Audit Event Dictionary
This data dictionary will define the events found on the Control Center Audit page.
Event Name | Description |
Activation Completed | A user completed an activation attempt and the appId state is now “active”. |
Activation Revoked | Indicates a user logged out of the Control Center or deactivated a plugin. |
Activation Started | A user began an activation attempt - e.g. logged into the Secure Reader or activated in their Virtru plugin. An appId is created as part of this process with the initial state of “pending”. |
Admin Change | An admin was added, removed, or updated for this unit OR the permissions for users within this group were changed. |
API Token Created | A Virtru API token was created for this organization. Only Virtru employees can create API tokens and it is a manual process. Currently there is no way to update an API token for security reasons, so there are only “create” events for this object type. |
Content Admin Added | Indicates a user was given permissions to view email and file meta data. (VIEW SECURE METADATA in the permissions modal) |
Content Admin Removed | Opposite of Content Admin Added |
DLP Rule Created | A Security Rule (formerly DLP) was created or modified in the Control Center. The reason a “create” event could also represent a rule being modified is because every version of a rule exists as its own object in the Virtru database so when a rule is modified, a new rule object is created to replace it while the old object is deprecated. The ruleId attribute is what connects them together. |
DLP Rule Updated | A Security Rule was modified or deleted. As stated above, both “create” and “update” events are emitted every time a rule is modified. The only time both events aren’t created is when a rule is deleted (“update” but no “create” -- the rule is set to deprecated with nothing to take its place). |
eDiscovery Admin Added |
Indicate a user was given permissions to decrypt any content even if they are not the intended recipient (DECRYPT SECURE CONTENT in the permissions modal).
|
eDiscovery Admin Removed | Opposite of eDiscovery Admin Added |
Encrypted Key Generated | An encrypted search key is generated from the Control Center. This occurs when an admin enables encrypted search. |
Encrypted Key Revoked | An encrypted search key is revoked. This occurs when an admin disables encrypted search. |
Invitation Accepted | An invitation was accepted by the recipient or revoked by the sender. |
Invitation Revoked | Indicates the license for a non activated user was removed. |
Invitation Sent | An invitation was sent to a user to join the Virtru organization. This is only used for ad-hoc orgs (not synced with Google or Active Directory). |
Organization Created | The genesis of the organization. This might not be in scope for a lot of customers and is probably not even useful. |
Organization Updated | The organization was updated. This usually happens as part of a domain sync in which users, groups, and organizational units are refreshed, but all that will be surfaced here is the delegationEmail and timestamp of the sync. |
OU/Group Created | A new organizational unit or group was created. This will only happen as part of a domain synchronization -- as of now, Virtru users cannot manually created units and this information is completely dependent on the organization’s G Suite or Active Directory structure. |
OU/Group Updated | Indicates an OU/GROUP was updated, usually during a domain sync. |
Policy Accessed | A policy (email or file) was accessed. This is fired any time a recipient decrypts an email or file. Unlike other event types, this doesn’t represent an actual stored object, it’s purely created to represent a single event in time and thus has no update event. |
Policy Admin Added | Indicates a user was given permissions to manage Security Rules ("MANAGE DLP RULES" in the permissions modal). |
Policy Admin Removed | Opposite of Policy Admin Added |
Policy Modified | This could be many things: An encrypted email or file was revoked, expired, or modified; an encrypted draft was sent; an email was forwarded. |
Rule Created | Indicates a Security Rule was created in the Control Center. |
Rule Deleted | Indicates a Security Rule was deleted in the Control Center. |
Rule Overridden | Indicates a Security Rule was triggered but ignored in one of the virtru clients. |
Rule Triggered | Indicates a Security Rule was triggered in one of the virtru clients. |
Rule Updated | Indicates a Security Rule was updated in the Control Center. |
Secure Email Access Denied | Indicates access to a secure email was denied. |
Secure Email Accessed | Indicates a secure email was accessed. |
Secure Email Drafted | Indicates a secure draft was created in one of the virtru clients. |
Secure Email Expiration Disabled |
Indicates a previously set "Expiration Date" security settings on a secure email was removed. |
Secure Email Expiration Set |
Indicates the "Expiration Date" security setting was enabled for a secure email after the email was sent. |
Secure Email Forward | Indicates a secure email was forwarded |
Secure Email Forwarding Disabled |
Indicates the "Disable Forwarding" security setting was enabled for a secure email after the email was sent. |
Secure Email Forwarding Enabled |
Indicates a previously set "Disable Forwarding" security settings on a secure email was removed. |
Secure Email One Click Disabled |
Indicates a previously set "One Click" security setting on a secure email was removed. |
Secure Email One Click Enabled |
Indicates the "One Click" security setting was enabled for a secure email after the email was sent. |
Secure Email Reauthorized | Indicates a previously revoked email has been re-enabled. |
Secure Email Revoke | Indicates a secure email was revoked. |
Secure Email Sent | An encrypted email or file was created and sent, or an encrypted draft was created. |
Secure Email Watermark Disabled |
Indicates a previously set "Watermarking" security setting on a secure email was removed. |
Secure Email Watermark Enabled |
Indicates the "Watermarking" security setting was enabled for a secure email after the email was sent. |
Secure File Access Denied | Indicates an unsuccessful attempt to access a file. |
Secure File Accessed |
Indicates secure file was accessed. This can occur when a secure email/draft with an attachment is opened, or when a secure file in drive is opened.
|
Secure File Attached | Indicates secure file was attached to an email. |
Secure File Decrypted | Indicates a secure file was decrypted. |
Secure File Decrypted (Copy) | Indicates a decrypted copy of a file was created. |
Secure File Downloaded | Indicates a decrypted copy of a file was downloaded. |
Secure File Encrypted | Indicates an unencrypted file was encrypted. |
Secure File Encrypted (Copy) | Indicates an encrypted copy of a file was created. |
Secure File Expiration Disabled | Indicates expiration disabled on a secure file. |
Secure File Expiration Enabled | Indicates expiration enabled on a secure file. |
Secure File Re-sharing Disabled | Indicates file re-sharing disabled. |
Secure File Re-sharing Enabled | Indicates file re-sharing enabled. |
Secure File Reauthorize | Indicates a previously revoked file was reauthorized. |
Secure File Revoke | Indicates a secure file was revoked. |
Secure File Shared | Indicates a secure file was shared. |
Secure File Uploaded | Indicates a secure file was uploaded. |
Secure File Watermark Disabled | Indicates file watermark disabled. |
Secure File Watermark Enabled | Indicates file watermark enabled. |
Super Admin Added | Indicates a user was granted super admin permissions. |
Super Admin Removed | Indicates a was removed as a super admin. |
User Admin Added |
Indicates a user was given admin permissions to manage other users within the org (EDIT PERMISSIONS in the permissions modal).
|
User Admin Removed | Opposite of User Admin Added |
User Created | A new user was created inside this organization. This can happen as part of a domain sync or be done manually for ad-hoc organizations through the Control Center. |
User Permissions Updated | Opposite of User Permissions Added |
User Updated | A user was updated. This could be for numerous reasons: their permissions were updated; they were added/removed from an organizational unit or group; or they updated their personal preferences. |
Metadata Dictionary
This data dictionary will provide all information needed to align the Audit Data to meet your compliance or business requirements.
All times and dates are in ISO8601 format.
api-token
Organization-wide API tokens for CLI interaction with Virtru platform.
Attribute Name |
Type |
Description |
action |
String |
The action that was done to the object. Possible values:
|
created |
String |
The ISO8601 datetime when the token was created. |
creator |
String |
The email address of the Virtru employee who created the token. |
displayName |
String |
A short label that describes the purpose of the token. |
lastModified |
String |
The date the record was last modified. |
orgActionType |
String |
The organization action the record represents. |
orgId |
String |
The organizational ID. |
owner |
String |
The email address of the user who requested the token. |
permissions[] |
Array<String> |
Array of permissions the token has. This dictates what the token can be used for. Possible values:
|
recordId |
String |
The unique ID for this record. |
timestamp |
String |
Datetime of the event. |
tokenId | String | The token ID. |
type | String | Should always be "api-token". |
appIdBundle
Objects that contain unique identifiers for users. Used for authentication in the Virtru platform.
Attribute Name |
Type |
Description |
action |
String |
Action take for this record Possible Values
|
created |
String |
The ISO8601 datetime when the appIdBundle was created. |
groups[] |
Array<String> |
An array of groups that the user is in. e.g. [ ‘Engineering@virtru.com’, ‘Gateway@virtru.com’ ] |
isActivateEvent |
Boolean |
Whether the appId was activated as part of this event. |
isDisableEvent |
Boolean |
Whether the appId was disabled as part of this event. |
isRevokedEvent |
Boolean |
Whether the appId was revoked as part of this event. |
lastModified |
String |
Datetime last modified. |
ous[] |
Array<String> |
IDs of all organizational units of the user which the appIdBundle was created for. e.g. [‘id%3A02f1mw1826k6eyh’,‘id%3A02f1mw182boq9zy’] |
orgActionType |
String |
Unique Id and action of this record. |
orgId |
String |
Unique Id of the organization. |
primaryOu |
String |
ID of primary organizational unit of the user which the appIdBundle was created for. |
recordId |
String |
Unique Id of the record. |
requestId |
String |
Unique id of the request. |
requestIp |
String |
IP of the requesting client. |
state |
String |
The state of the appIdBundle. Possible values:
|
timestamp |
String |
Timestamp of the event. |
type |
String |
Should always be "appIdBundle" |
userAgent |
String |
User agent string of the client used for the request. |
userId |
String |
The email address of the user who the appId was created for. |
virtruClient |
String |
String representing the client used for the request. |
contract-get
Created when a policy is accessed, whenever a Virtru email or file is decrypted.
Attribute Name |
Type |
Description |
action | String |
Recorded action Possible Values
|
created | String | Datetime created |
expirationDate | String | Datetime of expiration |
groups[] |
Array<String> |
Array of groups that the accessing user belongs to. e.g. [ ‘engineer@virtru.com’, ‘gateway@virtru.com’ ] |
isNoAuth |
Boolean |
True if the user accessed the contract without authenticating. |
lastModified | String | Datetime last modified modified. |
orgActionType |
String |
Action taken. |
orgId | String | Unique Id of the organization. |
ous[] |
Array<String> |
IDs of all organizational units of the user who accessed the policy. e.g. [‘id%3A02f1mw1826k6eyh’,‘id%3A02f1mw182boq9zy’] |
policyId |
String |
The ID of the policy that was accessed. |
primaryOu |
String |
ID of primary organizational unit of the user who accessed the policy. |
recordId | String | Unique Id of the record. |
requestId |
String |
Unique Id of the request. |
requestIp |
String |
IP address of the requesting user. |
timestamp | String | Datetime of the record. |
type | String | Should always be "contract-get" |
userAgent | String | String name of the connecting client. |
userId |
String |
The email address of the user who accessed the policy. |
virtruClient | String | Name of the client. |
dlp-rules
Security Rules that run when a user attempts to send an email.
Attribute Name |
Type |
Description |
action | String | Action recorded by record. |
created |
String |
The ISO8601 datetime when the Security Rule was first created. |
dlpActions |
Array<String> |
The actions the rule takes when triggered. Possible values:
|
displayName |
String |
The name of the Security Rule. |
groups[] |
Array<String> |
Array of groups that the Security Rule applies to. e.g. [ ‘Engineering@virtru.com’, ‘Gateway@virtru.com’ ] |
isDeprecated |
Boolean |
Whether the rule is in use anymore; Possible Values:
|
lastModified | String | Datetime of the records last modification. |
ous[] |
Array<String> |
IDs of all organizational units of that the Security Rule applies to. e.g. [‘id%3A02f1mw1826k6eyh’,‘id%3A02f1mw182boq9zy’] |
orgActionType | String | Action taken by organization. |
orgId | String | Unique ID of the organization. |
recordId | String | Unique ID of the record. |
requestId | String | Unique ID of the request. |
requestIp |
String |
IP of the requesting client. |
ruleGroups[] |
Array<String> |
Array of groups that the Security Rule applies to. e.g. [ ‘Engineering@virtru.com’, ‘Gateway@virtru.com’ ] |
ruleId |
String |
The unqiue ID of the Security Rule. |
ruleOus[] |
Array<String> |
IDs of all organizational units of that the Security Rule applies to. e.g. [‘id%3A02f1mw1826k6eyh’,‘id%3A02f1mw182boq9zy’] |
scope |
String |
Mail flow direction for rule to be evaluated Possible Values:
|
timestamp | String | Datetime of the action. |
type | String | Should always be "dlp-rules". |
userAgent | String | User Agent of requesting client. |
userId |
String |
The email address of the user who created or updated the Security Rule. |
virtruClient | String | Name of the requesting client. |
dlpOverride
An event representing a user bypassing a Security Rule warning and sending unsecure.
Attribute Name |
Type |
Description |
violatedRuleIds[] |
Array<String> |
Array of Security Rule IDs that were triggered and bypassed by the user. Corresponds with violatedRuleNames. |
violatedRuleNames[] |
Array<String> |
Array of Security Rule IDs that were triggered and bypassed by the user. Corresponds with violatedRuleNames. |
encrypted-search-key
Organization-wide keys used for searching and indexing encrypted emails. They are generated in the Virtru Control Center by administrators only one set of keys can be active per tenant.
