Audit Logs report via Explore API
Audit logs are fundamental to detect unlawful usage of data and to respond to data breach vulnerabilities. Audit logs are produced by each product team and gathered in Talkdesk’s data platform.
The audit logs report in Explore API has the following information available for extraction:
Recordings:
- Consult what recordings are available and their metadata.
- Listen to a recording media file.
Ring groups:
- Consult ring groups content.
- Add, update or remove a user ring group.
- Update the team ring group’s.
- Create a UC phone ring group.
Agents (users):
- Consult a user list.
- Consult a specific user.
- Create, update or delete a user.
Phone numbers:
- Consult regulatory information.
- Consult number details.
- Consult number lists.
- Search, import or modify a number.
- Purchase or release a number
- Add, delete or update a number.
- Add, consult or update orders and order lists.
Access Control List (ACL):
- Create, remove or update roles.
- Add or remove features from the ACL.
- Create or remove ACL permissions.
Talkdesk ID:
- Failed login attempts.
- Create, remove or update OAuth Client.
- Create, remove or update OAuth Client keys.
- User session created or revoked.
- Create or update password policies.
- Reset or change user password.
- Register or remove multifactor authentication (MFA).
Billing:
- Account credit card added.
- Auto recharge updates.
- Billing contacts updates.
- Buy licenses.
- Credits added.
Usage: The structure of the Audit logs report will have the following format:
| Field name | Description | Type | Can be empty | Example |
|---|---|---|---|---|
| Actor ID | ID of user or system. | String | Yes | d39de99b-f492-46c3-9618-950be55c7f2c |
| Generator Name | Identification of the affected system. Pre-defined list of all Talkdesk systems | String | Yes | TALKDESK-ID |
| IP Addresses | List of Strings with the IP address of the component producing the event | String | Yes | [8.8.8.8,10.0.0.1] |
| Operation | Use case of the action being executed on the resource | String | No | Password Recovery |
| Platform Tid (Talkdesk Identifier) | The TID is the Talkdesk platform tracking identifier | String | Yes | d39de99b-f492-46c3-9618-950be55c7f2c |
| Resource ID | The resource ID that identifies the resource being operated on. This could be the Talkdesk Resource Identifier (TRI) if it existed, or a URI | String | Yes | /session/revoke |
| Operation Status | SUCCESS, FAIL | String | Yes | SUCCESS |
| User Agent | User agent responsible for the request | String | Yes | Chrome/64.0.3282.167 |
| Timestamp | IISO8601 timestamp string with milliseconds precision in UTC | Timestamp | No | 2017-09-11T20:29:04.123 |
| User ID | Agent’s identification number used | String | Yes | d39de99bf49246c39618950be55c7f2c |
| Agent Name | Agent’s identification number used | String | Yes | Name Surname |
| Agent Email | Agent’s email | String | Yes | [email protected] |
Available operations: The operations available for extraction in the Audit Logs report are:
| Audited systems | Available operations | Description |
|---|---|---|
| Recordings | read_call_recordings | Consult the list of a call’s recordings |
| read_recording_media_file | Listen a call recording | |
| read_recording | Consult a specific call recording’s metadata | |
| Ring groups | read_ring_groups | Consult list of all ring groups |
| update_user_ring_groups | Update the ring groups associated to the user | |
| read_team_ring_groups | Consult ring groups from a specific team | |
| assign_users_ring_groups | Assign multiple ring groups to multiple users | |
| unassign_users_ring_groups | Unassigned multiple ring groups from multiple users | |
| read_ring_group_users | Consult the list of users assigned to a ring group | |
| update_team_ring_groups | Update the ring groups associated to a team. | |
| create_uc_phone_ring_group | Create a UC Phone Ring Group. | |
| Agents (users) | read_core_user | Consult an agent/user |
| update_core_user | Update an agent/user | |
| read_core_user_list | Consult an agent/user list | |
| create_core_user | Create an agent/user | |
| delete_core_user | Delete an agent/user | |
| Phone numbers | IMPORT_NUMBER | Import a number |
| RETRIEVE_REGULATORY_INFO | Consult regulatory information | |
| SEARCH_NUMBER | Search for a number | |
| RELEASE_NUMBER | Deletion of a number | |
| MODIFY_NUMBER | Change number friendly name | |
| RETRIEVE_ORDERS | Retrieve order list | |
| PURCHASE_NUMBER | Purchase a number | |
| PLACE_ORDER | Placed an order | |
| REQUEST_ASSET_LINK | Request download link | |
| UPDATE_ORDER | Updated an order | |
| ADD_OR_UPDATE_NUMBER | Add or update number entity | |
| RETRIEVE_NUMBER_LIST | Consult a number list | |
| REMOVE_NUMBER | Deletion of a number | |
| RETRIEVE_DATA_LOOKUP | Request a data look up | |
| RETRIEVE_ORDER_LIST | Consult an order list | |
| RETRIEVE_NUMBER_DETAILS | Consult number details | |
| ADD_OR_UPDATE_ORDER | Add or update order | |
| Access Control List (ACL) | role_updated | ACL role entity updated |
| role_created | ACL role entity created | |
| role_deleted | ACL role entity deleted | |
| acl_feature_added | Feature added to the ACL | |
| acl_feature_removed | Feature removed from the ACL | |
| acl_permission_added | Permission added to the ACL | |
| acl_permission_removed | Permission revoked from the ACL | |
| acl_role_updated | ACL role updated. Added to a user, tenant or realm | |
| acl_role_users_updated | ACL user roles updated | |
| Talkdesk-id | ip_ranges_allowlist_updated | IP allowlist was updated |
| login_attempt | User login attempt failed | |
| mfa_mechanism_registered | A MFA mechanism was registered for a user | |
| mfa_mechanism_removed | A MFA mechanism was removed from a user | |
| oauth_client_created | An OAuth client was created | |
| oauth_client_edited | An OAuth client was altered | |
| oauth_client_revoked | An OAuth client was removed | |
| oauth_client_key_created | An OAuth client’s public/private key pair was created | |
| oauth_client_key_revoked | An OAuth client’s public/private key pair was removed | |
| oauth_client_redeem_authorization_code | Authorization code was consumed/redeemed as part of user OAuth flows (example, login) | |
| oauth_client_secret_regenerated | An OAuth client’s secret was regenerated | |
| password_policies_created | Account’s password policies were created (part of account provisioning) | |
| password_policies_updated | Account’s password policies were altered | |
| tenant_created | Customer account was created | |
| user_authentication_settings_updated | User account’s authentication settings were altered (example, mandatory 2FA setting enabled) | |
| user_issue_authorization_code | Authorization code issued as part of user OAuth flows (example, login) | |
| user_password_changed | User password was updated via change password user flow | |
| user_password_reset | