> For the complete documentation index, see [llms.txt](https://docs.keeper.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.keeper.io/enterprise-guide/jp/event-reporting/event-descriptions.md). # イベント詳細 以下の表は、Keeperのレポート・アラートモジュールで検出されるイベントの一覧となります。イベントコードは、ユーザーインターフェースおよびKeeperコマンダーCLIコマンドパラメータ内で使用されます。「メッセージ」フィールドは、アラートモジュールに使用されます。 各イベント内には、レコードUID、共有フォルダUID、チームUID、ユーザー名などの属性が存在する場合があります。これらの属性はイベントメッセージに表示され、サードパーティSIEMプロバイダにも指定された形式で送信されます。以下の表の下には、対象SIEMに送信されるJSONサンプルを掲載しています。 {% embed url="" %} ## Keeper ARAMイベントJSONサンプル このドキュメントには、Keeperがレポート・アラート (ARAM) ストリームに書き込むすべての監査イベントのJSONペイロード例が含まれています。これらは、公開Audit Events APIまたはSIEM/監査ログ同期連携 (Splunk、Sumo Logic、DataDog、Azure Sentinel、Chronicleなど) 経由で取得できるイベントです。 ### ベースエンベロープ すべてのイベントには以下のトップレベル フィールドが含まれ、その下にイベント固有のフィールドが追加されます。 ```json { "audit_event": "", "category": "", "remote_address":"", "client_version":"", "username": "", "timestamp": "", "enterprise_id": } ``` ### フィールド リファレンス (イベント固有) | フィールド | 意味 | | ----------------------------------------------------------------------- | -------------------------------------------------------- | | `record_uid` | ボルトレコードのUID | | `shared_folder_uid` | 共有フォルダのUID | | `folder_uid` | フォルダ (ユーザーまたは共有) のUID | | `folder_type` | `user`または`shared` | | `team_uid` | チームのUID | | `app_uid` | KSMアプリケーション/PAMリソースのUID | | `secret_uid` | KSMアプリ内シークレットのUID | | `gateway_uid` | PAM/KSMゲートウェイのUID | | `agent_uid` | EPMエージェントのUID | | `deployment_uid`,`policy_uid`,`collection_uid`,`request_uid`,`link_uid` | EPMエンティティUID | | `attachment_id` | レコード上のファイル添付のUID | | `to_username` / `from_username` | 相手方ユーザーのメールアドレス | | `role_id` / `team_uid` | ロール/チーム識別子 | | `node_id` / `node` | エンタープライズノード識別子/表示名 | | `channel` | ログインまたは通信チャネル (Web Vault、Browser Extension、KeeperChatなど) | | `result_code` | login\_failure系イベントの失敗コード | | `device_name` | デバイスの表示ラベル | | `protocol` | PAMセッションプロトコル (ssh、rdp、vnc...) | | `plan`,`seats`,`enterprise`,`enterprise_new` | 管理対象企業/MSPコンテキスト | | `value` | 強制値、ベンチマーク設定など | | `status` | 汎用状態フィールド (イベントにより異なる) | | `auth_fail_reason` | EPM認証失敗理由 | | `token_id` | Public-APIまたはSCIMトークンID | *** ### カテゴリ別イベント ### カテゴリ: `account` #### `account_recovery` **説明:** アカウント復旧のリクエスト **アラートテンプレート:** `User ${username} requested account recovery` ```json { "audit_event": "account_recovery", "category": "account", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345 } ``` #### `alias_added` **説明:** 代替メールアドレスの追加 **アラートテンプレート:** `User ${username} added alternative email ${email}` ```json { "audit_event": "alias_added", "category": "account", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "email": "newuser@keepersecurity.com" } ``` #### `change_email` **説明:** メールアドレスの変更 **アラートテンプレート:** `User ${username} changed email. Previous email ${email}` ```json { "audit_event": "change_email", "category": "account", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "email": "newuser@keepersecurity.com" } ``` #### `change_master_password` **説明:** マスターパスワードの変更 **アラートテンプレート:** `User ${username} changed master password` ```json { "audit_event": "change_master_password", "category": "account", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345 } ``` #### `change_security_question` **説明:** 秘密の質問の変更 **アラートテンプレート:** `User ${username} changed security question` ```json { "audit_event": "change_security_question", "category": "account", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345 } ``` #### `device_user_passkey_add` **説明:** 生体認証パスキーの追加 **アラートテンプレート:** `User ${username} added a passkey for biometric login on a device '${device_name}'.` ```json { "audit_event": "device_user_passkey_add", "category": "account", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "device_name": "MacBook Pro" } ``` #### `device_user_passkey_remove` **説明:** 生体認証パスキーの削除 **アラートテンプレート:** `User ${username} removed a passkey for biometric login on a device '${device_name}'.` ```json { "audit_event": "device_user_passkey_remove", "category": "account", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "device_name": "MacBook Pro" } ``` #### `set_alternate_master_password` **説明:** 代替マスターパスワードの設定 **アラートテンプレート:** `User ${username} set alternate Master Password` ```json { "audit_event": "set_alternate_master_password", "category": "account", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345 } ``` #### `set_biometric_access` **説明:** 生体認証アクセスの設定 **アラートテンプレート:** `User ${username} set biometric access` ```json { "audit_event": "set_biometric_access", "category": "account", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345 } ``` ### カテゴリ: `admin_permission` #### `admin_permission_added` **説明:** 管理権限の追加 **アラートテンプレート:** `User ${username} added an administrative permission '${value}' for role ${role_id} on node ${node_id}` ```json { "audit_event": "admin_permission_added", "category": "admin_permission", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "value": "true", "role_id": 9876543210, "node_id": 1234567890 } ``` #### `admin_permission_removed` **説明:** 管理権限の削除 **アラートテンプレート:** `User ${username} removed an administrative permission '${value}' for role ${role_id} on node ${node_id}` ```json { "audit_event": "admin_permission_removed", "category": "admin_permission", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "value": "true", "role_id": 9876543210, "node_id": 1234567890 } ``` ### カテゴリ: `breachwatch` #### `bw_record_high_risk` **説明:** BreachWatchによる高リスクレコードパスワードの検出 **アラートテンプレート:** `User ${username} was notified of a high risk password for record UID ${record_uid}` ```json { "audit_event": "bw_record_high_risk", "category": "breachwatch", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw" } ``` #### `bw_record_ignored` **説明:** ユーザーによる高リスクレコードパスワードの無視 **アラートテンプレート:** `User ${username} ignored high risk password for record UID ${record_uid}` ```json { "audit_event": "bw_record_ignored", "category": "breachwatch", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw" } ``` #### `bw_record_resolved` **説明:** ユーザーによる高リスクレコードパスワードの解決 **アラートテンプレート:** `User ${username} resolved a high risk password for record UID ${record_uid}` ```json { "audit_event": "bw_record_resolved", "category": "breachwatch", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw" } ``` ### カテゴリ: `chat` #### `chat_contact_added` **説明:** チャットへの連絡先追加 **アラートテンプレート:** `User ${username} invited ${to_username} as contact` ```json { "audit_event": "chat_contact_added", "category": "chat", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "to_username": "bob@keepersecurity.com" } ``` #### `chat_file_attached` **説明:** チャットでのファイル送信 **アラートテンプレート:** `User ${username} sent a file` ```json { "audit_event": "chat_file_attached", "category": "chat", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345 } ``` #### `chat_login` **説明:** チャットログイン **アラートテンプレート:** `User ${username} logged in to KeeperChat (${channel})` ```json { "audit_event": "chat_login", "category": "chat", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "channel": "Web Vault" } ``` #### `chat_login_failed` **説明:** チャットログイン失敗 **アラートテンプレート:** `User ${username} login failed to KeeperChat with code ${result_code}` ```json { "audit_event": "chat_login_failed", "category": "chat", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "result_code": "auth_failed", "channel": "Web Vault" } ``` #### `chat_message_destruct` **説明:** 自己消滅チャットメッセージ **アラートテンプレート:** `User ${username} set a message to self destruct` ```json { "audit_event": "chat_message_destruct", "category": "chat", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345 } ``` #### `chat_message_received` **説明:** チャットメッセージの受信 **アラートテンプレート:** `User ${username} received a secure message` ```json { "audit_event": "chat_message_received", "category": "chat", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345 } ``` #### `chat_message_sent` **説明:** チャットメッセージの送信 **アラートテンプレート:** `User ${username} sent a secure message` ```json { "audit_event": "chat_message_sent", "category": "chat", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345 } ``` ### カテゴリ: `compliance_report` #### `compliance_report_deleted` **説明:** コンプライアンスレポートの削除 **アラートテンプレート:** `Compliance report UID ${app_uid} deleted by ${username}` ```json { "audit_event": "compliance_report_deleted", "category": "compliance_report", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "app_uid": "App9qLnfWVxWL9OQlsGdOUw" } ``` #### `compliance_report_downloaded` **説明:** コンプライアンスレポートのダウンロード **アラートテンプレート:** `Compliance report UID ${app_uid} downloaded by ${username}` ```json { "audit_event": "compliance_report_downloaded", "category": "compliance_report", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "app_uid": "App9qLnfWVxWL9OQlsGdOUw" } ``` #### `compliance_report_exported` **説明:** コンプライアンスレポートのエクスポート **アラートテンプレート:** `Compliance report UID ${app_uid} exported by ${username}` ```json { "audit_event": "compliance_report_exported", "category": "compliance_report", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "app_uid": "App9qLnfWVxWL9OQlsGdOUw" } ``` #### `compliance_report_run` **説明:** コンプライアンスレポートの生成 **アラートテンプレート:** `Compliance report run by ${username}` ```json { "audit_event": "compliance_report_run", "category": "compliance_report", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345 } ``` #### `compliance_report_saved` **説明:** コンプライアンスレポートの保存 **アラートテンプレート:** `Compliance report UID ${app_uid} saved by ${username}` ```json { "audit_event": "compliance_report_saved", "category": "compliance_report", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "app_uid": "App9qLnfWVxWL9OQlsGdOUw" } ``` #### `saved_criteria_deleted` **説明:** コンプライアンスレポート条件の削除 **アラートテンプレート:** `Compliance report criteria UID ${app_uid} deleted by ${username}` ```json { "audit_event": "saved_criteria_deleted", "category": "compliance_report", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "app_uid": "App9qLnfWVxWL9OQlsGdOUw" } ``` #### `saved_criteria_edited` **説明:** コンプライアンスレポート条件の編集 **アラートテンプレート:** `Compliance report criteria UID ${app_uid} edited by ${username}` ```json { "audit_event": "saved_criteria_edited", "category": "compliance_report", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "app_uid": "App9qLnfWVxWL9OQlsGdOUw" } ``` #### `saved_criteria_saved` **説明:** コンプライアンスレポート条件の保存 **アラートテンプレート:** `Compliance report criteria UID ${app_uid} saved by ${username}` ```json { "audit_event": "saved_criteria_saved", "category": "compliance_report", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "app_uid": "App9qLnfWVxWL9OQlsGdOUw" } ``` #### `unsaved_compliance_report_exported` **説明:** 未保存コンプライアンスレポートのエクスポート **アラートテンプレート:** `Unsaved compliance report exported by ${username}` ```json { "audit_event": "unsaved_compliance_report_exported", "category": "compliance_report", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345 } ``` ### カテゴリ: `endpoint_privilege_manager` #### `agent_added_collection_link` **説明:** エージェントによるコレクションリンクの追加 **アラートテンプレート:** `Agent added resource ${link_uid} to collection ${collection_uid}` ```json { "audit_event": "agent_added_collection_link", "category": "endpoint_privilege_manager", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "link_uid": "Lnk9qLnfWVxWL9OQlsGdOUw", "collection_uid": "Col9qLnfWVxWL9OQlsGdOUw" } ``` #### `agent_added_to_collection` **説明:** コレクションへのエージェント追加 **アラートテンプレート:** `Agent ${agent_uid} added itself to collection ${collection_uid}` ```json { "audit_event": "agent_added_to_collection", "category": "endpoint_privilege_manager", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "agent_uid": "Ag9qLnfWVxWL9OQlsGdOUw", "collection_uid": "Col9qLnfWVxWL9OQlsGdOUw" } ``` #### `agent_authentication_failed` **説明:** エージェント認証失敗 **アラートテンプレート:** `Agent ${agent_uid} auth failed. Reason: ${auth_fail_reason}` ```json { "audit_event": "agent_authentication_failed", "category": "endpoint_privilege_manager", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "agent_uid": "Ag9qLnfWVxWL9OQlsGdOUw", "auth_fail_reason": "invalid_token" } ``` #### `agent_created_collection` **説明:** エージェントによるコレクション作成 **アラートテンプレート:** `Agent ${agent_uid} created collection ${collection_uid}` ```json { "audit_event": "agent_created_collection", "category": "endpoint_privilege_manager", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "agent_uid": "Ag9qLnfWVxWL9OQlsGdOUw", "collection_uid": "Col9qLnfWVxWL9OQlsGdOUw" } ``` #### `agent_removed` **説明:** エージェントの削除 **アラートテンプレート:** `${username} deleted agent ${agent_uid}` ```json { "audit_event": "agent_removed", "category": "endpoint_privilege_manager", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "agent_uid": "Ag9qLnfWVxWL9OQlsGdOUw" } ``` #### `agent_removed_from_collection` **説明:** コレクションからのエージェント削除 **アラートテンプレート:** `Agent ${agent_uid} removed itself from collection ${collection_uid}` ```json { "audit_event": "agent_removed_from_collection", "category": "endpoint_privilege_manager", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "agent_uid": "Ag9qLnfWVxWL9OQlsGdOUw", "collection_uid": "Col9qLnfWVxWL9OQlsGdOUw" } ``` #### `agent_unregistered` **説明:** エージェント登録解除 **アラートテンプレート:** `Agent ${agent_uid} unregistered` ```json { "audit_event": "agent_unregistered", "category": "endpoint_privilege_manager", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "agent_uid": "Ag9qLnfWVxWL9OQlsGdOUw" } ``` #### `agent_updated` **説明:** エージェントの更新 **アラートテンプレート:** `${username} updated agent ${agent_uid}` ```json { "audit_event": "agent_updated", "category": "endpoint_privilege_manager", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "agent_uid": "Ag9qLnfWVxWL9OQlsGdOUw" } ``` #### `approval_request_created` **説明:** エージェントによる承認リクエスト作成 **アラートテンプレート:** `Agent ${agent_uid} created approval request ${request_uid}` ```json { "audit_event": "approval_request_created", "category": "endpoint_privilege_manager", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "agent_uid": "Ag9qLnfWVxWL9OQlsGdOUw", "request_uid": "Req9qLnfWVxWL9OQlsGdOUw" } ``` #### `approval_request_removed` **説明:** 承認リクエストの削除 **アラートテンプレート:** `${username} deleted approval request ${request_uid}` ```json { "audit_event": "approval_request_removed", "category": "endpoint_privilege_manager", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "request_uid": "Req9qLnfWVxWL9OQlsGdOUw" } ``` #### `approval_request_status_changed` **説明:** 承認リクエストステータスの変更 **アラートテンプレート:** `${username} changed status of approval request ${request_uid} to ${request_status}` ```json { "audit_event": "approval_request_status_changed", "category": "endpoint_privilege_manager", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "request_uid": "Req9qLnfWVxWL9OQlsGdOUw", "request_status": "approved" } ``` #### `collection_created` **説明:** コレクションの作成 **アラートテンプレート:** `${username} created collection ${collection_uid}` ```json { "audit_event": "collection_created", "category": "endpoint_privilege_manager", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "collection_uid": "Col9qLnfWVxWL9OQlsGdOUw" } ``` #### `collection_link_added` **説明:** コレクションリンクの追加 **アラートテンプレート:** `${username} added link ${link_uid} to collection ${collection_uid}` ```json { "audit_event": "collection_link_added", "category": "endpoint_privilege_manager", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "link_uid": "Lnk9qLnfWVxWL9OQlsGdOUw", "collection_uid": "Col9qLnfWVxWL9OQlsGdOUw" } ``` #### `collection_link_removed` **説明:** コレクションリンクの削除 **アラートテンプレート:** `${username} removed link ${link_uid} from collection ${collection_uid}` ```json { "audit_event": "collection_link_removed", "category": "endpoint_privilege_manager", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "link_uid": "Lnk9qLnfWVxWL9OQlsGdOUw", "collection_uid": "Col9qLnfWVxWL9OQlsGdOUw" } ``` #### `collection_removed` **説明:** コレクションの削除 **アラートテンプレート:** `${username} deleted collection ${collection_uid}` ```json { "audit_event": "collection_removed", "category": "endpoint_privilege_manager", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "collection_uid": "Col9qLnfWVxWL9OQlsGdOUw" } ``` #### `collection_updated` **説明:** コレクションの更新 **アラートテンプレート:** `${username} updated collection ${collection_uid}` ```json { "audit_event": "collection_updated", "category": "endpoint_privilege_manager", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "collection_uid": "Col9qLnfWVxWL9OQlsGdOUw" } ``` #### `deployment_authentication_failed` **説明:** デプロイメント認証失敗 **アラートテンプレート:** `Deployment ${deployment_uid} auth failed. Reason: ${auth_fail_reason}` ```json { "audit_event": "deployment_authentication_failed", "category": "endpoint_privilege_manager", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "deployment_uid": "Dep9qLnfWVxWL9OQlsGdOUw", "auth_fail_reason": "invalid_token" } ``` #### `deployment_created` **説明:** デプロイメントの作成 **アラートテンプレート:** `${username} created deployment ${deployment_uid}` ```json { "audit_event": "deployment_created", "category": "endpoint_privilege_manager", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "deployment_uid": "Dep9qLnfWVxWL9OQlsGdOUw" } ``` #### `deployment_removed` **説明:** デプロイメントの削除 **アラートテンプレート:** `${username} deleted deployment ${deployment_uid}` ```json { "audit_event": "deployment_removed", "category": "endpoint_privilege_manager", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "deployment_uid": "Dep9qLnfWVxWL9OQlsGdOUw" } ``` #### `deployment_updated` **説明:** デプロイメントの更新 **アラートテンプレート:** `${username} updated deployment ${deployment_uid}` ```json { "audit_event": "deployment_updated", "category": "endpoint_privilege_manager", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "deployment_uid": "Dep9qLnfWVxWL9OQlsGdOUw" } ``` #### `policy_created` **説明:** ポリシーの作成 **アラートテンプレート:** `${username} created policy ${policy_uid}` ```json { "audit_event": "policy_created", "category": "endpoint_privilege_manager", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "policy_uid": "Pol9qLnfWVxWL9OQlsGdOUw" } ``` #### `policy_removed` **説明:** ポリシーの削除 **アラートテンプレート:** `${username} removed policy ${policy_uid}` ```json { "audit_event": "policy_removed", "category": "endpoint_privilege_manager", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "policy_uid": "Pol9qLnfWVxWL9OQlsGdOUw" } ``` #### `policy_updated` **説明:** ポリシーの更新 **アラートテンプレート:** `${username} updated policy ${policy_uid}` ```json { "audit_event": "policy_updated", "category": "endpoint_privilege_manager", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "policy_uid": "Pol9qLnfWVxWL9OQlsGdOUw" } ``` #### `register_agent` **説明:** エージェントの登録 **アラートテンプレート:** `Agent ${agent_uid} is registered using ${deployment_uid}` ```json { "audit_event": "register_agent", "category": "endpoint_privilege_manager", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "agent_uid": "Ag9qLnfWVxWL9OQlsGdOUw", "deployment_uid": "Dep9qLnfWVxWL9OQlsGdOUw" } ``` ### カテゴリ: `keeper_ai` #### `keeper_ai_critical_risk_level_detected` **説明:** KeeperAIによる重大リスクの検出 **アラートテンプレート:** `KeeperAI analyzed the session and assigned an overall risk level of Critical for Record UID ${record_uid}` ```json { "audit_event": "keeper_ai_critical_risk_level_detected", "category": "keeper_ai", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw" } ``` #### `keeper_ai_high_risk_level_detected` **説明:** KeeperAIによる高リスクの検出 **アラートテンプレート:** `KeeperAI analyzed the session and assigned an overall risk level of High for Record UID ${record_uid}` ```json { "audit_event": "keeper_ai_high_risk_level_detected", "category": "keeper_ai", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw" } ``` #### `keeper_ai_medium_risk_level_detected` **説明:** KeeperAIによる中リスクの検出 **アラートテンプレート:** `KeeperAI analyzed the session and assigned an overall risk level of Medium for Record UID ${record_uid}` ```json { "audit_event": "keeper_ai_medium_risk_level_detected", "category": "keeper_ai", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw" } ``` #### `keeper_ai_pam_configuration_feature_disabled` **説明:** PAM構成でのKeeperAI無効化 **アラートテンプレート:** `User ${username} disabled KeeperAI options in PAM Configuration ${record_uid}` ```json { "audit_event": "keeper_ai_pam_configuration_feature_disabled", "category": "keeper_ai", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw" } ``` #### `keeper_ai_pam_configuration_feature_enabled` **説明:** PAM構成でのKeeperAI有効化 **アラートテンプレート:** `User ${username} enabled KeeperAI options in PAM Configuration ${record_uid}` ```json { "audit_event": "keeper_ai_pam_configuration_feature_enabled", "category": "keeper_ai", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw" } ``` #### `keeper_ai_recording_disabled` **説明:** KeeperAI録画の無効化 **アラートテンプレート:** `KeeperAI recording was disabled by user ${username} on Record UID ${record_uid}` ```json { "audit_event": "keeper_ai_recording_disabled", "category": "keeper_ai", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw" } ``` #### `keeper_ai_recording_enabled` **説明:** KeeperAI録画の有効化 **アラートテンプレート:** `KeeperAI recording was enabled by user ${username} on Record UID ${record_uid}` ```json { "audit_event": "keeper_ai_recording_enabled", "category": "keeper_ai", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw" } ``` #### `keeper_ai_session_locked_by_ai_critical` **説明:** KeeperAIによるセッションロック (重大脅威) **アラートテンプレート:** `Session terminated and resource locked due to a critical threat detected for Record UID ${record_uid}` ```json { "audit_event": "keeper_ai_session_locked_by_ai_critical", "category": "keeper_ai", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw" } ``` #### `keeper_ai_session_locked_by_ai_high` **説明:** KeeperAIによるセッションロック (高脅威) **アラートテンプレート:** `Session terminated and resource locked due to a high threat detected for Record UID ${record_uid}` ```json { "audit_event": "keeper_ai_session_locked_by_ai_high", "category": "keeper_ai", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw" } ``` #### `keeper_ai_session_locked_by_ai_medium` **説明:** KeeperAIによるセッションロック (中脅威) **アラートテンプレート:** `Session terminated and resource locked due to a medium threat detected for Record UID ${record_uid}` ```json { "audit_event": "keeper_ai_session_locked_by_ai_medium", "category": "keeper_ai", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw" } ``` #### `keeper_ai_session_terminate_disabled` **説明:** KeeperAIセッション終了の無効化 **アラートテンプレート:** `User ${username} disabled KeeperAI session terminate on Record UID ${record_uid}` ```json { "audit_event": "keeper_ai_session_terminate_disabled", "category": "keeper_ai", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw" } ``` #### `keeper_ai_session_terminate_enabled` **説明:** KeeperAIセッション終了の有効化 **アラートテンプレート:** `User ${username} enabled KeeperAI session terminate on Record UID ${record_uid}` ```json { "audit_event": "keeper_ai_session_terminate_enabled", "category": "keeper_ai", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw" } ``` #### `keeper_ai_session_unlocked_by_user` **説明:** ユーザーによるセッションロック解除 **アラートテンプレート:** `User ${username} unlocked Record UID ${record_uid}` ```json { "audit_event": "keeper_ai_session_unlocked_by_user", "category": "keeper_ai", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw" } ``` ### カテゴリ: `ksm` #### `app_client_access` **説明:** アプリからのシークレットマネージャーアクセス **アラートテンプレート:** `${app_client_type} ${device_name} has accessed secrets from application ${app_uid}` ```json { "audit_event": "app_client_access", "category": "ksm", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "app_client_type": "general", "device_name": "MacBook Pro", "app_uid": "App9qLnfWVxWL9OQlsGdOUw" } ``` #### `app_client_access_denied` **説明:** クライアントデバイスからのシークレットマネージャーアクセス拒否 **アラートテンプレート:** `Access denied to application ${app_uid} from ${app_client_type} ${device_name} with IP address ${ip_address}` ```json { "audit_event": "app_client_access_denied", "category": "ksm", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "app_uid": "App9qLnfWVxWL9OQlsGdOUw", "app_client_type": "general", "device_name": "MacBook Pro", "ip_address": "203.0.113.45" } ``` #### `app_client_added` **説明:** シークレットマネージャーアプリへのクライアントデバイス追加 **アラートテンプレート:** `User ${username} added ${app_client_type} ${device_name} to application ${app_uid}` ```json { "audit_event": "app_client_added", "category": "ksm", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "app_client_type": "general", "device_name": "MacBook Pro", "app_uid": "App9qLnfWVxWL9OQlsGdOUw" } ``` #### `app_client_connected` **説明:** シークレットマネージャーアプリでのクライアントデバイス初期化 **アラートテンプレート:** `${app_client_type} ${device_name} performed initial connect to application ${app_uid}` ```json { "audit_event": "app_client_connected", "category": "ksm", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "app_client_type": "general", "device_name": "MacBook Pro", "app_uid": "App9qLnfWVxWL9OQlsGdOUw" } ``` #### `app_client_expired` **説明:** シークレットマネージャークライアントデバイスアクセスの期限切れ **アラートテンプレート:** `Access for ${app_client_type} ${device_name} to application ${app_uid} has expired` ```json { "audit_event": "app_client_expired", "category": "ksm", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "app_client_type": "general", "device_name": "MacBook Pro", "app_uid": "App9qLnfWVxWL9OQlsGdOUw" } ``` #### `app_client_folder_create` **説明:** シークレットマネージャーデバイスによるフォルダ作成 **アラートテンプレート:** `${app_client_type} ${device_name} has created folder UID ${record_uid}` ```json { "audit_event": "app_client_folder_create", "category": "ksm", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "app_client_type": "general", "device_name": "MacBook Pro", "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw" } ``` #### `app_client_folder_delete` **説明:** シークレットマネージャーデバイスによるフォルダ削除 **アラートテンプレート:** `${app_client_type} ${device_name} has deleted folder UID ${record_uid}` ```json { "audit_event": "app_client_folder_delete", "category": "ksm", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "app_client_type": "general", "device_name": "MacBook Pro", "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw" } ``` #### `app_client_folder_remove_record` **説明:** シークレットマネージャーデバイスによる共有フォルダからのレコード削除 **アラートテンプレート:** `${app_client_type} ${device_name} removed record ${record_uid} from shared folder` ```json { "audit_event": "app_client_folder_remove_record", "category": "ksm", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "app_client_type": "general", "device_name": "MacBook Pro", "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw" } ``` #### `app_client_folder_update` **説明:** シークレットマネージャーデバイスによるフォルダ更新 **アラートテンプレート:** `${app_client_type} ${device_name} has updated folder UID ${record_uid}` ```json { "audit_event": "app_client_folder_update", "category": "ksm", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "app_client_type": "general", "device_name": "MacBook Pro", "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw" } ``` #### `app_client_record_create` **説明:** シークレットマネージャーデバイスによるレコード作成 **アラートテンプレート:** `${app_client_type} ${device_name} has created record UID ${record_uid}` ```json { "audit_event": "app_client_record_create", "category": "ksm", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "app_client_type": "general", "device_name": "MacBook Pro", "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw" } ``` #### `app_client_record_delete` **説明:** シークレットマネージャーデバイスによるレコード削除 **アラートテンプレート:** `${app_client_type} ${device_name} has sent record UID ${record_uid} to trash` ```json { "audit_event": "app_client_record_delete", "category": "ksm", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "app_client_type": "general", "device_name": "MacBook Pro", "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw" } ``` #### `app_client_record_update` **説明:** シークレットマネージャーデバイスによるレコード更新 **アラートテンプレート:** `${app_client_type} ${device_name} has updated record UID ${record_uid}` ```json { "audit_event": "app_client_record_update", "category": "ksm", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "app_client_type": "general", "device_name": "MacBook Pro", "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw" } ``` #### `app_client_removed` **説明:** シークレットマネージャーアプリからのクライアントデバイス削除 **アラートテンプレート:** `User ${username} removed ${app_client_type} ${device_name} from application ${app_uid}` ```json { "audit_event": "app_client_removed", "category": "ksm", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "app_client_type": "general", "device_name": "MacBook Pro", "app_uid": "App9qLnfWVxWL9OQlsGdOUw" } ``` #### `app_folder_removed` **説明:** シークレットマネージャーからのフォルダ削除 **アラートテンプレート:** `User ${username} removed folder UID ${secret_uid} from KSM application ${app_uid}` ```json { "audit_event": "app_folder_removed", "category": "ksm", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "secret_uid": "Sec9qLnfWVxWL9OQlsGdOUw", "app_uid": "App9qLnfWVxWL9OQlsGdOUw" } ``` #### `app_folder_share_changed` **説明:** シークレットマネージャーへのフォルダ権限変更 **アラートテンプレート:** `User ${username} changed share permissions for folder UID ${secret_uid} for KSM application ${app_uid}` ```json { "audit_event": "app_folder_share_changed", "category": "ksm", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "secret_uid": "Sec9qLnfWVxWL9OQlsGdOUw", "app_uid": "App9qLnfWVxWL9OQlsGdOUw" } ``` #### `app_folder_shared` **説明:** シークレットマネージャーへのフォルダ共有 **アラートテンプレート:** `User ${username} shared folder UID ${secret_uid} with KSM application ${app_uid}` ```json { "audit_event": "app_folder_shared", "category": "ksm", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "secret_uid": "Sec9qLnfWVxWL9OQlsGdOUw", "app_uid": "App9qLnfWVxWL9OQlsGdOUw" } ``` #### `app_record_removed` **説明:** シークレットマネージャーからのレコード削除 **アラートテンプレート:** `User ${username} removed record UID ${secret_uid} from KSM application ${app_uid}` ```json { "audit_event": "app_record_removed", "category": "ksm", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "secret_uid": "Sec9qLnfWVxWL9OQlsGdOUw", "app_uid": "App9qLnfWVxWL9OQlsGdOUw" } ``` #### `app_record_share_changed` **説明:** シークレットマネージャーへのレコード権限の変更 **アラートテンプレート:** `User ${username} changed share permissions for record UID ${secret_uid} for KSM application ${app_uid}` ```json { "audit_event": "app_record_share_changed", "category": "ksm", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "secret_uid": "Sec9qLnfWVxWL9OQlsGdOUw", "app_uid": "App9qLnfWVxWL9OQlsGdOUw" } ``` #### `app_record_shared` **説明:** シークレットマネージャーアプリとのレコード共有 **アラートテンプレート:** `User ${username} shared record UID ${secret_uid} with KSM application ${app_uid}` ```json { "audit_event": "app_record_shared", "category": "ksm", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "secret_uid": "Sec9qLnfWVxWL9OQlsGdOUw", "app_uid": "App9qLnfWVxWL9OQlsGdOUw" } ``` #### `pam_configuration_created` **説明:** PAM構成の作成 **アラートテンプレート:** `User ${username} created a PAM Configuration '${record_uid}'` ```json { "audit_event": "pam_configuration_created", "category": "ksm", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw" } ``` #### `pam_configuration_deleted` **説明:** PAM構成の削除 **アラートテンプレート:** `User ${username} deleted a PAM Configuration '${record_uid}'` ```json { "audit_event": "pam_configuration_deleted", "category": "ksm", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw" } ``` #### `pam_configuration_updated` **説明:** PAM構成の更新 **アラートテンプレート:** `User ${username} updated a PAM Configuration '${record_uid}'` ```json { "audit_event": "pam_configuration_updated", "category": "ksm", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw" } ``` #### `pam_gateway_created` **説明:** ゲートウェイの作成 **アラートテンプレート:** `User ${username} created gateway ${device_name} (UID: ${gateway_uid})` ```json { "audit_event": "pam_gateway_created", "category": "ksm", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "device_name": "MacBook Pro", "gateway_uid": "Gw9qLnfWVxWL9OQlsGdOUw" } ``` #### `pam_gateway_max_instance_count_updated` **アラートテンプレート:** `User ${username} updated gateway ${device_name} (UID: ${gateway_uid}) max instance count to ${max_instance_count}` ```json { "audit_event": "pam_gateway_max_instance_count_updated", "category": "ksm", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "device_name": "MacBook Pro", "gateway_uid": "Gw9qLnfWVxWL9OQlsGdOUw", "max_instance_count": 10 } ``` #### `pam_gateway_offline` **説明:** ゲートウェイのオフライン **アラートテンプレート:** `Gateway ${device_name} (UID: ${gateway_uid}) is offline` ```json { "audit_event": "pam_gateway_offline", "category": "ksm", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "device_name": "MacBook Pro", "gateway_uid": "Gw9qLnfWVxWL9OQlsGdOUw" } ``` #### `pam_gateway_online` **説明:** ゲートウェイのオンライン **アラートテンプレート:** `Gateway ${device_name} (UID: ${gateway_uid}) is online` ```json { "audit_event": "pam_gateway_online", "category": "ksm", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "device_name": "MacBook Pro", "gateway_uid": "Gw9qLnfWVxWL9OQlsGdOUw" } ``` #### `pam_gateway_removed` **説明:** ゲートウェイの削除 **アラートテンプレート:** `User ${username} removed gateway ${device_name} (UID: ${gateway_uid})` ```json { "audit_event": "pam_gateway_removed", "category": "ksm", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "device_name": "MacBook Pro", "gateway_uid": "Gw9qLnfWVxWL9OQlsGdOUw" } ``` #### `record_rotation_created` **説明:** レコードへのローテーション設定の追加 **アラートテンプレート:** `User ${username} added rotation settings to record ${record_uid}` ```json { "audit_event": "record_rotation_created", "category": "ksm", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw" } ``` #### `record_rotation_disabled` **説明:** レコードでのローテーションの無効化 **アラートテンプレート:** `User ${username} disabled rotation settings on record ${record_uid}` ```json { "audit_event": "record_rotation_disabled", "category": "ksm", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw" } ``` #### `record_rotation_on_demand_fail` **説明:** オンデマンドローテーションの失敗 **アラートテンプレート:** `On demand rotation by user ${username} failed for record ${record_uid}` ```json { "audit_event": "record_rotation_on_demand_fail", "category": "ksm", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw" } ``` #### `record_rotation_on_demand_ok` **説明:** オンデマンドローテーションの成功 **アラートテンプレート:** `User ${username} successfully rotated record ${record_uid}` ```json { "audit_event": "record_rotation_on_demand_ok", "category": "ksm", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw" } ``` #### `record_rotation_scheduled_fail` **説明:** スケジュールローテーションの失敗 **アラートテンプレート:** `Scheduled rotation failed for record ${record_uid}` ```json { "audit_event": "record_rotation_scheduled_fail", "category": "ksm", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw" } ``` #### `record_rotation_scheduled_ok` **説明:** スケジュールローテーションの成功 **アラートテンプレート:** `Record ${record_uid} was successfully rotated` ```json { "audit_event": "record_rotation_scheduled_ok", "category": "ksm", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw" } ``` #### `record_rotation_updated` **説明:** レコードのローテーション設定の変更 **アラートテンプレート:** `User ${username} updated rotation settings on record ${record_uid}` ```json { "audit_event": "record_rotation_updated", "category": "ksm", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw" } ``` ### カテゴリ: `login` #### `login` **説明:** ログイン **アラートテンプレート:** `User ${username} logged in to vault (${channel})` ```json { "audit_event": "login", "category": "login", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "channel": "Web Vault" } ``` #### `login_console` **説明:** コンソールへのログイン **アラートテンプレート:** `User ${username} logged into Admin Console (${channel})` ```json { "audit_event": "login_console", "category": "login", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "channel": "Web Vault" } ``` #### `login_failure` **説明:** ログインの失敗 **アラートテンプレート:** `User ${username} login failed with code ${result_code}` ```json { "audit_event": "login_failure", "category": "login", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "result_code": "auth_failed", "channel": "Web Vault" } ``` ### カテゴリ: `managed_company` #### `enterprise_addon_added` **説明:** アドオンの追加 **アラートテンプレート:** `User ${username} added ${plan} add-on to enterprise ${enterprise}` ```json { "audit_event": "enterprise_addon_added", "category": "managed_company", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "plan": "business_monthly", "enterprise": "Acme Corp" } ``` #### `enterprise_addon_removed` **説明:** アドオンの削除 **アラートテンプレート:** `User ${username} removed ${plan} add-on from enterprise ${enterprise}` ```json { "audit_event": "enterprise_addon_removed", "category": "managed_company", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "plan": "business_monthly", "enterprise": "Acme Corp" } ``` #### `enterprise_created` **説明:** エンタープライズの作成 **アラートテンプレート:** `User ${username} created enterprise ${enterprise}` ```json { "audit_event": "enterprise_created", "category": "managed_company", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "enterprise": "Acme Corp" } ``` #### `enterprise_deleted` **説明:** エンタープライズの削除 **アラートテンプレート:** `User ${username} deleted enterprise ${enterprise}` ```json { "audit_event": "enterprise_deleted", "category": "managed_company", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "enterprise": "Acme Corp" } ``` #### `enterprise_file_plan_changed` **説明:** ファイルプランの変更 **アラートテンプレート:** `User ${username} changed file plan for enterprise ${enterprise} to ${plan}` ```json { "audit_event": "enterprise_file_plan_changed", "category": "managed_company", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "enterprise": "Acme Corp", "plan": "business_monthly" } ``` #### `mc_pam_active_seat_count_changed` **説明:** 管理対象企業のアクティブシート数の変更 (アクティブユーザーのみ、招待済みユーザーは対象外) **アラートテンプレート:** `PAM active seat count XXX by ${seats}` ```json { "audit_event": "mc_pam_active_seat_count_changed", "category": "managed_company", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "seats": 5 } ``` #### `msp_changes_mc_plan` **説明:** 管理対象企業プランの変更 **アラートテンプレート:** `User ${username} changed plan for MC ${enterprise} to ${plan}` ```json { "audit_event": "msp_changes_mc_plan", "category": "managed_company", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "enterprise": "Acme Corp", "plan": "business_monthly", "mc_enterprise_id": 9876 } ``` #### `msp_changes_mc_seats` **説明:** 管理対象企業の最大ライセンス数の変更 **アラートテンプレート:** `User ${username} changed MC Maximum license count for enterprise ${enterprise} to ${seats}` ```json { "audit_event": "msp_changes_mc_seats", "category": "managed_company", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "enterprise": "Acme Corp", "seats": 5, "mc_enterprise_id": 9876 } ``` #### `msp_pam_active_seat_count_changed_within_mc` **説明:** 管理対象企業内のアクティブシート数の変更 (MSP向け表示、アクティブユーザーのみ、招待済みユーザーは対象外) **アラートテンプレート:** `PAM active seat count for managed company ${enterprise} XXX by ${seats}` ```json { "audit_event": "msp_pam_active_seat_count_changed_within_mc", "category": "managed_company", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "enterprise": "Acme Corp", "seats": 5 } ``` ### カテゴリ: `msp` #### `gradient_connection_remove` **説明:** Gradient MSPの削除 **アラートテンプレート:** `User ${username} delete Gradient MSP