Attribute Name |
Type |
Description |
acceptedOn | String | Datetime activated key. |
action | String |
Action recorded by record Possible Values
|
created |
String |
The ISO8601 datetime when the key was created. |
keyId |
String |
The unique ID of the encrypted search key. |
lastModified | String | Datetime of the record modification. |
orgActionType |
String |
Organization level Action |
orgId |
String |
Unique ID of the organization. |
receiverId |
String |
Unique Id of the recipient. |
recordId |
String |
Unique ID of the record. |
requestId |
String |
Unique ID of the request. |
requestIp |
String |
IP of the computer that requested the creation/revocation of the key. |
revokedOn | String | The ISO8601 datetime of when (and if) the search key was revoked. |
status |
String |
Status of the key Possible Values
|
timestamp |
String |
Datetime of the event. |
type | String | Should always be "encrypted-search-key". |
userId |
String |
The email address of the user who created the search key. |
userAgent | String | User Agent string of the requesting client. |
virtruClient | String | Name of the requesting client. |
licenseInvitation
Invitations that are sent out to users to install and activate Virtru software.
Attribute Name |
Type |
Description |
acceptedOn |
String |
The ISO8601 datetime when/if the invitation was accepted. |
action | String | Action recorded by record. |
created |
String |
The ISO8601 datetime when the invitation was created. |
invitationId |
String |
The unique ID of the license invitation. |
lastModified | String | Datetime of the record modification. |
orgActionType | String | Organization level Action |
orgId | String | Unique ID of the organization. |
receiverId |
String |
The email address of the user who was sent the invitation. |
recordId | String | Unique ID of the record. |
requestId | String | Unique ID of the request. |
requestIp | String | IP of the computer that initiated the request. |
revokedOn |
String |
The ISO8601 datetime when/if the invitation was revoked. |
status |
String |
The status of the invitation. Possible values:
|
timestamp | String | Datetime of the event. |
type |
String |
Should always be "licenseInvitation". |
userAgent | String | User Agent string of the requesting client. |
virtruClient | String | Name of the Virtru client requesting the invitation. |
organization
The details and configuration of the organization.
Attribute Name |
Type |
Description |
action |
String |
The action that was done to the object. Possible Values
|
created |
String |
The ISO8601 datetime when the invitation was created. |
delegationEmail |
String |
The delegation email address for use when triggering the automatic domain synchronization. |
lastDomainRefresh |
String |
The ISO8601 datetime when the organization was last synchronized. |
lastModified |
String |
Date the record was last modified. |
orgActionType |
String | A simple join of the orgId, type, and action fields. Used for indexing purposes. |
orgId |
String |
The unique ID of the organization. |
owner |
String |
The email address of the organization owner. |
recordId |
String |
Unique ID of the record. |
requestId |
String |
The unique ID of the request. |
requestIp |
String |
IP of the requesting client. |
timestamp |
String |
The ISO8601 datetime of the moment the audit record was created. |
type |
String |
Should always be "organization". |
userAgent |
String |
The web browser user agent. Contains information such as the browser and operating system. |
userId |
String |
The email address of the user who created or updated the organization. |
virtruClient |
String |
The Virtru client that was used to make the request. |
policy
Policies created and updated for every encrypted email and file.
Attribute Name |
Type |
Description |
accessedBy[] |
Array<String> |
Array of all email addresses of users who have accessed the policy. |
action |
String |
The action that was done to the object. Possible Values
|
appliedActions[] |
Array<String> |
Array of Security Rule actions applied to the policy as a result of the above violation. e.g. [‘virtru:encrypt’,‘virtru:disableForwarding’] |
children[] |
Array<String> |
Array of child policy IDs (usually attachments to an email). |
created |
String |
The ISO8601 datetime when the policy was created. |
displayName |
String |
The subject/name of the email/file. |
expiration |
String |
The ISO8601 datetime for when/if the policy is set to expire. |
forwardLog[] |
Array<Object> |
Array of forward events containing recipient, sender, and timestamp fields. e.g. |
groups[] |
Array<String> |
Array of groups which the policy belongs to. Same as the groups of the user who created the policy at the time. e.g. [‘engineering@virtru.com’,‘gateway@virtru.com’] |
isExpireEvent |
Boolean |
True is policy expiration was set as part of this event. |
isForwardEvent |
Boolean |
True if an email/file was forwarded as part of this event. Represents a change to the 'forwardLog' field. |
isForwardingDisabled |
Boolean |
True if forwarding has been disabled for this policy. |
isForwardingDisabledEvent |
Boolean |
True if policy forwarding was disabled as part of this event. |
isManaged |
Boolean |
True if the policy is managed. |
isManagedEvent |
Boolean |
True if policy was set to managed as part of this event. |
isNoAuth |
Boolean |
True if the policy does not require authentication. |
isNoAuthEvent |
Boolean |
True if authorization was disabled as part of this event. |
isRevokeEvent |
Boolean |
True if the policy was revoked as part of this event. |
isReauthorizeEvent |
Boolean |
True if a previously-revoked policy was re-enabled as part of this event. |
isSendEvent |
Boolean |
True if an email/file was sent as part of this event. |
lastModified |
String |
Datetime of the last time the record was modified. |
ous[] |
Array<String> |
