none ssl starttls | The type of security encryption to use. None indicates non-encrypted LDAP, ssl indicates LDAPS, and starttls indicates LDAP with TLS. |
| ldap:groups:objects | string | The LDAP objectClasses that are considered valid groups. |
| ldap:groups:recursive | 1 or 0 | 1: Perform recursive group lookup, searching for group members of groups until no results are returned. 0: Execute only one group lookup query. |
| ldap:groups:search_base | string | The distinguishedName at which to start searching for groups. |
| ldap:groups:unique_id | string | The set of LDAP attributes used to uniquely identify groups in the LDAP server. |
| ldap:groups:user_to_group_relationship | string | The mapping of LDAP attributes used to determine a user’s group memberships. |
| ldap:host | string | The hostname of the LDAP server. |
| ldap:port | string | The port through which to connect to the LDAP server. |
| ldap:private_display_name | string | The set of LDAP attributes used to populate users' private display names. |
| ldap:public_display_name | string | The set of LDAP attributes used to populate users' public display names. |
| ldap:user_display_query | string | The LDAP query used to define which results are displayed when adding users to a group policy. |
| ldap:users:objects | string | The LDAP objectClasses that are considered valid users. |
| ldap:users:query | string | The LDAP query used to map a particular username to an LDAP user object. |
| ldap:users:search_base | string | The distinguishedName at which to start searching for users. |
| ldap:users:user_id | string | The set of LDAP attributes used to uniquely identify users in the LDAP server. |
| provider:id | string | The unique identifier of the provider to which this setting applies. |
| provider:name | string | The name of the provider to which this setting applies. |
| radius:host | string | The hostname of the RADIUS server. |
| radius:port | string | The port through which to connect to the RADIUS server. |
| radius:shared_secret | *** | The shared secret to use in connecting to the RADIUS server. |
| radius:timeout | integer | The number of seconds allowed to elapse before the RADIUS server has timed out. |
| radius:users:mode | all list | The way users are matched to this provider. All handles any valid authentication attempt, and list handles only the specified list of users. |
| saml:associated_domains | string | Associated SAML email domains. |
| saml:email | string | The user attribute to use as the email address. |
| saml:groups:list | delimited string | The list of groups associated with the identity provider. The delimiter is set in the user interface. |
| saml:groups:lookup | string | The name of the attribute that contains the names of groups to which users should belong. |
| saml:idp:cert | string | The identity provider's certificate. When you first create a SAML security provider, this value will be metadata. Once you have uploaded the identity provider's metadata, the value will appear in the form of provider_cert.<provider_id>.server_cert.cert. |
| saml:idp:entity_id | string | The unique identifier for the identity provider you are using. |
| saml:idp:login_url | string | The URL where you are automatically redirected to sign into BeyondTrust using SAML. |
| saml:idp:request_bind | string | Either urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect or urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST. |
| saml:name_id_format | string | Will always be urn:oasis:names:tc:SAML:2.0:nameid-format:persistent. |
| saml:private_display_name | string | The user attribute to use as the private display name. |
| saml:public_display_name | string | The user attribute to use as the public display name. |
| saml:sp:entity_id | string | The URL of your public site. This uniquely identifies the service provider. |
| saml:user_name | string | The user attribute to use as the username. |
| users:list | string | The list of users allowed to authenticate against this provider to access your BeyondTrust software. |
| sync_display_name | 1 or 0 | 1: Every time a user logs in, their display name should be synchronized with the available remove information. 0: A user’s display name should be synchronized with the available remote information only the first time the user logs in. |
| vendor:duration | integer | The frequency with which notifications will be sent to the RS User. The unit is in hours, with a minimum of 1 hour and a maximum of 168 hours (1 week). |
| vendor:duration_enabled | 1 or 0 | 1: An email is sent to the RS User if there are users in the "Users Awaiting Action" table. 0:No emails are sent if there are users in the "Users Awaiting Action" table. |
| vendor:last_notified | string | The last date and time a "Users Awaiting Action" email was sent to the RS User. |
Service principal fields
These fields apply to the msgraph_http_recipient_added, msgraph_http_recipient_changed, and msgraph_http_recipient_removed. events.
| Field | Value | Explanation |
|---|---|---|
| client_id | string | The client ID of this service principal. |
| disabled | 1 or 0 | 1: Enable team chat history. 0: Disable team chat history. |
| current_status | string | The last status of this service principal. |
| domain_name | string | The domain name of this service principal. |
| name | string | Internal descriptive name to easily identify the service principal. |
| tenant_id | string | The tenant ID of this service principal. |
Session policy fields
These fields apply to the session_policy_added, session_policy_changed, and session_policy_removed events. Session policy events also include the Support permissions and prompting fields.
| Field | Value | Explanation |
|---|---|---|
| automatic_privacy_screen | 0 or 1 | 1:The privacy screen will be displayed. 0: The privacy screen will not be displayed. |
| code_name | string | The code name of this session policy. |
| description | string | The description of this session policy. |
| id | string | The unique identifier of this session policy. |
| name | string | The name of this session policy. |
Setting fields
These fields apply to the setting_added and setting_changed events.
| Field | Value | Explanation |
|---|---|---|
alert_interval | integer | The number of seconds between sending the last alert and sending another failure notification email, as long as failover synchronization has not yet occurred. |
alerts:daily | 1 or 0 | 1: Send a daily email notification to verify that communication is working correctly. 0: No daily communications will be sent. |
alerts:email | string | The list of email addresses to which to send email alerts. |
api | 1 or 0 | 1: The API is enabled. 0: The API is disabled. |
api:http | 1 or 0 | 1: The API is enabled over HTTP. 0: The API is enabled only over HTTPS. |
api:real_time_state | 1 or 0 | 1: The real-time state API is enabled. 0: The real-time state API is disabled. |
api:reporting_archives | 1 or 0 | 1: The state archive API is enabled. 0: The state archive API is disabled. |
app-switcher:connector-list | string | The App Switcher connector list. |
auto | 1 or 0 | 1: If the primary B Series Appliance goes down, automatic failover will occur. 0: If the primary B Series Appliance goes down, automatic failover will not occur. |
backup_enabled | 1 or 0 | 1: Automatic data synchronization between a primary and a backup B Series Appliance is enabled. 0: Automatic data synchronization is disabled. |
bandwidth | integer | The maximum number of bytes per second that should be used for data synchronization between a primary and a backup B Series Appliance. |
become_backup | none | Given when the failover role is changed to backup by a user. |
become_primary | none | Given when the failover role is changed to primary by a user. |
connection_test_ips | comma-delimited list | The list of IP addresses for the backup B Series Appliance to use to test network connectivity before failing over. |
email:auth_type | none oauth userpass | The type of authentication used by the SMTP server. |
email:encryption | none ssl tls | The type of encryption used for the SMTP email server. |
email:host | string | The SMTP server through which to send emails. |
email:oauth_provider_id | string | The OAuth provider ID. Only used with OAuth authentication. |
email:password | *** | Indicates if the password has changed. The actual string is never supplied. |
email:port | integer | The SMTP server port through which to connect. |
email:user | string | The username used to authenticate with the SMTP server. |
external_key:crm_url | string | The URL configured to use in conjunction with the custom link button in the representative console. |
fedramp:behavior_rules_accepted | 1 or 0 | 1: An admin has accepted the FedRAMP behavior agreement. 0: The FedRAMP behavior agreement has not been accepted. |
file_store:listing | 1 or 0 | 1: Show the file store at the /file directory. 0: Do not allow web access to the file store. |
invitations:client_side_email | 1 or 0 | 1: Client-side emails are enabled for sending support and presentation invitations. 0: Client-side emails are not enabled. |
ips | comma-delimited list | IP addresses shared between the primary B Series Appliance and the backup B Series Appliance. |
license:invited_rep_license_pool_id | string | The unique identifier of the license pool to use for invited representatives. |
license:invited_rep_license_pool_type | invitee pool_id | Whether to use the same license pool as the inviting representative for the invited rep or to use a specified license pool. |
licenses:alerts:login_denied | 1 or 0 | 1: Send an email notification whenever a representative is unable to log in to the representative console due to insufficient licenses, insufficient reserved slots, or license pool restrictions. 0: Do not send login denied alerts. |
licenses:chat:warnings:threshold | string | The number or percentage of chat licenses that must be in use for a notification email to be sent. |
licenses:full:warnings:threshold | string | The number or percentage of full support licenses that must be in use for a notification email to be sent. |
licenses:warnings | 1 or 0 | 1: Send an email notification if concurrent license usage reaches a certain threshold level. 0: Do not send license threshold emails. |
licenses:warnings:email | string | The list of email addresses to which to send license threshold emails. |
licenses:warnings:interval | integer | The number of hours between the last alert and sending another license threshold email. |
licenses:warnings:threshold | string | The number or percentage of licenses concurrently in use that should trigger a license threshold alert to be sent. |
localization:chat_translator_profile_name | string | The chat translator profile name. |
localization:chat_translator_status | string | The status of the chat translator. |
localization:chat_translator_languages | string | The chat translator languages. |
localization:default_language | string | The default language for the site. |
localization:real_time_chat_translation_provider | string | A selected realtime chat transcription provider. |
localization:aws_api_key | string | The AWS realtime translation API key. |
localization:aws_api_secret | strubg | The AWS realtime translation API secret. |
log_full_run_as_command | 1 or 0 | 1: The full run as command will be logged. 0: Do not log the full run as command. |
login_restrictions:list | string | A list of IPs which should be allowed or denied access to the /login and /api interfaces. This may also be combined with representative console login restrictions. |
login_restrictions:list_type | allow_all allow_list deny_list | Whether to allow all IP addresses, to allow only specified IP addresses, or to deny specified IP addresses access to the /login and /api interfaces of the B Series Appliance. This may also be combined with representative console login restrictions. |
login_restrictions:rep | always first_authentication never | Whether log in to the representative console is restricted to allowed networks every time, only the first time, or never. |
login_restrictions:web | always none | Whether access to /login, /api, and the representative console is restricted or not. This is combined with the other login restriction messages above. |
login_restrictions:web:ports:allow | string | A list of ports that are allowed to access the /login interface. |
login_restrictions:web:ports:deny | string | A list of ports that are not allowed to access the /login interface. |
networks:list | string | A list of IP addresses which should be allowed or denied. |
networks:type | allow_all allow_list deny_list | Whether to allow all IP addresses, to allow only specified IP addresses, or to deny specified IP addresses access to the /appliance administrative interface of the B Series Appliance. |
outbound_event:email_retry_duration | integer | The number of seconds between each email retry attempt. |
p2p | 1 or 0 | 1: Peer-to-peer connections are enabled. 0: Peer-to-peer connections are disabled. |
p2p_stunserver_address | stun.bt3ng.com undefined | If the BeyondTrust hosted peer-to-peer server is used, the value is stun.bt3ng.com. If the B Series Appliance is used, the value is undefined. |
p2p_ui_state | 0, 1, or 2 | 0: Peer-to-peer is disabled. 1: The BeyondTrust hosted peer-to-peer server is being used. 2: The B Series Appliance is being used as the peer-to-peer server. |
ports:http | comma-delimited list | A list of ports that will respond to HTTP traffic. |
ports:https | comma-delimited list | A list of ports that will respond to HTTPS traffic. |
ports:management:allowed | comma-delimited list | A list of ports that are allowed to access the /appliance interface. |
ports:management:denied | comma-delimited list | A list of ports that are not allowed to access the /appliance interface. |
ports:management:http | integer | The port to use when generating a URL that should be viewed over HTTP. |
ports:management:https | integer | The port to use when generating a URL that should be viewed over HTTPS. |
pre_login_agreement:enabled | 1 or 0 | 1: The /login prerequisite login agreement has been enabled. 0: The /login prerequisite login agreement has been disabled. |
presentation:show_hostname_in_window_title | 1 or 0 | 1: Show the public site hostname in the presentation attendee window title. 0: Do not show the hostname in the window title. |
presentations:abandoned | 1 or 0 | 1: Display an orphaned presentation message if no one is available to give the presentation. 0: Do not display an orphaned presentation message if the presenter is unavailable. |
presentations:agreement | 1 or 0 | 1: Display an attendee agreement message before presentations. 0: Do not display an attendee agreement. |
presentations:greeting | 1 or 0 | 1: Display an attendee greeting before presentations. 0: Do not display an attendee greeting. |
presentations:max_absent_time | integer | The maximum number of seconds a presentation can remain open without a presenter, whether the presenter never joined the presentation or joined and then left the presentation. |
presentations:recordings:screen_sharing | 1 or 0 | 1: Record a video of presentations. 0: Do not record presentations. |
presentations:recordings:screen_sharing:resolution | 320x240 640x480 800x600 1024x768 1280x1024 | The resolution to which to convert presentation recordings when viewing or downloading. |
probe:max_timeout | integer | The number of seconds between the first failure to reach the primary B Series Appliance and fail over to the backup B Series Appliance. |
public_site:force_ssl | 1 or 0 | 1: Redirect all visitors to HTTPS. 0: Allow both HTTP and HTTPS traffic. |
relationship_broken | array of semicolon-separated values | Generated when failover relationship is broken. Values:
|
relationship_established | array of semicolon-separated values | Generated when failover is established. Values:
|
rep:allow_rep_cli | 1 or 0 | 1: The rep console will allow use of the CLI tool. 0: Do not allow use of the CLI tool. |
rep:custom_link | string | The URL that will appear as a button in the representative console during a support session. |
rep:dashboard:monitor | disabled enabled:only_rep_console enabled:entire_screen | Whether team managers and leads are disallowed to monitor team members, are allowed to view team members' representative consoles only, or are allowed to view team members' entire desktops. |
rep:dashboard:monitor_indicator | 1 or 0 | 1: A monitoring indicator will appear on the representative's screen when a team lead or team manager is monitoring the representative. 0: No indicator will appear to the representative when a team lead or team manager is monitoring the representative. |
rep:dashboard:transfer | 1 or 0 | 1: Allow team managers and team leads to take over and transfer team members’ sessions. 0: Do not allow transferring of team members’ sessions. |
rep:email_controls | 1 or 0 | 1: Allow representatives to send email invitations from the representative console. 0: Do not allow representatives to send email invitations from the representative console. |
rep:history:enabled | 1 or 0 | 1: Enable team chat history. 0: Disable team chat history. |
rep:history:hours | integer from 1 to 24 | Hours of team chat history to replay. |
rep:mobile | 1 or 0 | 1: Mobile representative consoles are allowed to connect. 0: Mobile representative consoles are not allowed to connect. |
rep:private_queue_exit_check | 1 or 0 | 1: A representative cannot log out or quit the representative console until their personal queue is empty. 0: A representative can log out or quit the representative console with sessions still in their personal queue. |
rep:routing:alert:session_info | 1 or 0 | 1: Show session information on the session assignment alert dialog. 0: Do not show session information on the session assignment alert. |
rep:saved_logins | 1 or 0 | 1: Allow representatives to have the representative console remember their credentials. 0: Do not allow the representative console to remember representatives’ credentials. |
rep_console_settings_applied | integer | An incrementing number indicating when managed representative console settings have been applied to all representatives. |
reporting:history_limit | integer | The number of days to keep logging information, expressed as seconds. |
security:default_auth_mechanism | fido2 gssapi password saml | The default selection for the authentication dropdown in the rep console. |
service.syslog.remote.format | syslog bsd bsd_no_ts tls | syslog: The syslog data format is RFC 5424 compliant. bsd: The syslog data format is legacy BSD format. bsd_no_ts: The syslog data format is legacy BSD format without timestamp. tls: The syslog data format is Syslog over TLS (RFC 5425). |
session_keys:timeout | integer | The default number of seconds a generated session key is valid. After that it will expire. |
session_keys:timeout:maximum | integer | The maximum number of seconds a generated session key can remain valid. |
sms:gateway_url | string | A URL from your ISP or third-party gateway provider giving representatives the option to send session keys via SMS text messages. |
slac:password | string | The password for inter-appliance communication. Appliances that wish to communicate with each other must have the same password. |
ssl:certificate_verify | 1 or 0 | 1: Validate the SSL certificate chain for security. 0: Do not validate the SSL certificate chain. |
support:clipboard_sync_mode | disabled manual:rep_to_cust manual:both_directions auto:both_directions | disabled: The representative cannot synchronize the clipboards with the customer’s clipboard during a support session. manual:rep_to_cust: The representative can send the clipboard manually to the customer’s clipboard during a support session. manual:both_directions: The representative can send the clipboard to the customer’s clipboard during a support session, and the customer can send their clipboard to the representative manually. auto:both_directions: The clipboard is sent automatically from the representative to the customer, and from the customer to the representative. |
support:fallback:jump_clients | 1 or 0 | If a representative drops a Jump session and no other representatives are in the session: <madcap:conditionaltext>1: Attempt to transfer the session to the queue from which it was last transferred, then to the queue in which it originally arrived, and then a backup queue; only then terminate the session .</madcap:conditionaltext>0: Terminate the session immediately. |
support:fallback:normal | 1 or 0 | If a representative drops a normal session and no other representatives are in the session: <madcap:conditionaltext>1: Attempt to transfer the session to the queue from which it was last transferred, then to the queue in which it originally arrived, and then a backup queue; only then terminate the session. </madcap:conditionaltext>0: Terminate the session immediately. |
support:inactive_rep:timeout | integer | The number of seconds with no session activity before a representative is removed from a specific session. |
support:invitations:server_side_email | 1 or 0 | 1: Client-side emails are enabled for sending support and presentation invitations. 0: Client-side emails are not enabled. |
support:jump:minimize_ui | 1 or 0 | 1: The customer client starts minimized for attended sessions. 0: The customer client does not start minimized for attended sessions. |
support:jump_client:active_interval | integer | The number of seconds to wait between each Jump Client statistics update. |
support:jump_client:allow_wake_on_lan | 1 or 0 | 1: Representatives can attempt to wake up a Jump Client. 0: Representatives cannot attempt to wake up Jump Clients. |
support:jump_client:concurrent_upgrades | integer | The maximum number of Jump Clients whose statistics can be updated simultaneously. |
support:jump_client:removal_behavior | uninstalled removed | Whether a locally deleted Jump Client is marked as uninstalled in the representative console or is removed from the list. |
support:jump_client:restrict_uninstall | 1 or 0 | 1: An installed Jump Client can be uninstalled only by an administrator on the remote computer. 0: An installed Jump Client can be uninstalled by any user from the Jump Client context menu. |
support:jump_client:simultaneous_rep_access | 1 or 0 | 1: Multiple representatives can access the same Jump Client simultaneously without having to be invited into an existing session. 0: Multiple representatives cannot access the same Jump Client simultaneously unless invited by another representative into an existing session. |
support:jump_client:stats | comma-delimited list | The statistics to collect from each Jump Client. Currently recognized statistics include pss_os (operating system), pss_ut (uptime), pss_cpu (central processing unit usage), pss_cu (console user), pss_fd (disk usage), and pss_tn (screen thumbnail image). |
support:jump_client:stats:active_interval | integer | The number of seconds to wait between active Jump Client statistics updates. |
support:jumpoint:browse | 1 or 0 | 1: A representative can browse the remote network through a Jumpoint to find the computer they need to access. 0: A representative must enter an IP address or hostname to Jump to a remote computer through a Jumpoint. |
support:reboot:cache_credentials | 1 or 0 | 1: Representatives are allowed to reboot the remote system using credentials cached by the customer. 0: Representatives are not allowed to reboot the remote system using cached credentials. |
support:recordings:command_shell | 1 or 0 | 1: Record a video of command shells. 0: Do not record command shells. |
support:recordings:command_shell:resolution | 320x240 640x480 800x600 1024x768 1280x1024 | The resolution selected to convert command shell recordings when viewing or downloading them. |
support:recordings:screen_sharing | 1 or 0 | 1: Record a video of screen sharing during support sessions. 0: Do not record support sessions. |
support:recordings:screen_sharing:resolution | 320x240 640x480 800x600 1024x768 1280x1024 | The resolution to which to convert support session recordings when viewing or downloading. |
support:recordings:show_my_screen | 1 or 0 | 1: Record a video of Show My Screen sessions. 0: Do not record Show My Screen sessions. |
support:recordings:show_my_screen:resolution | 320x240 640x480 800x600 1024x768 1280x1024 | The resolution to which to convert Show My Screen recordings when viewing or downloading. |
support:screen_sharing:customer_client_control | 1 or 0 | 1:Enable the restriction of customer client control by the rep while screen sharing. 0: Disable the restriction of customer client control by the rep while screen sharing. |
support:screen_sharing:detect_faulty_video_driver | 1 or 0 | 1: Allow BeyondTrust client to temporarily disable hardware acceleration during Windows screen sharing if a faulty video driver is detected. 0: Do not allow BeyondTrust client to disable hardware acceleration or detect faulty video driver. |
support:screen_sharing:multi-display_thumbnail | 1 or 0 | 1: Enable thumbnail images for multiple remote displays. 0: Disable thumbnail images for multiple remote displays. |
support:screen_sharing:remote_screenshot | 1 or 0 | 1: From the representative console, representatives are allowed to take a screenshot of the remote screen. 0: Representatives are not allowed to take a screenshot of the remote screen. |
support:special_actions:builtins | 1 or 0 | 1: Show the built-in special actions in support sessions. 0: Hide the built-in special actions in support sessions. |
support:streamlined_session_start | 1 or 0 | 1: Streamlined session start is enabled. 0: Streamlined session start is disabled. |
support:system_info:auto_log | 1 or 0 | 1: Automatically log the remote computer’s system information at the beginning of a session. 0: Do not log system information. |
support:system_info:auto_log:mobile | Standard Full | Standard: Provide standard logging for mobile platforms. Full: Provide extended logging for mobile platforms. This option is the Extended dropdown option in the user interface. |
sync_interval | minutehourday week | minute=Every x minutes hour=Every x hours day=Every day at x time week=Once a week at x day and y time. |
sync_interval:days | integer from 1 to 7 | If sync_interval = week, it denotes the day of the week on which the auto data sync will occur. 1 = Sunday, 7 = Saturday. |
sync_interval:hours | integer from 1 to 24 | If sync_interval = week or day, then this value tells the hour of the day that the data sync will run. If sync_interval = hour, then it tells how many hours will be between every data sync (Every x hours). |
sync_interval:minutes | integer from 1 to 60 | If sync_interval = week or day, then this value tells the minute of the hour that the data sync will run. If sync_interval = minute, then it tells how many minutes will be between every data sync (Every x minutes). |
syslog | string | The address of the remote syslog server to which to send messages. |
system.auth.local.failed-login-lockout-duration | integer | The number of minutes an /appliance account is locked out after the maximum number of failed logins is exceeded. If 0, the account is locked out until an administrator unlocks the account. |
system.auth.local.failed-login-lockout-threshold | integer | The number of failed login attempts after which the /appliance user will be locked out of their account. If 0, the user will never be locked out. |
system.auth.local.password-expire-duration | integer | The number of days after which an /appliance user's password expires. If 0, the password never expires. |
system.auth.local.password-history-count | integer | The number of prior passwords that an /appliance user cannot use when changing their password. If 0, there is no restriction. |
system.pre-login-agreement.enabled | 1 or blank | 1: The /appliance prerequisite login agreement has been enabled. |
system.pre-login-agreement.text | string | The text of the login agreement that user must accept before accessing the /appliance administrative interface. |
system.pre-login-agreement.title | string | The title of the login agreement that user must accept before accessing the /appliance administrative interface. |
timezone | string | The time zone in which this B Series Appliance renders system times. |
users:idle_timeout | integer | The maximum number of seconds a representative console can be idle before that representative will be logged out. |
users:max_failed_logins | integer | The number of failed login attempts after which the account will be locked out. |
users:passwordless_fido2_auth:enabled | 1 or 0 | 1: Users can authenticate with FIDO2 instead of a password. 2: FIDO2 authentication is disabled and cannot be used. |
users:passwords:complex | 1 or 0 | 1: Require complex passwords. 0: Do not require complex passwords. |
users:passwords:default_expiration | integer | The default number of days a password can be used before it expires and must be reset. |
users:passwords:minimum_length | integer | The minimum number of characters required for a password. |
users:passwords:reset | 1 or 0 | 1: Users can reset forgotten passwords by correctly answering a security question. 0: Users cannot reset forgotten passwords. |
users:terminate_if_user_logged_in | 1 or 0 | If a representative attempts to log in to the representative console using an account that is already in use in another representative console: 1: Terminate the existing connection so that the new user can log in. 0: Maintain the existing connection and do not allow the new user to log in. |
Skills fields
These fields apply to the skill_added, skill_changed, and skill_removed events.
| Field | Value | Explanation |
|---|---|---|
| code_name | string | The code name of this skill. |
| display_name | string | The display name of this skill. |
| id | string | The unique identifier of this skill. |
| parent_id | string | The unique identifier of this skill's parent skill. |
| priority | string | The priority ranking of this skill. |
SNMP fields
These fields apply to the SNMP_changed event.