integration succeeded` ```json { "audit_event": "gradient_connection_remove", "category": "msp", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345 } ``` #### `gradient_connection_setup` **説明:** Gradient MSPのセットアップ **アラートテンプレート:** `User ${username} setup connection to Gradient MSP succeeded` ```json { "audit_event": "gradient_connection_setup", "category": "msp", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345 } ``` #### `gradient_mappings_setup` **説明:** Gradient MSPマッピング **アラートテンプレート:** `User ${username} sync mappings to Gradient MSP succeeded` ```json { "audit_event": "gradient_mappings_setup", "category": "msp", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345 } ``` #### `gradient_sync_fail` **説明:** Gradient MSP同期の失敗 **アラートテンプレート:** `Gradient MSP billing sync has failed` ```json { "audit_event": "gradient_sync_fail", "category": "msp", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345 } ``` #### `msp_activated` **説明:** MSPの有効化 **アラートテンプレート:** `User ${username} activated MSP for enterprise ${enterprise}` ```json { "audit_event": "msp_activated", "category": "msp", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "enterprise": "Acme Corp" } ``` #### `msp_attaches_mc` **説明:** ノードへの割り当て **アラートテンプレート:** `User ${username} attached enterprise ${enterprise} to node ${node}` ```json { "audit_event": "msp_attaches_mc", "category": "msp", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "enterprise": "Acme Corp", "node": "Engineering" } ``` #### `msp_creates_mc` **説明:** 管理対象企業の登録 **アラートテンプレート:** `User ${username} registered enterprise ${enterprise}, ${plan}` ```json { "audit_event": "msp_creates_mc", "category": "msp", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "enterprise": "Acme Corp", "plan": "business_monthly", "mc_enterprise_id": 9876 } ``` #### `msp_deactivated` **説明:** MSPの無効化 **アラートテンプレート:** `User ${username} deactivated MSP for enterprise ${enterprise}` ```json { "audit_event": "msp_deactivated", "category": "msp", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "enterprise": "Acme Corp" } ``` #### `msp_pam_active_seat_count_changed` **説明:** マネージドサービスプロバイダーのアクティブシート数の変更 (アクティブユーザーのみ、招待済みユーザーは対象外) **アラートテンプレート:** `PAM active seat count XXX by ${seats}` ```json { "audit_event": "msp_pam_active_seat_count_changed", "category": "msp", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "seats": 5 } ``` #### `msp_pauses_mc` **説明:** 管理対象企業の一時停止 **アラートテンプレート:** `User ${username} paused enterprise ${enterprise}, ${plan}` ```json { "audit_event": "msp_pauses_mc", "category": "msp", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "enterprise": "Acme Corp", "plan": "business_monthly", "mc_enterprise_id": 9876 } ``` #### `msp_removes_mc` **説明:** 管理対象企業の削除 **アラートテンプレート:** `User ${username} removed enterprise ${enterprise}, ${plan}` ```json { "audit_event": "msp_removes_mc", "category": "msp", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "enterprise": "Acme Corp", "plan": "business_monthly", "mc_enterprise_id": 9876 } ``` #### `msp_renames_mc` **説明:** 管理対象企業の名前変更 **アラートテンプレート:** `User ${username} renamed enterprise ${enterprise} to ${enterprise_new}` ```json { "audit_event": "msp_renames_mc", "category": "msp", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "enterprise": "Acme Corp", "enterprise_new": "Acme Corporation", "mc_enterprise_id": 9876 } ``` #### `msp_resumes_mc` **説明:** 管理対象企業の再開 **アラートテンプレート:** `User ${username} resumed enterprise ${enterprise}, ${plan}` ```json { "audit_event": "msp_resumes_mc", "category": "msp", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "enterprise": "Acme Corp", "plan": "business_monthly", "mc_enterprise_id": 9876 } ``` ### カテゴリ: `policy` #### `agent_removed_approval_request` **説明:** エージェントによる承認リクエストの削除 **アラートテンプレート:** `Agent ${agent_uid} removed approval request ${request_uid}` ```json { "audit_event": "agent_removed_approval_request", "category": "policy", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "agent_uid": "Ag9qLnfWVxWL9OQlsGdOUw", "request_uid": "Req9qLnfWVxWL9OQlsGdOUw" } ``` #### `audit_alert_created` **説明:** アラートの作成 **アラートテンプレート:** `Admin ${username} created audit alert "${name}"` ```json { "audit_event": "audit_alert_created", "category": "policy", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "name": "High-Risk Login Alert" } ``` #### `audit_alert_deleted` **説明:** アラートの削除 **アラートテンプレート:** `Admin ${username} deleted audit alert "${name}"` ```json { "audit_event": "audit_alert_deleted", "category": "policy", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "name": "High-Risk Login Alert" } ``` #### `audit_alert_paused` **説明:** アラートの一時停止 **アラートテンプレート:** `Admin ${username} paused audit alert "${name}" for user ${recipient}` ```json { "audit_event": "audit_alert_paused", "category": "policy", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "name": "High-Risk Login Alert", "recipient": "soc-team@keepersecurity.com" } ``` #### `audit_alert_resumed` **説明:** アラートの再開 **アラートテンプレート:** `Admin ${username} resumed audit alert "${name}" for user ${recipient}` ```json { "audit_event": "audit_alert_resumed", "category": "policy", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "name": "High-Risk Login Alert", "recipient": "soc-team@keepersecurity.com" } ``` #### `audit_sync_removed` **説明:** 監査ログ同期の削除 **アラートテンプレート:** `Admin ${username} removed "${name}" audit log sync` ```json { "audit_event": "audit_sync_removed", "category": "policy", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "name": "High-Risk Login Alert" } ``` #### `audit_sync_setup` **説明:** 監査ログ同期のセットアップ **アラートテンプレート:** `Admin ${username} set up "${name}" audit log sync` ```json { "audit_event": "audit_sync_setup", "category": "policy", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "name": "High-Risk Login Alert" } ``` #### `bridge_activated` **説明:** AD Bridgeの有効化 **アラートテンプレート:** `User ${username} activated Keeper Bridge on node ${node}` ```json { "audit_event": "bridge_activated", "category": "policy", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "node": "Engineering" } ``` #### `bridge_deleted` **説明:** AD Bridgeの削除 **アラートテンプレート:** `User ${username} deleted Keeper Bridge from node ${node}` ```json { "audit_event": "bridge_deleted", "category": "policy", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "node": "Engineering" } ``` #### `bridge_updated` **説明:** AD Bridgeの更新 **アラートテンプレート:** `User ${username} updated Keeper Bridge on node ${node}` ```json { "audit_event": "bridge_updated", "category": "policy", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "node": "Engineering" } ``` #### `email_provisioning_activated` **説明:** メールプロビジョニングの有効化 **アラートテンプレート:** `User ${username} activated Email auto-provisioning for domain ${email_domain} on node ${node}` ```json { "audit_event": "email_provisioning_activated", "category": "policy", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "email_domain": "keepersecurity.com", "node": "Engineering" } ``` #### `email_provisioning_deleted` **説明:** メールプロビジョニングの削除 **アラートテンプレート:** `User ${username} deleted Email auto-provisioning for domain ${email_domain} from node ${node}` ```json { "audit_event": "email_provisioning_deleted", "category": "policy", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "email_domain": "keepersecurity.com", "node": "Engineering" } ``` #### `node_created` **説明:** ノードの作成 **アラートテンプレート:** `User ${username} created node ${node}` ```json { "audit_event": "node_created", "category": "policy", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "node": "Engineering" } ``` #### `node_deleted` **説明:** ノードの削除 **アラートテンプレート:** `User ${username} deleted node ${node}` ```json { "audit_event": "node_deleted", "category": "policy", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "node": "Engineering" } ``` #### `out_of_seats` **説明:** ライセンス上限への到達 **アラートテンプレート:** `License has reached the maximum allowed users for ${enterprise}` ```json { "audit_event": "out_of_seats", "category": "policy", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "enterprise": "Acme Corp" } ``` #### `record_type_created` **説明:** レコードタイプの作成 **アラートテンプレート:** `Admin ${username} created record type ${name}` ```json { "audit_event": "record_type_created", "category": "policy", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "name": "High-Risk Login Alert" } ``` #### `record_type_deleted` **説明:** レコードタイプの削除 **アラートテンプレート:** `Admin ${username} deleted record type ${name}` ```json { "audit_event": "record_type_deleted", "category": "policy", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "name": "High-Risk Login Alert" } ``` #### `record_type_updated` **説明:** レコードタイプの更新 **アラートテンプレート:** `Admin ${username} updated record type ${name}` ```json { "audit_event": "record_type_updated", "category": "policy", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "name": "High-Risk Login Alert" } ``` #### `report_created` **説明:** レポートの作成 **アラートテンプレート:** `Admin ${username} created report ${report_name}` ```json { "audit_event": "report_created", "category": "policy", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "report_name": "Quarterly Compliance Review" } ``` #### `report_deleted` **説明:** レポートの削除 **アラートテンプレート:** `Admin ${username} deleted report ${report_name}` ```json { "audit_event": "report_deleted", "category": "policy", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "report_name": "Quarterly Compliance Review" } ``` #### `report_modified` **説明:** レポートの変更 **アラートテンプレート:** `Admin ${username} modified report ${report_name}` ```json { "audit_event": "report_modified", "category": "policy", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "report_name": "Quarterly Compliance Review" } ``` #### `role_created` **説明:** ロールの作成 **アラートテンプレート:** `User ${username} created role ${role_id}` ```json { "audit_event": "role_created", "category": "policy", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "role_id": 9876543210 } ``` #### `role_deleted` **説明:** ロールの削除 **アラートテンプレート:** `User ${username} deleted role ${role_id}` ```json { "audit_event": "role_deleted", "category": "policy", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "role_id": 9876543210 } ``` #### `role_enforcement_changed` **説明:** ロールポリシーの変更 **アラートテンプレート:** `User ${username} changed enforcement ${enforcement} to ${value} for role ${role_id}` ```json { "audit_event": "role_enforcement_changed", "category": "policy", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "enforcement": "require_two_factor", "value": "true", "role_id": 9876543210 } ``` #### `scim_activated` **説明:** SCIMの有効化 **アラートテンプレート:** `User ${username} activated SCIM provisioning on node ${node}` ```json { "audit_event": "scim_activated", "category": "policy", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "node": "Engineering" } ``` #### `scim_deleted` **説明:** SCIMの削除 **アラートテンプレート:** `User ${username} deleted SCIM provisioning from node ${node}` ```json { "audit_event": "scim_deleted", "category": "policy", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "node": "Engineering" } ``` #### `scim_updated` **説明:** SCIMの有効化 **アラートテンプレート:** `User ${username} updated SCIM provisioning on node ${node}` ```json { "audit_event": "scim_updated", "category": "policy", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "node": "Engineering" } ``` #### `set_2fa_configuration` **説明:** 2FA構成の設定 **アラートテンプレート:** `Set global 2FA configuration ${value} for node ${node}` ```json { "audit_event": "set_2fa_configuration", "category": "policy", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "value": "true", "node": "Engineering" } ``` #### `set_custom_email_content` **説明:** カスタムメールの設定 **アラートテンプレート:** `User ${username} set custom email content` ```json { "audit_event": "set_custom_email_content", "category": "policy", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345 } ``` #### `set_custom_email_logo` **説明:** メールロゴの設定 **アラートテンプレート:** `User ${username} set custom email logo` ```json { "audit_event": "set_custom_email_logo", "category": "policy", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345 } ``` #### `set_custom_header_logo` **説明:** Vaultロゴの設定 **アラートテンプレート:** `User ${username} set custom header logo` ```json { "audit_event": "set_custom_header_logo", "category": "policy", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345 } ``` #### `ssh_agent_approved` **説明:** SSHエージェントの承認 **アラートテンプレート:** `User ${username} used SSH Agent with record ${record_uid}` ```json { "audit_event": "ssh_agent_approved", "category": "policy", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw" } ``` #### `ssh_agent_started` **説明:** SSHエージェントの開始 **アラートテンプレート:** `User ${username} started SSH Agent` ```json { "audit_event": "ssh_agent_started", "category": "policy", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345 } ``` #### `ssh_agent_stopped` **説明:** SSHエージェントの停止 **アラートテンプレート:** `User ${username} stopped SSH Agent` ```json { "audit_event": "ssh_agent_stopped", "category": "policy", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345 } ``` #### `sso_activated` **説明:** SSO Connectの有効化 **アラートテンプレート:** `User ${username} activated Keeper SSO Connect on node ${node}` ```json { "audit_event": "sso_activated", "category": "policy", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "node": "Engineering" } ``` #### `sso_deleted` **説明:** SSO Connectの削除 **アラートテンプレート:** `User ${username} deleted Keeper SSO Connect from node ${node}` ```json { "audit_event": "sso_deleted", "category": "policy", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "node": "Engineering" } ``` #### `sso_updated` **説明:** SSO Connectの更新 **アラートテンプレート:** `User ${username} updated Keeper SSO Connect configuration on node ${node}` ```json { "audit_event": "sso_updated", "category": "policy", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "node": "Engineering" } ``` #### `team_created` **説明:** チームの作成 **アラートテンプレート:** `User ${username} created team ${team_uid}` ```json { "audit_event": "team_created", "category": "policy", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "team_uid": "Tm9qLnfWVxWL9OQlsGdOUw" } ``` #### `team_deleted` **説明:** チームの削除 **アラートテンプレート:** `User ${username} deleted team ${team_uid}` ```json { "audit_event": "team_deleted", "category": "policy", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "team_uid": "Tm9qLnfWVxWL9OQlsGdOUw" } ``` #### `team_provisioned_by_scim` **説明:** SCIMによるチームのプロビジョニング **アラートテンプレート:** `SCIM provisioned team ${team_uid}` ```json { "audit_event": "team_provisioned_by_scim", "category": "policy", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "team_uid": "Tm9qLnfWVxWL9OQlsGdOUw" } ``` ### カテゴリ: `public_api` #### `access_resource_public_api` **説明:** パブリックAPIトークンによるリソースアクセス **アラートテンプレート:** `API with token ${token_id} with resource ${app_uid} executed` ```json { "audit_event": "access_resource_public_api", "category": "public_api", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "token_id": "tok_9f4Z2K3pX7vQ8aB1", "app_uid": "App9qLnfWVxWL9OQlsGdOUw" } ``` #### `create_public_api_token_in_days` **説明:** 管理者によるAPIトークンの作成 **アラートテンプレート:** `User ${username} created an API token ${token_id} for type ${app_uid} with an expiration of ${feature_id} days` ```json { "audit_event": "create_public_api_token_in_days", "category": "public_api", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "token_id": "tok_9f4Z2K3pX7vQ8aB1", "app_uid": "App9qLnfWVxWL9OQlsGdOUw", "feature_id": 30 } ``` #### `revoke_public_api_token` **説明:** パブリックAPIトークンの削除 **アラートテンプレート:** `User ${username} deleted API token ${token_id}` ```json { "audit_event": "revoke_public_api_token", "category": "public_api", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "token_id": "tok_9f4Z2K3pX7vQ8aB1" } ``` ### カテゴリ: `role_node_management` #### `role_managed_node_added` **説明:** ロールへの管理ノードの追加 **アラートテンプレート:** `User ${username} added manage nodes permission for role ${role_id} on node ${node_id} with cascade set to ${value}` ```json { "audit_event": "role_managed_node_added", "category": "role_node_management", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "role_id": 9876543210, "node_id": 1234567890, "value": "true" } ``` #### `role_managed_node_removed` **説明:** ロールからの管理ノードの削除 **アラートテンプレート:** `User ${username} removed manage nodes permission for role ${role_id} on node ${node_id}` ```json { "audit_event": "role_managed_node_removed", "category": "role_node_management", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "role_id": 9876543210, "node_id": 1234567890 } ``` #### `role_managed_node_updated` **説明:** カスケードノード権限の変更 **アラートテンプレート:** `User ${username} changed the cascade node permission on node ${node_id} for role ${role_id} to ${value}` ```json { "audit_event": "role_managed_node_updated", "category": "role_node_management", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "node_id": 1234567890, "role_id": 9876543210, "value": "true" } ``` ### カテゴリ: `security` #### `accept_invitation` **説明:** 招待の承諾 **アラートテンプレート:** `User ${username} accepted invitation` ```json { "audit_event": "accept_invitation", "category": "security", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345 } ``` #### `accept_transfer` **説明:** アカウント移行同意の承諾 **アラートテンプレート:** `User ${username} accepted account transfer consent` ```json { "audit_event": "accept_transfer", "category": "security", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345 } ``` #### `account_recovery_decline` **説明:** リカバリーフレーズ設定の拒否 **アラートテンプレート:** `User ${username} declined to set a recovery phrase for their account` ```json { "audit_event": "account_recovery_decline", "category": "security", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345 } ``` #### `account_recovery_setup` **説明:** リカバリーフレーズの設定 **アラートテンプレート:** `User ${username} set a recovery phrase for their account` ```json { "audit_event": "account_recovery_setup", "category": "security", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345 } ``` #### `add_security_key` **説明:** セキュリティキーの追加 **アラートテンプレート:** `User ${username} added security key` ```json { "audit_event": "add_security_key", "category": "security", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345 } ``` #### `added_admin_key` **説明:** 管理者権限の付与 **アラートテンプレート:** `User ${to_username} was provided admin permissions by admin ${username}` ```json { "audit_event": "added_admin_key", "category": "security", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "to_username": "bob@keepersecurity.com" } ``` #### `added_to_role` **説明:** ロールへのユーザー追加 **アラートテンプレート:** `User ${to_username} was added to Role ${role_id} by admin ${username}` ```json { "audit_event": "added_to_role", "category": "security", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "to_username": "bob@keepersecurity.com", "role_id": 9876543210 } ``` #### `auto_invite_user` **説明:** ユーザーの自動招待 **アラートテンプレート:** `User ${email} was added by an automated provisioning method (SCIM, SSO or AD Bridge)` ```json { "audit_event": "auto_invite_user", "category": "security", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "email": "newuser@keepersecurity.com" } ``` #### `clear_security_data` **説明:** セキュリティ監査データの消去 **アラートテンプレート:** `User ${username} cleared security audit data from the Admin Console` ```json { "audit_event": "clear_security_data", "category": "security", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345 } ``` #### `create_user` **説明:** ユーザーの作成 **アラートテンプレート:** `User ${username} created` ```json { "audit_event": "create_user", "category": "security", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345 } ``` #### `decline_invitation` **説明:** 招待の拒否 **アラートテンプレート:** `User ${username} declined invitation` ```json { "audit_event": "decline_invitation", "category": "security", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345 } ``` #### `delete_pending_user` **説明:** 保留ユーザーの削除 **アラートテンプレート:** `Pending user ${email} was deleted by ${username}` ```json { "audit_event": "delete_pending_user", "category": "security", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "email": "newuser@keepersecurity.com" } ``` #### `delete_security_key` **説明:** セキュリティキーの削除 **アラートテンプレート:** `User ${username} removed security key` ```json { "audit_event": "delete_security_key", "category": "security", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345 } ``` #### `delete_user` **説明:** ユーザーの削除 **アラートテンプレート:** `User ${email} was deleted by admin ${username}` ```json { "audit_event": "delete_user", "category": "security", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "email": "newuser@keepersecurity.com" } ``` #### `device_admin_account_locked` **説明:** 管理者によるデバイスアカウントのロック **アラートテンプレート:** `Admin ${username} locked account on a device for ${to_username}` ```json { "audit_event": "device_admin_account_locked", "category": "security", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "to_username": "bob@keepersecurity.com" } ``` #### `device_admin_account_unlocked` **説明:** 管理者によるデバイスアカウントのロック解除 **アラートテンプレート:** `Admin ${username} unlocked account on a device for ${to_username}` ```json { "audit_event": "device_admin_account_unlocked", "category": "security", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "to_username": "bob@keepersecurity.com" } ``` #### `device_admin_approval_requested` **説明:** デバイスの管理者承認リクエスト **アラートテンプレート:** `User ${username} requested admin approval for device ${device_name}` ```json { "audit_event": "device_admin_approval_requested", "category": "security", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "device_name": "MacBook Pro" } ``` #### `device_admin_locked` **説明:** 管理者によるデバイスのロック **アラートテンプレート:** `Admin ${username} locked a device` ```json { "audit_event": "device_admin_locked", "category": "security", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345 } ``` #### `device_admin_loggedout` **説明:** 管理者によるデバイスからのログアウト **アラートテンプレート:** `Admin ${username} Removed a device` ```json { "audit_event": "device_admin_loggedout", "category": "security", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345 } ``` #### `device_admin_removed` **説明:** 管理者によるデバイスの削除 **アラートテンプレート:** `Admin ${username} Removed a device` ```json { "audit_event": "device_admin_removed", "category": "security", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345 } ``` #### `device_admin_unlocked` **説明:** 管理者によるデバイスのロック解除 **アラートテンプレート:** `Admin ${username} unlocked a device` ```json { "audit_event": "device_admin_unlocked", "category": "security", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345 } ``` #### `device_approved` **説明:** デバイスの承認 **アラートテンプレート:** `Device ${device_name} is approved for user ${username}` ```json { "audit_event": "device_approved", "category": "security", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "device_name": "MacBook Pro" } ``` #### `device_approved_by_admin` **説明:** 管理者によるデバイスの承認 **アラートテンプレート:** `Admin ${username} approved device ${device_name} for user ${to_username}` ```json { "audit_event": "device_approved_by_admin", "category": "security", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "device_name": "MacBook Pro", "to_username": "bob@keepersecurity.com" } ``` #### `device_user_approval_requested` **説明:** ユーザーによるデバイスの自己承認リクエスト **アラートテンプレート:** `User ${username} requested self approval for device ${device_name}` ```json { "audit_event": "device_user_approval_requested", "category": "security", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "device_name": "MacBook Pro" } ``` #### `device_user_blocked` **説明:** ユーザーによるデバイスのブロック **アラートテンプレート:** `User ${username} blocked login on a device` ```json { "audit_event": "device_user_blocked", "category": "security", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345 } ``` #### `device_user_linked` **説明:** ユーザーによるデバイスのリンク **アラートテンプレート:** `User ${username} linked two or more devices` ```json { "audit_event": "device_user_linked", "category": "security", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345 } ``` #### `device_user_locked` **説明:** ユーザーによるデバイスのロック **アラートテンプレート:** `User ${username} locked a device for all accounts` ```json { "audit_event": "device_user_locked", "category": "security", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345 } ``` #### `device_user_loggedout` **説明:** ユーザーによるデバイスからのログアウト **アラートテンプレート:** `User ${username} forced logout on a device` ```json { "audit_event": "device_user_loggedout", "category": "security", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345 } ``` #### `device_user_removed` **説明:** ユーザーによるデバイスの削除 **アラートテンプレート:** `User ${username} removed a device` ```json { "audit_event": "device_user_removed", "category": "security", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345 } ``` #### `device_user_renamed` **説明:** ユーザーによるデバイス名の変更 **アラートテンプレート:** `User ${username} renamed a device` ```json { "audit_event": "device_user_renamed", "category": "security", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345 } ``` #### `device_user_unblocked` **説明:** ユーザーによるデバイスのブロック解除 **アラートテンプレート:** `User ${username} unblocked a device` ```json { "audit_event": "device_user_unblocked", "category": "security", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345 } ``` #### `device_user_unlinked` **説明:** ユーザーによるデバイスのリンク解除 **アラートテンプレート:** `User ${username} unlinked two or more devices` ```json { "audit_event": "device_user_unlinked", "category": "security", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345 } ``` #### `device_user_unlocked` **説明:** ユーザーによるデバイスのロック解除 **アラートテンプレート:** `User ${username} unlocked a device` ```json { "audit_event": "device_user_unlocked", "category": "security", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345 } ``` #### `enable_user` **説明:** ユーザーの有効化 **アラートテンプレート:** `User ${to_username} was enabled by admin ${username}` ```json { "audit_event": "enable_user", "category": "security", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "to_username": "bob@keepersecurity.com" } ``` #### `enterprise_2fa_disabled_by_admin` **説明:** 管理者による2FAの無効化 **アラートテンプレート:** `Admin ${username} disabled 2FA for user ${to_username}` ```json { "audit_event": "enterprise_2fa_disabled_by_admin", "category": "security", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "to_username": "bob@keepersecurity.com" } ``` #### `enterprise_product_changed` **説明:** プランの変更 **アラートテンプレート:** `User ${username} changed plan for enterprise ${enterprise} to ${plan}` ```json { "audit_event": "enterprise_product_changed", "category": "security", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "enterprise": "Acme Corp", "plan": "business_monthly" } ``` #### `enterprise_to_consumption_billing` **説明:** 従量課金への変換 **アラートテンプレート:** `Consumption billing start date: ${app_uid}` ```json { "audit_event": "enterprise_to_consumption_billing", "category": "security", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "app_uid": "App9qLnfWVxWL9OQlsGdOUw" } ``` #### `expire_password` **説明:** マスターパスワードの失効 **アラートテンプレート:** `User ${to_username} master password was reset by admin ${username}` ```json { "audit_event": "expire_password", "category": "security", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "to_username": "bob@keepersecurity.com" } ``` #### `lock_user` **説明:** ユーザーのロック **アラートテンプレート:** `User ${to_username} was locked by admin ${username}` ```json { "audit_event": "lock_user", "category": "security", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "to_username": "bob@keepersecurity.com" } ``` #### `login_failed_console` **説明:** 管理コンソールへのログイン失敗 **アラートテンプレート:** `User ${username} failed login to Admin Console` ```json { "audit_event": "login_failed_console", "category": "security", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "channel": "Web Vault" } ``` #### `login_failed_ip_whitelist` **説明:** IPのブロック **アラートテンプレート:** `User ${username} has been blocked from IP ${ip_address}` ```json { "audit_event": "login_failed_ip_whitelist", "category": "security", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "ip_address": "203.0.113.45" } ``` #### `payment_method_updated` **説明:** 支払い方法の更新 **アラートテンプレート:** `User ${username} updated payment method to ${plan} for enterprise ${enterprise}` ```json { "audit_event": "payment_method_updated", "category": "security", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "plan": "business_monthly", "enterprise": "Acme Corp" } ``` #### `pending_added_to_role` **説明:** ロールへの保留ユーザーの追加 **アラートテンプレート:** `Pending user ${value} was added to Role ${role_id} by admin ${username}` ```json { "audit_event": "pending_added_to_role", "category": "security", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "value": "true", "role_id": 9876543210 } ``` #### `pending_removed_from_role` **説明:** ロールからの保留ユーザーの削除 **アラートテンプレート:** `Pending user ${value} was removed from Role ${role_id} by admin ${username}` ```json { "audit_event": "pending_removed_from_role", "category": "security", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "value": "true", "role_id": 9876543210 } ``` #### `reauthentication_reprompt_success` **説明:** マスターパスワード再プロンプトの成功 **アラートテンプレート:** `User ${username} re-authentication succeeded` ```json { "audit_event": "reauthentication_reprompt_success", "category": "security", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345 } ``` #### `reauthentication_reprompt_throttle` **説明:** 再認証プロンプトのスロットル **アラートテンプレート:** `User ${username} re-authentication throttled` ```json { "audit_event": "reauthentication_reprompt_throttle", "category": "security", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345 } ``` #### `removed_from_role` **説明:** ロールからのユーザー削除 **アラートテンプレート:** `User ${to_username} was removed from Role ${role_id} by admin ${username}` ```json { "audit_event": "removed_from_role", "category": "security", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "to_username": "bob@keepersecurity.com", "role_id": 9876543210 } ``` #### `role_team_add` **説明:** チームへのロール追加 **アラートテンプレート:** `${username} added role ${role_id_status} to team ${team_uid}` ```json { "audit_event": "role_team_add", "category": "security", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "role_id_status": "9876543210", "team_uid": "Tm9qLnfWVxWL9OQlsGdOUw" } ``` #### `role_team_remove` **説明:** チームからのロール削除 **アラートテンプレート:** `${username} removed role ${role_id_status} from team ${team_uid}` ```json { "audit_event": "role_team_remove", "category": "security", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "role_id_status": "9876543210", "team_uid": "Tm9qLnfWVxWL9OQlsGdOUw" } ``` #### `scim_access_failure` **説明:** SCIMアクセスの失敗 **アラートテンプレート:** `SCIM provisioning on node ${node} failed to authenticate ${failure_count} times. Token ${token_id}..` ```json { "audit_event": "scim_access_failure", "category": "security", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "node": "Engineering", "failure_count": 4, "token_id": "tok_9f4Z2K3pX7vQ8aB1" } ``` #### `send_invitation` **説明:** ユーザーの招待 **アラートテンプレート:** `User ${email} was invited to join by admin ${username}` ```json { "audit_event": "send_invitation", "category": "security", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "email": "newuser@keepersecurity.com" } ``` #### `set_two_factor_off` **説明:** 二要素認証の無効化 **アラートテンプレート:** `User ${username} set 2FA method OFF` ```json { "audit_event": "set_two_factor_off", "category": "security", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345 } ``` #### `set_two_factor_on` **説明:** 二要素認証の有効化 **アラートテンプレート:** `User ${username} set 2FA method ON` ```json { "audit_event": "set_two_factor_on", "category": "security", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345 } ``` #### `two_factor_code_invalid` **説明:** 二要素認証コードが無効 **アラートテンプレート:** `User ${username} entered invalid two-factor authentication code` ```json { "audit_event": "two_factor_code_invalid", "category": "security", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345 } ``` #### `two_factor_disabled_by_support` **説明:** Keeperサポートによる2FAの無効化 **アラートテンプレート:** `Two-Factor Auth was disabled for user ${username} by Keeper Support` ```json { "audit_event": "two_factor_disabled_by_support", "category": "security", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345 } ``` #### `unusual_location_activity_logout` **アラートテンプレート:** `KeeperAI logged out device ${device_name} for user ${username} due to unusual location activity` ```json { "audit_event": "unusual_location_activity_logout", "category": "security", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "device_name": "MacBook Pro" } ``` #### `vault_transferred` **説明:** ボールトの移行 **アラートテンプレート:** `User ${email} (${from_username}) vault was transferred to user ${to_username} by admin ${username}` ```json { "audit_event": "vault_transferred", "category": "security", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "email": "newuser@keepersecurity.com", "from_username": "alice@keepersecurity.com", "to_username": "bob@keepersecurity.com" } ``` ### カテゴリ: `security_benchmark` #### `sb_configure_ip_allowlisting` **説明:** IP許可リストの設定 **アラートテンプレート:** `Security Benchmark Configure IP Allowlisting set to ${value} by ${username}` ```json { "audit_event": "sb_configure_ip_allowlisting", "category": "security_benchmark", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "value": "true" } ``` #### `sb_create_alerts` **説明:** アラートの作成 **アラートテンプレート:** `Security Benchmark Create Alerts set to ${value} by ${username}` ```json { "audit_event": "sb_create_alerts", "category": "security_benchmark", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "value": "true" } ``` #### `sb_create_at_least_two_keeper_administrators` **説明:** Keeper管理者を2名以上作成 **アラートテンプレート:** `Security Benchmark Create At Least Two Keeper Administrators set to ${value} by ${username}` ```json { "audit_event": "sb_create_at_least_two_keeper_administrators", "category": "security_benchmark", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "value": "true" } ``` #### `sb_deploy_across_entire_organization` **説明:** 組織全体への展開 **アラートテンプレート:** `Security Benchmark Deploy Across Entire Organization set to ${value} by ${username}` ```json { "audit_event": "sb_deploy_across_entire_organization", "category": "security_benchmark", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "value": "true" } ``` #### `sb_disable_account_recovery` **説明:** アカウントリカバリーの無効化 **アラートテンプレート:** `Security Benchmark Disable Account Recovery set to ${value} by ${username}` ```json { "audit_event": "sb_disable_account_recovery", "category": "security_benchmark", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "value": "true" } ``` #### `sb_disable_browser_password_managers` **説明:** ブラウザのパスワードマネージャーの無効化 **アラートテンプレート:** `Security Benchmark Disable Browser Password Managers set to ${value} by ${username}` ```json { "audit_event": "sb_disable_browser_password_managers", "category": "security_benchmark", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "value": "true" } ``` #### `sb_enable_account_transfer_policy` **説明:** アカウント移行ポリシーの有効化 **アラートテンプレート:** `Security Benchmark Enable Account Transfer Policy set to ${value} by ${username}` ```json { "audit_event": "sb_enable_account_transfer_policy", "category": "security_benchmark", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "value": "true" } ``` #### `sb_enforce_least_privilege_policy` **説明:** 最小権限ポリシーの適用 **アラートテンプレート:** `Security Benchmark Enforce Least Privilege Policy On Managed Devices set to ${value} by ${username}` ```json { "audit_event": "sb_enforce_least_privilege_policy", "category": "security_benchmark", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "value": "true" } ``` #### `sb_enforce_strong_master_password` **説明:** 強力なマスターパスワードの適用 **アラートテンプレート:** `Security Benchmark Enforce Strong Master Password set to ${value} by ${username}` ```json { "audit_event": "sb_enforce_strong_master_password", "category": "security_benchmark", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "value": "true" } ``` #### `sb_ensure_outside_sso_administrator_exists` **説明:** SSO外管理者の確保 **アラートテンプレート:** `Security Benchmark Ensure Outside SSO Administrator Exists set to ${value} by ${username}` ```json { "audit_event": "sb_ensure_outside_sso_administrator_exists", "category": "security_benchmark", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "value": "true" } ``` #### `sb_ensure_two_factor_authentication_admin_users` **説明:** 管理者ユーザーへの二要素認証の適用 **アラートテンプレート:** `Security Benchmark Ensure Two-Factor Authentication For Admin Users set to ${value} by ${username}` ```json { "audit_event": "sb_ensure_two_factor_authentication_admin_users", "category": "security_benchmark", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "value": "true" } ``` #### `sb_ensure_two_factor_authentication_for_end_users` **説明:** エンドユーザーへの二要素認証の適用 **アラートテンプレート:** `Security Benchmark Ensure Two-Factor Authentication For End Users set to ${value} by ${username}` ```json { "audit_event": "sb_ensure_two_factor_authentication_for_end_users", "category": "security_benchmark", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "value": "true" } ``` #### `sb_lock_down_sso_provider` **説明:** SSOプロバイダーのロックダウン **アラートテンプレート:** `Security Benchmark Lock Down SSO Provider set to ${value} by ${username}` ```json { "audit_event": "sb_lock_down_sso_provider", "category": "security_benchmark", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "value": "true" } ``` #### `sb_prevent_installation_of_untrusted_extensions` **説明:** 信頼できない拡張機能のインストール防止 **アラートテンプレート:** `Security Benchmark Prevent Installation Of Untrusted Extensions set to ${value} by ${username}` ```json { "audit_event": "sb_prevent_installation_of_untrusted_extensions", "category": "security_benchmark", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "value": "true" } ``` #### `sb_reduce_administrator_privilege` **説明:** 管理者権限の削減 **アラートテンプレート:** `Security Benchmark Reduce Administrator Privilege set to ${value} by ${username}` ```json { "audit_event": "sb_reduce_administrator_privilege", "category": "security_benchmark", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "value": "true" } ``` ### カテゴリ: `share` #### `accept_share` **説明:** 共有リクエストの承諾 **アラートテンプレート:** `User ${username} accepted share from user ${to_username}` ```json { "audit_event": "accept_share", "category": "share", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "to_username": "bob@keepersecurity.com" } ``` #### `added_shared_folder` **説明:** 共有フォルダーの追加 **アラートテンプレート:** `User ${username} created shared folder UID ${shared_folder_uid}` ```json { "audit_event": "added_shared_folder", "category": "share", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "shared_folder_uid": "abc1234567WL9OQlsGdOUw" } ``` #### `added_to_team` **説明:** チームへのユーザー追加 **アラートテンプレート:** `User ${to_username} was added to Team ${team_uid} by admin ${username}` ```json { "audit_event": "added_to_team", "category": "share", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "to_username": "bob@keepersecurity.com", "team_uid": "Tm9qLnfWVxWL9OQlsGdOUw" } ``` #### `cancel_share` **説明:** 