IDs of all organizational units of the user who create/updated the policy. e.g. [‘id%3A02f1mw1826k6eyh’,‘id%3A02f1mw182boq9zy’] |
orgActionType |
String |
A simple join of the orgId, type, and action fields. Used for indexing purposes. |
orgId |
String |
Unique ID of the organization. |
policyId |
String |
The unique ID of the policy. |
policyGroups[] |
Array<String> |
Array of groups which the policy belongs to. Same as the groups of the user who created the policy at the time. e.g. |
policyOus[] |
Array<String> |
IDs of all organizational units of the user who create/updated the policy. e.g. |
policyOwner |
String |
The email address of the policy owner (the user who originally created the policy). |
policyType |
String |
The type of the policy. Possible Values:
|
primaryOu |
String |
ID of the primary organizational unit of the user who created/updated the policy. e.g. ‘id%3A02f1mw1826k6eyh’ |
recipients[] |
Array<String> |
Array of users (email addresses) who are authorized to access this email or file. |
recordId |
String |
Unique ID of the record. |
requestId |
String |
The unique ID of the request. |
requestIp |
String |
The IP address where the request originated from. |
state |
String |
Whether the policy is active or revoked. Possible Values:
|
timestamp |
String |
The ISO8601 datetime of the moment the audit record was created. |
type |
String |
Should always be "policy". |
userAgent |
String |
The web browser user agent. Contains information such as the browser and operating system. |
userId |
String |
The email address of the user who created or updated the policy. |
violatedRuleIds[] |
Array<String> |
Array of IDs of Security Rules that were violated/triggered when this policy was created. |
violatedRuleNames[] |
Array<String> |
Array of Names of Security Rules that were violated/triggered when this policy was created. |
virtruClient |
String |
The Virtru client that was used to make the request. |
unit-attributes
The groups and organizational units of the organization.
Attribute Name |
Type |
Description |
action |
String |
The action that was done to the object. Possible Values
|
adminDlp[] |
Array<String> |
Arrays of various administrators of this unit broken up by permissions. |
adminDlpAdded[] |
Array<String> |
Arrays of any administrators that were added or removed segmented up by permissions type. |
adminDlpRemoved[] | Array<String> | Arrays of any administrators that were added or removed segmented up by permissions type. |
adminPolicyBulkExport[] |
Array<String> |
Arrays of various administrators of this unit broken up by permissions. |
adminPolicyBulkExportAdded[] | Array<String> | Arrays of any administrators that were added or removed segmented up by permissions type. |
adminPolicyBulkExportRemoved[] | Array<String> | Arrays of any administrators that were added or removed segmented up by permissions type. |
adminPolicyContractFetch[] |
Array<String> |
Arrays of various administrators of this unit broken up by permissions. |
adminPolicyContractFetchAdded[] | Array<String> | Arrays of any administrators that were added or removed segmented up by permissions type. |
adminPolicyContractFetchRemoved[] | Array<String> | Arrays of any administrators that were added or removed segmented up by permissions type. |
adminPolicyEdit[] |
Array<String> |
Arrays of various administrators of this unit broken up by permissions. |
adminPolicyEditAdded[] | Array<String> | Arrays of any administrators that were added or removed segmented up by permissions type. |
adminPolicyEditRemoved[] | Array<String> | Arrays of any administrators that were added or removed segmented up by permissions type. |
adminPolicyRead[] |
Array<String> |
Arrays of various administrators of this unit broken up by permissions. |
adminPolicyReadAdded[] | Array<String> | Arrays of any administrators that were added or removed segmented up by permissions type. |
adminPolicyReadRemoved[] | Array<String> | Arrays of any administrators that were added or removed segmented up by permissions type. |
adminPolicyRevoke[] |
Array<String> |
Arrays of various administrators of this unit broken up by permissions. |
adminPolicyRevokeAdded[] | Array<String> | Arrays of any administrators that were added or removed segmented up by permissions type. |
adminPolicyRevokeRemoved[] | Array<String> | Arrays of any administrators that were added or removed segmented up by permissions type. |
adminUnit[] |
Array<String> |
Arrays of various administrators of this unit broken up by permissions. |
adminUnitAdded[] | Array<String> | Arrays of any administrators that were added or removed segmented up by permissions type. |
adminUnitRemoved[] | Array<String> | Arrays of any administrators that were added or removed segmented up by permissions type. |
created | String | The ISO8601 datetime when the unit was created. |
lastModified |
String |
Datetime of the last time the record was modified. |
name | String | The name of the unit. |
orgActionType |
String |
A simple join of the orgId, type, and action fields. Used for indexing purposes. |
orgId |
String |
Unique ID of the organization. |
permissions[] | Array<String> |
An array of permissions for the users in this unit. e.g. [ |
recordId |
String |
Unique ID of the record. |
remoteId | String | The unique ID of the unit. |
requestId |
String |
The unique ID of the request. |
requestIp |
String |
The IP address where the request originated from. |
timestamp |
String |
The ISO8601 datetime of the moment the audit record was created. |
type |
String |
Should always be "unit-attributes" |
unitType |
String |
The type of the unit. Possible Values
|
userAgent |
String |
The web browser user agent. Contains information such as the browser and operating system. |
virtruClient |
String |
The Virtru client that was used to make the request. |
userSettings
The users in the organization and their settings/memberships.
Attribute Name |
Type |
Description |
action |
String |
The action that was done to the object. Possible Values
|
created |
String |
The ISO8601 datetime the user was created. |
groups[] |
Array<String> |
An array of groups the user is in. e.g. [ ‘Engineering@virtru.com’, ‘Gateway@virtru.com’ ] |
lastModified |
String |
Datetime of the last time the record was modified. |
orgActionType |
String |
A simple join of the orgId, type, and action fields. Used for indexing purposes. |
orgId |
String |
Unique ID of the organization. |
ous[] |
Array<String> |
IDs of all organizational units of the user. e.g. [‘id%3A02f1mw1826k6eyh’,‘id%3A02f1mw182boq9zy’] |
permissions[] |
Array<String> |
An array of permissions the user has. Possible Values:
|
primaryOu |
String |
ID of the primary organizational unit of the user. e.g. ‘id%3A02f1mw1826k6eyh’ |
recordId |
String |
Unique ID of the record. |
timestamp |
String |
The ISO8601 datetime of the moment the audit record was created. |
type |
String |
Should always be "userSettings" |
userId |
String |
The user’s email address. |
userSettingsGroups[] |
Array<String> |
An array of groups of the user settings. e.g. [ |
userSettingsId |
String |
The email address of the user settings object being created or updated. |
userSettingsIsSuperAdmin |
Boolean |
True if user settings is that of a super administrator. |
userSettingsPrimaryOu |
String |
ID of the primary organizational unit of the user settings. e.g. 'id%3A02f1mw1826k6eyh' |
userSettingsOus[] |
Array<String> |
IDs of all organizational units of the user settings. e.g. [ |
Downloads
- Data Dictionary Swagger Format
- virtru.swagger.v1.yaml.txt.yaml
Searchable Metadata
This list defines the metadata details that can be queried using the Search bar.
Metadata Detail | Values (or Examples) | Description |
created | 2018-05-31T11:43:53:418Z | The ISO8601 timestamp when the event occurred or when the database object was originally created. |
type | api-token appIdBundle contract-get dlp-rules encrypted-search-key licenseInvitation organization policy unit-attributes userSettings |
The type of object that was created, updated, or accessed. e.g. “encrypted-search-key” |
action | create update |
The action that was done to the object. Can be “create” or “update”. |
userAgent | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 | The web browser user agent. Contains information such as the browser and operating system. |
timestamp | 2018-05-31T11:43:53:418Z | The ISO8601 datetime of the moment the audit record was created. |
virtruClient | browser_extension_chrome secure-reader outlook_desktop iPhone iphone gateway android dashboard (*Used for Control Center) browser_extension_ff owa_extension_chrome iPad ipad voltron-vault drive_extension_chrome |
The Virtru client that was used to make the request. e.g. “dashboard:5.3.0” |
userGroups[] | Group Name 1 Group Name 2 Group Name 3 + X other groups Limit 3 (alphabetical sort) |
An array of groups of the user making the request. e.g. [ ‘Engineering@virtru.com’, ‘Gateway@virtru.com’ ] |
policyId | 2cf9c00e-46a2-457f-84b0-c057ea434664 | The ID of the policy that was accessed. |
policyId | - | The unique ID of the policy. |
policyOwner | address@domain.com | The email address of the policy owner (the user who originally created the policy). |
recipients[] | address@domain.com, address@domain.com | Array of users (email addresses) who are authorized to access this email or file. |
state | active deactivated |
Whether the policy is “active” or “deactivated” (revoked). |
displayName | subject filename |
The subject/name of the email/file. |
policyType | email file draft |
The type of the policy, i.e. ‘email’, ‘file’, or ‘draft’. |
requestIp | 123.45.67.90 | The IP address where the request originated from. |
expirationDate | 2018-05-31T11:43:53:418Z | The Unix epoch timestamp of when this audit record is set to expire and get deleted (i.e. TTL, currently defaults to 1 year from creation). |
userId | address@domain.com | Email address of the user making the request. |
userOus[] | OU Name OU Name 2 OU Name 3 + X other groups Limit 3 (alphabetical sort); |
IDs of all organizational units of the user making the request. e.g. [ ‘id%3A02f1mw1826k6eyh’, ‘id%3A02f1mw182boq9zy’ ] |
userPrimaryOu | OU Name | ID of the primary organizational unit of the user making the request. e.g. ‘id%3A02f1mw1826k6eyh’ |