| Field | Value | Explanation |
|---|---|---|
| snmpv2 enabled | 1 or 0 | 1: The B Series Appliance has SNMP_v2 Server enabled. 0: The B Series Appliance has SNMP_v2 Server disabled. |
| snmp_v2_syslocation | string | The location of this B Series Appliance for the SNMP MIB. |
| snmp_v2_rocommunity | string | The community name the SNMPv2 Server should respond to. |
| snmp_v2_netACL | string | The list of IP addresses allowed to access SNMP on this B Series Appliance. |
SSH account fields
These fields apply to the ssh_account_added, ssh_account_changed, and ssh_account_removed events.
| Field | Value | Explanation |
|---|---|---|
| key_size | string | The key size. |
| key_hash | string | The key hash. |
| key_format | string | The key format. |
| key_comment | string | The key comment. |
| public_key | string | The public key. |
| public_cert_public_key | string | The public certificate public key. |
| public_cert_signing_ca | string | The public certificate signing ca. |
| public_cert_valid_from | string | The public certificate initial date. |
| public_cert_valid_to | string | The public certificate expiration date. |
Support Button profile fields
These fields apply to the support_button_profile_added, support_button_profile_changed, and support_button_profile_removed events.
| Field | Value | Explanation |
|---|---|---|
| desktop_shortcut | 1 or 0 | 1: The Support Button Profile will be deployed to the desktop as an Icon with a shortcut. 0: The Support Button Profile will not be deployed to the desktop as an Icon with a shortcut. |
| direct_access | 1 or 0 | 1: The customer can use the Support Button to start a session, in the queue where the Button is displayed. 0: The customer cannot use the Support Button to start a session, in the queue where the Button is deployed. |
| id | string | The unique identifier of the Support Button Profile. |
| menu_shortcut | 1 or 0 | 1: The Support Button Profile will be deployed to the customer’s system as a program available to select in the programs menu. 0: The Support Button Profile will not be deployed to the customer’s system as a program available to select in the programs menu. |
| name | string | The name of the Support Button Profile. |
| short_title | string | The short title of the Support Button Profile. |
| title | string | The title of the Support Button Profile. |
Support Button profile icon fields
These fields apply to the support_button_profile_icon_uploaded event.
| Field | Value | Explanation |
|---|---|---|
| id | string | The unique identifier of the Support Button Profile to which this icon is being added. |
| size | integer | The size in bytes of the Support Button icon. |
Support issues fields
These fields apply to the support_issue_added, support_issue_changed, and support_issue_removed events.
| Field | Value | Explanation |
|---|---|---|
| code_name | string | The code name of this issue. |
| id | string | The unique identifier of this issue. |
| issue_desc | string | The description of the issue as displayed to the customer on the front-end survey. |
| priority | string | The priority of this issue. |
| shareable | 1 or 0 | 1: Representatives are allowed to request help for this support issue. 0: Representatives are not allowed to request help for this support issue. |
| team:id | string | The unique identifier of the team to which this issue is assigned. |
| team:name | string | The name of the team to which this issue is assigned. |
Support issue skill fields
These fields apply to the support_issue_skill_added and support_issue_skill_removed events.
| Field | Value | Explanation |
|---|---|---|
| issue:desc | string | The description of the issue as displayed to the customer on the front-end survey. |
| issue:id | string | The unique identifier of this issue. |
| skill:id | string | The unique identifier of the skill assigned to this issue. |
| skill:name | string | The name of the skill assigned to this issue. |
Support permissions and prompting fields
These fields apply to session policy and custom session policy events.
| Field | Value | Explanation |
|---|---|---|
support:permissions:allow_pinned_clients | yes no | Whether this session policy may be applied to Jump Clients or not. |
support:permissions:allow_rep_invite | yes no | Whether this session policy may be applied to rep invites or not. |
support:permissions:allow_users | yes no | Whether this session policy may be applied to users or not. |
support:permissions:canned_scripts | allow deny not_defined | Whether this policy's permission to run canned scripts is allowed, denied, or not defined. |
support:permissions:chat | allow deny not_defined | Whether this policy's chat permissions is allowed, denied, or not defined. |
support:permissions:chat:push_url | allow deny not_defined | Whether this policy's permission to push URLs to the customer's web browser is allowed, denied, or not defined. |
support:permissions:chat:send_file | allow deny not_defined | Whether this policy's permission to send files through the chat interface is allowed, denied, or not defined. |
support:permissions:command_shell | allow deny not_defined | Whether this policy's permission to use the command shell is allowed, denied, or not defined. |
support:permissions:deploy_callback_button | allow deny not_defined | Whether this policy's permission to deploy Support Buttons is allowed, denied, or not defined. |
support:permissions:elevation | allow deny not_defined | Whether this policy's permission to elevate the customer client is allowed, denied, or not defined. |
support:permissions:file_transfers:cust | any_path list of paths not_defined | Whether the user is allowed to access any path on the remote computer's file system for the purpose of file transfer, only specified paths, or not defined. |
support:permissions:file_transfers:download | allow deny not_defined | Whether this policy's permission to download files using file transfer is allowed, denied, or not defined. |
support:permissions:file_transfers:rep | any_path list of paths not_defined | Whether the user is allowed to access any path on their local file system for the purpose of file transfer, only specified paths, or not defined. |
support:permissions:file_transfers:upload | allow deny not_defined | Whether this policy's permission to upload files using file transfer is allowed, denied, or not defined. |
support:permissions:registry_access | allow deny not_defined | Whether this policy's permission to access the remote registry editor is allowed, denied, or not defined. |
support:permissions:request_pin_unpin | allow deny not_defined | Whether this policy's permission to pin and unpin Jump Clients is allowed, denied, or not defined. |
support:permissions:screen_sharing | view_and_control view_only not_allowed not_defined | Whether this policy's permission to screen share allows view and control, allows view only, is denied, or is not defined. |
support:permissions:screen_sharing:annotations | allow deny not_defined | Whether this policy's permission to use annotations is allowed, denied, or not defined. |
support:permissions:screen_sharing:application_sharing | always optional never not_defined | Whether this policy's application sharing prompt behavior is set to always prompt, choose to prompt, never prompt, or not defined. |
support:permissions:screen_sharing:privacy_mode | input_only privacy_screen,input none not_defined | Whether this policy's allowed customer restrictions are set to mouse and keyboard only; display, mouse, and keyboard; none; or not defined. |
support:permissions:screen_sharing:show_screen | allow deny not_defined | Whether this policy's show my screen permission is set to allowed, denied, or not defined. |
support:permissions:system_info | allow deny not_defined | Whether this policy's system information permission is set to allowed, denied, or not defined. |
support:permissions:system_info:actions | allow deny not_defined | Whether this policy's system information actions permission is set to allowed, denied, or not defined. |
support:prompting:command_shell | always never not_defined | When starting command shell, whether this policy always prompts, never prompts, or is not defined. |
support:prompting:default | allow deny not_defined | When prompting for a permission, the default response if no response is given is allow, deny, or not defined. |
support:prompting:deploy_callback_button | always never not_defined | When deploying a Support Button, whether this policy always prompts, never prompts, or is not defined. |
support:prompting:elevate | always never not_defined | When elevating the customer client, whether this policy always prompts, never prompts, or is not defined. |
support:prompting:file_transfer | always never not_defined | When starting file transfer, whether this policy always prompts, never prompts, or is not defined. |
support:prompting:registry | always never not_defined | When starting the remote registry editor, whether this policy always prompts, never prompts, or is not defined. |
support:prompting:request_pin_unpin | always never not_defined | When pinning or unpinning a Jump Client, whether this policy always prompts, never prompts, or is not defined. |
support:prompting:screen_sharing | always never not_defined | When starting screen sharing, whether this policy always prompts, never prompts, or is not defined. |
support:prompting:screen_sharing:full_access | always never not_defined | When starting screen sharing, whether this policy prompts once for full access to all permissions in this session, never prompts once, or is not defined. |
support:prompting:system_info | always never not_defined | When starting system information, whether this policy always prompts, never prompts, or is not defined. |
support:prompting:timeout | integer not_defined | The number of seconds to wait for a response to a prompt before performing the default action of allow or deny, or not defined. |
Support team fields
These fields apply to the support_team_added, support_team_changed, and support_team_removed events.
| Field | Value | Explanation |
|---|---|---|
| code_name | string | The code name of this support team. |
| comments | string | Any comments associated with this support team. |
| id | string | The unique identifier of the support team. |
| is_persistent | 1 or 0 | 1: This queue is persistent; sessions will stay in this team's queue even if no team members are logged in. 0: This queue is not persistent. |
| name | string | The name of the support team. |
| routing:alert:timeout | integer | The number of seconds to wait for a representative to accept an assigned session before reassigning it to the next available representative. |
| routing:algorithm | none least_busy skills+least_busy | The method to use for automatic session assignment. |
| routing:overdue:action | none mark transfer | The action to take if a session remains in this queue for longer than the designated time. |
| routing:overdue:destination | string | The name of the team to which to transfer an overdue session in this queue. |
| routing:overdue:timeout | integer | The number of seconds to wait for a session in this queue to be accepted before it is marked as overdue or transferred to an overflow queue. |
Support team issue fields
These fields apply to the support_team_issue_added and support_team_issue_removed events.
| Field | Value | Explanation |
|---|---|---|
| id | string | The unique identifier of this issue. |
| issue | string | The description of the issue as displayed to the customer on the front-end survey. |
| team:id | string | The unique identifier of the team to which this issue is assigned. |
| team:name | string | The name of the team to which this issue is assigned. |
Support team Jump access fields
These fields apply to the support_team_jump_access_added and support_team_jump_access_removed events.
| Field | Value | Explanation |
|---|---|---|
| team:id | string | The unique identifier of the team to whose Jump Clients access is being granted. |
| team:name | string | The name of the team to whose Jump Clients access is being granted. |
| team_with_access:id | string | The unique identifier of the team which is being granted access to these Jump Clients. |
| team_with_access:name | string | The name of the team which is being granted access to these Jump Clients. |
Support team member fields
These fields apply to the support_team_member_added, support_team_member_changed, and support_team_member_removed events.
| Field | Value | Explanation |
|---|---|---|
| role | member lead manager | The role this user plays in the team. |
| team:id | string | The unique identifier of the team to which this user belongs. |
| team:name | string | The name of the team to which this user belongs. |
| user:id | string | The unique identifier of the user being added to or removed from this team. |
| user:username | string | The name of the user being added to or removed from this team. |
Syslog server fields
These fields apply to the syslog_server_changed event.