共有リクエストの拒否 **アラートテンプレート:** `User ${username} canceled share from user ${to_username}` ```json { "audit_event": "cancel_share", "category": "share", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "to_username": "bob@keepersecurity.com" } ``` #### `change_share` **説明:** レコード共有の変更 **アラートテンプレート:** `User ${username} changed share permissions for record UID ${record_uid} to user ${to_username}` ```json { "audit_event": "change_share", "category": "share", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw", "to_username": "bob@keepersecurity.com" } ``` #### `deleted_shared_folder` **説明:** 共有フォルダーの削除 **アラートテンプレート:** `User ${username} deleted shared folder UID ${shared_folder_uid}` ```json { "audit_event": "deleted_shared_folder", "category": "share", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "shared_folder_uid": "abc1234567WL9OQlsGdOUw" } ``` #### `ext_share_access` **説明:** ワンタイム共有の再オープン **アラートテンプレート:** `A user re-opened the One-Time Share link for 'Record UID:${app_uid}' created by ${username}` ```json { "audit_event": "ext_share_access", "category": "share", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "app_uid": "App9qLnfWVxWL9OQlsGdOUw" } ``` #### `ext_share_added` **説明:** ワンタイム共有の追加 **アラートテンプレート:** `User ${username} generated a One-Time Share link to Record UID:${app_uid}` ```json { "audit_event": "ext_share_added", "category": "share", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "app_uid": "App9qLnfWVxWL9OQlsGdOUw" } ``` #### `ext_share_connected` **説明:** ワンタイム共有のオープン **アラートテンプレート:** `A user opened the One-Time Share link for 'Record UID:${app_uid}' created by ${username}` ```json { "audit_event": "ext_share_connected", "category": "share", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "app_uid": "App9qLnfWVxWL9OQlsGdOUw" } ``` #### `ext_share_expired` **説明:** ワンタイム共有の期限切れ **アラートテンプレート:** `A One-Time Share link for 'Record UID:${app_uid}' has expired` ```json { "audit_event": "ext_share_expired", "category": "share", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "app_uid": "App9qLnfWVxWL9OQlsGdOUw" } ``` #### `ext_share_removed` **説明:** ワンタイム共有の削除 **アラートテンプレート:** `User ${username} removed a One-Time Share link to 'Record UID:${app_uid}'` ```json { "audit_event": "ext_share_removed", "category": "share", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "app_uid": "App9qLnfWVxWL9OQlsGdOUw" } ``` #### `folder_add_outside_user` **説明:** フォルダーの社外共有 **アラートテンプレート:** `User ${username} added outside the company user ${to_username} to shared folder UID ${shared_folder_uid}"` ```json { "audit_event": "folder_add_outside_user", "category": "share", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "to_username": "bob@keepersecurity.com", "shared_folder_uid": "abc1234567WL9OQlsGdOUw" } ``` #### `folder_add_record` **説明:** 共有フォルダーへのレコード追加 **アラートテンプレート:** `User ${username} added record ${record_uid} to shared folder UID ${shared_folder_uid}` ```json { "audit_event": "folder_add_record", "category": "share", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw", "shared_folder_uid": "abc1234567WL9OQlsGdOUw" } ``` #### `folder_add_team` **説明:** フォルダーへのチーム追加 **アラートテンプレート:** `User ${username} added team UID ${team_uid} to shared folder UID ${shared_folder_uid}` ```json { "audit_event": "folder_add_team", "category": "share", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "team_uid": "Tm9qLnfWVxWL9OQlsGdOUw", "shared_folder_uid": "abc1234567WL9OQlsGdOUw" } ``` #### `folder_add_user` **説明:** フォルダーへのユーザー追加 **アラートテンプレート:** `User ${username} added user ${to_username} to shared folder UID ${shared_folder_uid}` ```json { "audit_event": "folder_add_user", "category": "share", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "to_username": "bob@keepersecurity.com", "shared_folder_uid": "abc1234567WL9OQlsGdOUw" } ``` #### `folder_change_record` **説明:** レコード権限の変更 **アラートテンプレート:** `User ${username} changed record ${record_uid} permissions to shared folder UID ${shared_folder_uid}` ```json { "audit_event": "folder_change_record", "category": "share", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw", "shared_folder_uid": "abc1234567WL9OQlsGdOUw" } ``` #### `folder_change_team` **説明:** チーム権限の変更 **アラートテンプレート:** `User ${username} changed team UID ${team_uid} permissions to shared folder UID ${shared_folder_uid}` ```json { "audit_event": "folder_change_team", "category": "share", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "team_uid": "Tm9qLnfWVxWL9OQlsGdOUw", "shared_folder_uid": "abc1234567WL9OQlsGdOUw" } ``` #### `folder_change_user` **説明:** ユーザー権限の変更 **アラートテンプレート:** `User ${username} changed user ${to_username} permissions to shared folder UID ${shared_folder_uid}` ```json { "audit_event": "folder_change_user", "category": "share", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "to_username": "bob@keepersecurity.com", "shared_folder_uid": "abc1234567WL9OQlsGdOUw" } ``` #### `folder_remove_record` **説明:** 共有フォルダからのレコード削除 **アラートテンプレート:** `User ${username} removed record ${record_uid} owned by ${to_username} from shared folder UID ${shared_folder_uid}` ```json { "audit_event": "folder_remove_record", "category": "share", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw", "to_username": "bob@keepersecurity.com", "shared_folder_uid": "abc1234567WL9OQlsGdOUw" } ``` #### `folder_remove_team` **説明:** フォルダからのチーム削除 **アラートテンプレート:** `User ${username} removed team UID ${team_uid} from shared folder UID ${shared_folder_uid}` ```json { "audit_event": "folder_remove_team", "category": "share", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "team_uid": "Tm9qLnfWVxWL9OQlsGdOUw", "shared_folder_uid": "abc1234567WL9OQlsGdOUw" } ``` #### `folder_remove_user` **説明:** フォルダからのユーザー削除 **アラートテンプレート:** `User ${username} removed user ${to_username} from shared folder UID ${shared_folder_uid}` ```json { "audit_event": "folder_remove_user", "category": "share", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "to_username": "bob@keepersecurity.com", "shared_folder_uid": "abc1234567WL9OQlsGdOUw" } ``` #### `record_share_outside_user` **説明:** 社外へのレコード共有 **アラートテンプレート:** `User ${username} shared record UID ${record_uid} outside the company with user ${to_username}` ```json { "audit_event": "record_share_outside_user", "category": "share", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw", "to_username": "bob@keepersecurity.com" } ``` #### `remove_share` **説明:** レコード共有の削除 **アラートテンプレート:** `User ${username} removed share of record UID ${record_uid} from user ${to_username}` ```json { "audit_event": "remove_share", "category": "share", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw", "to_username": "bob@keepersecurity.com" } ``` #### `removed_from_team` **説明:** チームからのユーザー削除 **アラートテンプレート:** `User ${to_username} was removed from Team ${team_uid} by admin ${username}` ```json { "audit_event": "removed_from_team", "category": "share", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "to_username": "bob@keepersecurity.com", "team_uid": "Tm9qLnfWVxWL9OQlsGdOUw" } ``` #### `share` **説明:** レコード共有 **アラートテンプレート:** `User ${username} shared record UID ${record_uid} with ${to_username}` ```json { "audit_event": "share", "category": "share", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw", "to_username": "bob@keepersecurity.com" } ``` #### `shared_folder_folder_record_restored` **説明:** 共有フォルダ内フォルダのレコード復元 **アラートテンプレート:** `User ${username} restored record UID ${record_uid} in shared folder folder UID ${folder_uid}` ```json { "audit_event": "shared_folder_folder_record_restored", "category": "share", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw", "folder_uid": "Fld9qLnfWVxWL9OQlsGdOUw" } ``` #### `shared_folder_folder_restored` **説明:** 共有フォルダ内フォルダの復元 **アラートテンプレート:** `User ${username} restored shared folder folder UID ${folder_uid}` ```json { "audit_event": "shared_folder_folder_restored", "category": "share", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "folder_uid": "Fld9qLnfWVxWL9OQlsGdOUw" } ``` #### `shared_folder_record_restored` **説明:** 共有フォルダ内レコードの復元 **アラートテンプレート:** `User ${username} restored record UID ${record_uid} in shared folder UID ${shared_folder_uid}` ```json { "audit_event": "shared_folder_record_restored", "category": "share", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw", "shared_folder_uid": "abc1234567WL9OQlsGdOUw" } ``` #### `shared_folder_restored` **説明:** 共有フォルダの復元 **アラートテンプレート:** `User ${username} restored shared folder UID ${shared_folder_uid}` ```json { "audit_event": "shared_folder_restored", "category": "share", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "shared_folder_uid": "abc1234567WL9OQlsGdOUw" } ``` #### `transfer_owner` **説明:** レコード所有権の移譲 **アラートテンプレート:** `User ${username} transferred ownership of record UID ${record_uid} to user ${to_username}` ```json { "audit_event": "transfer_owner", "category": "share", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw", "to_username": "bob@keepersecurity.com" } ``` ### カテゴリ: `usage` #### `added_folder` **説明:** フォルダの追加 **アラートテンプレート:** `User ${username} created ${folder_type} folder UID ${folder_uid}` ```json { "audit_event": "added_folder", "category": "usage", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "folder_type": "shared", "folder_uid": "Fld9qLnfWVxWL9OQlsGdOUw" } ``` #### `added_identity` **説明:** IDの追加 **アラートテンプレート:** `User ${username} added an identity` ```json { "audit_event": "added_identity", "category": "usage", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345 } ``` #### `added_payment_card` **説明:** 支払いカードの追加 **アラートテンプレート:** `User ${username} added a payment card` ```json { "audit_event": "added_payment_card", "category": "usage", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345 } ``` #### `audit_alert_sent` **説明:** 監査アラートの送信 **アラートテンプレート:** `Audit alert "${name}" was sent to ${recipient}` ```json { "audit_event": "audit_alert_sent", "category": "usage", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "name": "High-Risk Login Alert", "recipient": "soc-team@keepersecurity.com", "parent_id": 555, "origin": "alert", "channel": "Web Vault", "value": "true" } ``` #### `audit_sync_failed` **説明:** 監査ログ同期の失敗 **アラートテンプレート:** `Audit log sync to ${channel} failed with error ${result_code}` ```json { "audit_event": "audit_sync_failed", "category": "usage", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "channel": "Web Vault", "result_code": "auth_failed" } ``` #### `audit_sync_paused` **説明:** 監査ログ同期の一時停止 **アラートテンプレート:** `Audit log sync to ${channel} paused` ```json { "audit_event": "audit_sync_paused", "category": "usage", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "channel": "Web Vault" } ``` #### `audit_sync_restored` **説明:** 監査ログ同期の復元 **アラートテンプレート:** `Audit log sync to ${channel} restored` ```json { "audit_event": "audit_sync_restored", "category": "usage", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "channel": "Web Vault" } ``` #### `audit_sync_resumed` **説明:** 監査ログ同期の再開 **アラートテンプレート:** `Admin ${username} resumed audit log sync to "${name}"` ```json { "audit_event": "audit_sync_resumed", "category": "usage", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "name": "High-Risk Login Alert" } ``` #### `changed_identity` **説明:** IDの変更 **アラートテンプレート:** `User ${username} changed an identity` ```json { "audit_event": "changed_identity", "category": "usage", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345 } ``` #### `changed_payment_card` **説明:** 支払いカードの変更 **アラートテンプレート:** `User ${username} changed a payment card` ```json { "audit_event": "changed_payment_card", "category": "usage", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345 } ``` #### `copy_password` **説明:** クリップボードへのパスワードコピー **アラートテンプレート:** `User ${username} copied password to clipboard on record UID ${record_uid}` ```json { "audit_event": "copy_password", "category": "usage", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw" } ``` #### `deleted_folder` **説明:** フォルダの削除 **アラートテンプレート:** `User ${username} deleted ${folder_type} folder UID ${folder_uid}` ```json { "audit_event": "deleted_folder", "category": "usage", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "folder_type": "shared", "folder_uid": "Fld9qLnfWVxWL9OQlsGdOUw" } ``` #### `duplicate_record` **説明:** レコードの複製 **アラートテンプレート:** `User ${username} duplicated record UID ${record_uid}` ```json { "audit_event": "duplicate_record", "category": "usage", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw" } ``` #### `empty_trash` **説明:** ごみ箱の空に **アラートテンプレート:** `User ${username} purged deleted records` ```json { "audit_event": "empty_trash", "category": "usage", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345 } ``` #### `exported_records` **説明:** レコードのエクスポート **アラートテンプレート:** `User ${username} exported records to ${file_format} file` ```json { "audit_event": "exported_records", "category": "usage", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "file_format": "json" } ``` #### `fast_fill` **説明:** レコードの入力 **アラートテンプレート:** `User ${username} autofilled record UID ${record_uid}` ```json { "audit_event": "fast_fill", "category": "usage", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw" } ``` #### `file_attachment_deleted` **説明:** ファイル添付の削除 **アラートテンプレート:** `User ${username} deleted file attachment UID ${attachment_id} on record UID ${record_uid}` ```json { "audit_event": "file_attachment_deleted", "category": "usage", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "attachment_id": "Att9qLnfWVxWL9OQlsGdOUw", "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw" } ``` #### `file_attachment_downloaded` **説明:** ファイル添付のダウンロード **アラートテンプレート:** `User ${username} downloaded file attachment UID ${attachment_id} on record UID ${record_uid}` ```json { "audit_event": "file_attachment_downloaded", "category": "usage", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "attachment_id": "Att9qLnfWVxWL9OQlsGdOUw", "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw" } ``` #### `file_attachment_exported` **説明:** ファイル添付のエクスポート **アラートテンプレート:** `User ${username} exported file attachment UID ${attachment_id} on record UID ${record_uid}` ```json { "audit_event": "file_attachment_exported", "category": "usage", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "attachment_id": "Att9qLnfWVxWL9OQlsGdOUw", "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw" } ``` #### `file_attachment_uploaded` **説明:** ファイル添付のアップロード **アラートテンプレート:** `User ${username} uploaded file attachment UID ${attachment_id} on record UID ${record_uid}` ```json { "audit_event": "file_attachment_uploaded", "category": "usage", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "attachment_id": "Att9qLnfWVxWL9OQlsGdOUw", "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw" } ``` #### `file_attachment_viewed` **説明:** ファイル添付の表示 **アラートテンプレート:** `User ${username} viewed file attachment UID ${attachment_id} on record UID ${record_uid}` ```json { "audit_event": "file_attachment_viewed", "category": "usage", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "attachment_id": "Att9qLnfWVxWL9OQlsGdOUw", "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw" } ``` #### `imported_records` **説明:** レコードのインポート **アラートテンプレート:** `User ${username} imported records from ${file_format} file` ```json { "audit_event": "imported_records", "category": "usage", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "file_format": "json" } ``` #### `open_record` **説明:** レコードの表示 **アラートテンプレート:** `User ${username} opened record UID ${record_uid}` ```json { "audit_event": "open_record", "category": "usage", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw" } ``` #### `record_add` **説明:** レコードの追加 **アラートテンプレート:** `User ${username} added record UID ${record_uid}` ```json { "audit_event": "record_add", "category": "usage", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw", "folder_type": "shared", "folder_uid": "Fld9qLnfWVxWL9OQlsGdOUw" } ``` #### `record_delete` **説明:** レコードの削除 **アラートテンプレート:** `User ${username} sent record UID ${record_uid} to trash` ```json { "audit_event": "record_delete", "category": "usage", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw", "folder_type": "shared", "folder_uid": "Fld9qLnfWVxWL9OQlsGdOUw" } ``` #### `record_password_change` **説明:** レコードパスワードの変更 **アラートテンプレート:** `User ${username} changed password on record UID ${record_uid}` ```json { "audit_event": "record_password_change", "category": "usage", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw" } ``` #### `record_restored` **説明:** 削除済みレコードの復元 **アラートテンプレート:** `User ${username} restored deleted record UID ${record_uid}` ```json { "audit_event": "record_restored", "category": "usage", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw" } ``` #### `record_update` **説明:** レコードの更新 **アラートテンプレート:** `User ${username} updated record UID ${record_uid}` ```json { "audit_event": "record_update", "category": "usage", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw", "folder_type": "shared", "folder_uid": "Fld9qLnfWVxWL9OQlsGdOUw" } ``` #### `reused_password` **説明:** 再利用パスワードの作成 **アラートテンプレート:** `User ${username} reused a password` ```json { "audit_event": "reused_password", "category": "usage", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345 } ``` #### `revision_restored` **説明:** レコードリビジョンの復元 **アラートテンプレート:** `User ${username} restored previous revision of record UID ${record_uid}` ```json { "audit_event": "revision_restored", "category": "usage", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw" } ``` ### カテゴリ: `zero_trust_keeper_pam` #### `discovery_job_completed` **説明:** 検出の完了 **アラートテンプレート:** `Discovery job completed on Gateway UID (${gateway_uid}) for user ${username}` ```json { "audit_event": "discovery_job_completed", "category": "zero_trust_keeper_pam", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "gateway_uid": "Gw9qLnfWVxWL9OQlsGdOUw" } ``` #### `discovery_job_started` **説明:** 検出の開始 **アラートテンプレート:** `Discovery job started on Gateway UID (${gateway_uid}) for user ${username}` ```json { "audit_event": "discovery_job_started", "category": "zero_trust_keeper_pam", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "gateway_uid": "Gw9qLnfWVxWL9OQlsGdOUw" } ``` #### `ksm_app_shared` **説明:** シークレットマネージャーアプリケーションの共有 **アラートテンプレート:** `User ${username} shared KSM application ${app_uid} with user ${to_username}` ```json { "audit_event": "ksm_app_shared", "category": "zero_trust_keeper_pam", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "app_uid": "App9qLnfWVxWL9OQlsGdOUw", "to_username": "bob@keepersecurity.com" } ``` #### `pam_kcm_connection_started` **説明:** 接続の開始 **アラートテンプレート:** `User ${username} started connection with protocol ${protocol} on record ${record_uid}` ```json { "audit_event": "pam_kcm_connection_started", "category": "zero_trust_keeper_pam", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "protocol": "ssh", "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw", "feature_id": 30 } ``` #### `pam_kcm_connection_stopped` **説明:** 接続の停止 **アラートテンプレート:** `User ${username} stopped connection with protocol ${protocol} on record ${record_uid}` ```json { "audit_event": "pam_kcm_connection_stopped", "category": "zero_trust_keeper_pam", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "protocol": "ssh", "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw" } ``` #### `pam_kcm_connection_terminated` **説明:** 接続の終了 **アラートテンプレート:** `Connection with protocol ${protocol} for user ${username} on ${record_uid} was terminated due to revoked access` ```json { "audit_event": "pam_kcm_connection_terminated", "category": "zero_trust_keeper_pam", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "protocol": "ssh", "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw" } ``` #### `pam_rbi_started` **説明:** リモートブラウザ分離の開始 **アラートテンプレート:** `User ${username} started remote browser isolation session on record ${record_uid}` ```json { "audit_event": "pam_rbi_started", "category": "zero_trust_keeper_pam", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw" } ``` #### `pam_rbi_stopped` **説明:** リモートブラウザ分離の停止 **アラートテンプレート:** `User ${username} stopped remote browser isolation session on record ${record_uid}` ```json { "audit_event": "pam_rbi_stopped", "category": "zero_trust_keeper_pam", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw" } ``` #### `pam_rbi_terminated` **説明:** リモートブラウザ分離の終了 **アラートテンプレート:** `Remote Browser Isolation session for user ${username} on ${record_uid} was terminated due to revoked access` ```json { "audit_event": "pam_rbi_terminated", "category": "zero_trust_keeper_pam", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw" } ``` #### `pam_session_rbi_recording_started` **説明:** 録画付きリモートブラウザ分離の開始 **アラートテンプレート:** `User ${username} started remote browser isolation session with session recording on record ${record_uid}` ```json { "audit_event": "pam_session_rbi_recording_started", "category": "zero_trust_keeper_pam", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw", "protocol": "ssh" } ``` #### `pam_session_rbi_recording_stopped` **説明:** 録画付きリモートブラウザ分離の停止 **アラートテンプレート:** `User ${username} stopped remote browser isolation session with session recording on record ${record_uid}` ```json { "audit_event": "pam_session_rbi_recording_stopped", "category": "zero_trust_keeper_pam", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw", "protocol": "ssh" } ``` #### `pam_session_recording_downloaded` **説明:** セッション録画ファイルのダウンロード **アラートテンプレート:** `User ${username} downloaded session recording ${file_format} for Record UID ${record_uid}` ```json { "audit_event": "pam_session_recording_downloaded", "category": "zero_trust_keeper_pam", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "file_format": "json", "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw" } ``` #### `pam_session_recording_started` **説明:** 録画付き接続の開始 **アラートテンプレート:** `User ${username} started connection with protocol ${protocol} and session recording on record ${record_uid}` ```json { "audit_event": "pam_session_recording_started", "category": "zero_trust_keeper_pam", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "protocol": "ssh", "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw" } ``` #### `pam_session_recording_stopped` **説明:** 録画付き接続の停止 **アラートテンプレート:** `User ${username} stopped connection with protocol ${protocol} and session recording on record ${record_uid}` ```json { "audit_event": "pam_session_recording_stopped", "category": "zero_trust_keeper_pam", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "protocol": "ssh", "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw" } ``` #### `pam_tunnel_started` **説明:** トンネルの開始 **アラートテンプレート:** `User ${username} started tunnel on record ${record_uid}` ```json { "audit_event": "pam_tunnel_started", "category": "zero_trust_keeper_pam", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw" } ``` #### `pam_tunnel_stopped` **説明:** トンネルの停止 **アラートテンプレート:** `User ${username} stopped tunnel on record ${record_uid}` ```json { "audit_event": "pam_tunnel_stopped", "category": "zero_trust_keeper_pam", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw" } ``` #### `pam_tunnel_terminated` **説明:** トンネルの終了 **アラートテンプレート:** `Tunnel for user ${username} on ${record_uid} was terminated due to revoked access` ```json { "audit_event": "pam_tunnel_terminated", "category": "zero_trust_keeper_pam", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw" } ``` #### `pam_workflow_request_approved` **説明:** ワークフローリクエストの承認 **アラートテンプレート:** `Workflow request from ${username} for record ${record_uid} was approved by ${approver}.` ```json { "audit_event": "pam_workflow_request_approved", "category": "zero_trust_keeper_pam", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw", "approver": "manager@keepersecurity.com" } ``` #### `pam_workflow_request_denied` **説明:** ワークフローリクエストの拒否 **アラートテンプレート:** `Workflow request from ${username} for record ${record_uid} was denied by ${approver}. Reason: ${reason}.` ```json { "audit_event": "pam_workflow_request_denied", "category": "zero_trust_keeper_pam", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw", "approver": "manager@keepersecurity.com", "reason": "Outside approved access window" } ``` #### `pam_workflow_request_escalated` **説明:** ワークフローリクエストのエスカレーション **アラートテンプレート:** `Workflow request from ${username} for record ${record_uid} was escalated.` ```json { "audit_event": "pam_workflow_request_escalated", "category": "zero_trust_keeper_pam", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw" } ``` #### `pam_workflow_session_ended_checkin` **説明:** ワークフローセッションの終了 (チェックイン) **アラートテンプレート:** `${username} ended a workflow session for record ${record_uid} (check-in).` ```json { "audit_event": "pam_workflow_session_ended_checkin", "category": "zero_trust_keeper_pam", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw" } ``` #### `pam_workflow_session_ended_expired` **説明:** ワークフローセッションの終了 (期限切れ) **アラートテンプレート:** `Workflow ended for record ${record_uid} for ${username} (check-in, expired).` ```json { "audit_event": "pam_workflow_session_ended_expired", "category": "zero_trust_keeper_pam", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw" } ``` #### `pam_workflow_session_started_checkout` **説明:** ワークフローセッションの開始 (チェックアウト) **アラートテンプレート:** `${username} started a workflow session for record ${record_uid} (checkout).` ```json { "audit_event": "pam_workflow_session_started_checkout", "category": "zero_trust_keeper_pam", "remote_address": "203.0.113.45", "client_version": "Web Vault 16.10.5", "username": "alice@keepersecurity.com", "timestamp": "2026-05-25T14:30:00.000Z", "enterprise_id": 12345, "record_uid": "Uk6qLnfWVxWL9OQlsGdOUw" } ``` --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.keeper.io/enterprise-guide/jp/event-reporting/event-descriptions.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.