isNoAuth | yes | True if the user accessed the contract without authenticating. |
displayName | - | The name / description of the Security Rule. |
dlpActions | encrypt warn ignore add cc add bcc add to strip attachments add content expire disable forwarding no auth is managed gateway decrypt gateway archive |
The actions the rule takes when triggered. Possible values: virtru:encrypt (The email must be encrypted) virtru:warn (The user must be warned of the violation) virtru:ignore (The user is not warned, but a violation is logged) virtru:addCc (An email address is added to the cc field) virtru:addTo (An email address is added to the email's To field) virtru:addBcc (An email address is added to the bcc field) virtru:stripAttachments (All attachments are removed from the email) virtru:addContent (Specifiied content is added to the email body) virtru:expire (Expires the policy after the specified time interval) virtru:disableForwarding (The policy will have forwarding disabled) virtru:noAuth (The policy does not require authentication) virtru:isManaged (Prevents downloading and printing of attachments) virtru:gateway:decrypt (Decrypt action for the Virtru Gateway) virtru:gateway:archive (Archive action for the Virtru Gateway) |
ruleOus[] | Included in common values | IDs of all organizational units of that the Security Rule applies to. e.g. [ ‘id%3A02f1mw1826k6eyh’, ‘id%3A02f1mw182boq9zy’ ] |
ruleGroups[] | included in common values | Array of groups that the Security Rule applies to. e.g. [ ‘Engineering@virtru.com’, ‘Gateway@virtru.com’ ] |
scope | - | Whether the rule runs on “inbound” or “outbound” data. |
keyId | - | The unique ID of the encrypted search key. |
userId | - | The email address of the user who created the search key. |
revokedOn | - | The ISO8601 datetime of when (and if) the search key was revoked. |
invitationId | - | The unique ID of the license invitation. |
receiverId | address@domain.com | The email address of the user who was sent the invitation. |
status | active revoked invited |
The status of the invitation. Possible values: active revoked invited |
acceptedOn | 2018-05-31T11:43:53:418Z | The ISO8601 datetime when/if the invitation was accepted. |
revokedOn | 2018-05-31T11:43:53:418Z | The ISO8601 datetime when/if the invitation was revoked. |
owner | address@domain.com | The email address of the organization owner. |
delegationEmail | address@domain.com | The delegation email address for use when triggering the automatic domain synchronization. |
accessedBy | address@domain.com | Array of all email addresses of users who have accessed the policy. |
forwardLog | address@domain.com | Array of forward events containing recipient, sender, and timestamp fields. e.g. [ { "recipient": "some-recipient@virtru.com", "sender": "bob@virtru.com", "timestamp": "2017-04-28T16:04:50.181Z" }, ... ] |
policyPrimaryOu | - | ID of the primary organizational unit of the user who created/updated the policy. e.g. ‘id%3A02f1mw1826k6eyh’ |
policyOus[] | - | IDs of all organizational units of the user who create/updated the policy. e.g. [ ‘id%3A02f1mw1826k6eyh’, ‘id%3A02f1mw182boq9zy’ ] |
policyGroups[] | - | Array of groups which the policy belongs to. Same as the groups of the user who created the policy at the time. e.g. [ ‘engineering@virtru.com’, ‘gateway@virtru.com’ ] |
violatedRuleIds[] | - | Array of Security Rule IDs that were violated/triggered when this policy was created. Corresponds with violatedRuleNames. |
violatedRuleNames[] | - | Array of Security Rule names that were violated/triggered when this policy was created. Corresponds with violatedRuleIds. |
appliedActions[] | encrypt warn ignore add cc add bcc add to strip attachments add content expire disable forwarding no auth is managed gateway decrypt gateway archive |
Array of Security Rule actions applied to the policy as a result of the above violation. e.g. [ ‘virtru:encrypt’, ‘virtru:disableForwarding’ ] |
expiration | 2018-05-31T11:43:53:418Z | The ISO8601 datetime for when/if the policy is set to expire. |
isManaged | true - otherwise hide | True if the policy is managed. |
isForwardingDisabled | true - otherwise hide | True if forwarding has been disabled for this policy. |
isNoAuth | true - otherwise hide | True if the policy does not require authentication. |