| Field | Value | Explanation |
|---|---|---|
| message_format | RFC 5424 compliant Legacy BSD format Legacy BSD format without timestamp Syslog over TLS (RFC 5425) | The data format for syslog event notification messages. |
| syslog_servers | comma-delimited list | A list of IP addresses that receive syslog messages from this B Series Appliance. |
/login user fields
These fields apply to the user_added, user_changed, and user_removed events. User events also include the Permission fields. These fields apply to users added to the /login interface.
| Field | Value | Explanation |
|---|---|---|
| account:created | Unix timestamp | The date and time this user account was created. |
| account:disabled | 1 or 0 | 1: This local user account is disabled. 0: This local user account is active. |
| account:email:address | string | The email address set for notifications. |
| account:email:locale | string | Values are the language abbreviations (e.g. en-us for English) used with emails. |
| account:expiration | Unix timestamp or never | The date and time this local user account will expire, if ever. |
| account:failed_logins | integer | The number of consecutive failed attempts to log in to this local account. |
| comments | string | Any comments associated with this user. |
| display_number | integer | The display number of this user. |
| external_id | string | An internal representation of a remote user’s identifying information, such as an LDAP attribute, RADIUS username, or Kerberos principal name. |
| id | string | The unique identifier for this user. |
| idle_timeout | integer or site_wide_setting | The maximum number of seconds this representative can be idle within the representative console before being logged out. The site_wide_setting option defaults to the timeout set on the Management > Security page. If no timeout, uses none. |
| license_pool:id | string | The unique identifier of the license pool to which this user belongs. |
| license_pool:name | string | The name of the license pool to which this user belongs. |
| login_code:enabled | 1 or 0 | 1: The user must enter an emailed login code to log in. 0: The user may log in without an emailed login code. |
| login_schedule:enabled | 1 or 0 | 1: The user is disallowed to log in to the representative console outside of the set schedule. 0: The user may log in to the representative console at any time. |
| login_schedule:force_logout | 1 or 0 | 1: The user is automatically logged out of the representative console at the end of the scheduled time. 0: The user is not forced to log out of the representative console at the end of the scheduled time. |
| login_schedule:timezone | string | The timezone for which the representative login schedule is set. |
| password | *** | Indicates if the local user’s password has been changed by an administrator. |
| password:expiration | Unix timestamp | The date and time the local user’s password will expire, if ever. |
| password:reset | 1 or 0 | 1: The local user must create a new password upon next login. 0: The password need not be changed. |
| password:will_expire | 1 or 0 | 1: The local user’s password is set to expire on a certain date. 0: The local user’s password has no expiration set. |
| private_display_name | string | The private display name of this user. |
| provider:id | string | The unique identifier of the security provider against which this user last authenticated, or 1 for a local user. |
| provider:name | string | The name of the security provider against which this user last authenticated. |
| public_display_name | string | The public display name of this user. |
| security_answer | *** | Indicates if the local user’s security answer was changed by an administrator. |
| security_question | string | The security question the local user can answer to reset their password. |
| username | string | The username the user last used to authenticate to BeyondTrust. Not necessarily unique. |
/appliance user fields
These fields apply to the user_added, user_changed, and user_removed events. These fields apply to users added to the /appliance interface.
| Field | Value | Explanation |
|---|---|---|
| displayname | string | The display name of this user. |
| failed_login_attempts | integer | The number of consecutive failed attempts to log in to this account. |
| lockout_release | date or 0 | The readable date and time that an administrator reset the number of failed login attempts back to zero. 0 indicates that the number of failed login attempts has not just been reset. |
| password | *** | Indicates if the user's password has been changed. |
| password_changed_date | date | The readable date and time that the password was last changed. |
| password_force_reset | 1 or 0 | 1: The user must create a new password upon next login. 0: The password need not be changed. |
| username | string | The username the user last used to authenticate to the BeyondTrust /appliance interface. Not necessarily unique. |
User account report generated fields
These fields apply to the user_account_report_generated event.
| Field | Value | Explanation |
|---|---|---|
| report_type | all local security_provider | Whether the downloaded report was for all users, only local users, or only a security provider. |
User session policy fields
These fields apply to the user_session_policy_added and user_session_policy_removed events.
| Field | Value | Explanation |
|---|---|---|
| session_policy:name | string | The name of the session policy associated with this user. |
| session_policy:purpose | attended unattended | Whether this session policy is applied to attended sessions or unattended sessions. |
| user:id | string | The unique identifier of the user with whom the session policy is associated. |
| user:username | string | The username of the user with whom the session policy is associated. |
User skill fields
These fields apply to the user_skill_added and user_skill_removed events.
| Field | Value | Explanation |
|---|---|---|
| skill:id | string | The unique identifier of this skill. |
| skill:name | string | The name of this skill. |
| user:id | string | The unique identifier of the user to whom this skill is assigned. |
| user:username | string | The username of the user to whom this skill is assigned. |
Vault account password rotation fields
These fields apply to the vault_account_password_rotation event.
| Field | Value | Explanation |
|---|---|---|
| reason | string | The reason for the rotation. |
| status | success failure | Whether the rotation attempt succeeded or failed. |
| account | string | The account username rotated. |
Updated 18 days ago