isRevokeEvent | true - otherwise hide | True if the policy was revoked as part of this event. |
isReauthorizeEvent | true - otherwise hide | True if a previously-revoked policy was re-enabled as part of this event. |
isExpireEvent | true - otherwise hide | True is policy expiration was set as part of this event. |
isManagedEvent | true - otherwise hide | True if policy was set to managed as part of this event. |
isForwardingDisabledEvent | true - otherwise hide | True if policy forwarding was disabled as part of this event. |
isNoAuthEvent | true - otherwise hide | True if authorization was disabled as part of this event. |
isSendEvent | true - otherwise hide | True if an email/file was sent as part of this event. |
isForwardEvent | true - otherwise hide | True if an email/file was forwarded as part of this event. Represents a change to the `forwardLog` field. |
name | ‘engineering@virtru.com’ | The name of the unit. |
unitType | `group` or `organizational-unit` | The type of the unit. |
remoteId | - | The unique ID of the unit. |
permissions[] | [ “canCreatePolicies”, “canRevokeOwnedPolicies”, ] | An array of permissions for the users in this unit. |
adminDlp[] adminUnit[] adminPolicyRead[] adminPolicyRevoke[] adminPolicyEdit[] adminPolicyContractFetch[] adminPolicyBulkExport[] |
adminUnit: [], adminDlp: [ `dlpAdmin@virtru.com` ], adminPolicyEdit: [], adminPolicyRevoke: [ `engineeringAdmin@virtru.com`, `hqAdmin@virtru.com` ], |
Arrays of various administrators of this unit broken up by permissions. |
adminDlpAdded[] adminDlpRemoved[] adminUnitAdded[] adminUnitRemoved[] adminPolicyReadAdded[] adminPolicyReadRemoved[] adminPolicyRevokeAdded[] adminPolicyRevokeRemoved[] adminPolicyEditAdded[] adminPolicyEditRemoved[] adminPolicyContractFetchAdded[] adminPolicyContractFetchRemoved[] adminPolicyBulkExportAdded[] adminPolicyBulkExportRemoved[] |
adminUnitRemoved: [ ‘old-admin@virtru.com’ ], adminDlp: [ `new-dlpAdmin@virtru.com` ], |
Arrays of any administrators that were added or removed segmented up by permissions type. |
userSettingsId | "nathan@virtru.com" | The email address of the user settings object being created or updated. |
permissions[] | - | An array of permissions the user has. e.g. [ `canCreatePolicies`, `canRevokeOwnedPolicies` ] |
userSettingsPrimaryOu | ‘id%3A02f1mw1826k6eyh’ | ID of the primary organizational unit of the user settings. |
userSettingsOus[] | - | IDs of all organizational units of the user settings. e.g. [ ‘id%3A02f1mw1826k6eyh’, ‘id%3A02f1mw182boq9zy’ ] |
userSettingsGroups[] | [ ‘engineering@virtru.com’, ‘gateway@virtru.com’ ] |
An array of groups of the user settings. |
userSettingsIsSuperAdmin | true - otherwise hide | True if user settings is that of a super administrator. |
violatedRuleNames[] | - | Array of Security Rule names that were triggered and bypassed by the user. Corresponds with violatedRuleIds. |
isDeprecated | - | Whether the rule is in use anymore; set to true when rule is deleted. |
tokenId | - | The token ID. |
owner | address@domain.com | The email address of the user who requested the token. |
creator | address@domain.com | The email address of the Virtru employee who created the token. |
permissions[] | servicePolicyCreate servicePolicyEdit servicePolicyContractFetch servicePolicyBulkExport servicePartnerProvision serviceAuditExport |
Array of permissions the token has. This dictates what the token can be used for. Possible values: servicePolicyCreate servicePolicyEdit servicePolicyContractFetch servicePolicyBulkExport servicePartnerProvision serviceAuditExport |
displayName | - | A short label that describes the purpose of the token. |
appId | - | The user’s unique identifier. |
state | active pending disabled revoked |
The state of the appIdBundle. Possible values: active (the appId is active and in use) pending (the appId is pending and awaiting verification by the user) disabled (the appId is disabled) revoked (the appId is revoked) |
isDisableEvent | yes | Whether the appId was disabled as part of this event. |
isActivateEvent | yes | Whether the appId was activated as part of this event. |
isRevokedEvent | yes | Whether the appId was revoked as part of this event. |
lastDomainRefresh | 2018-05-31T11:43:53:418Z | The ISO8601 datetime when the organization was last synchronized. |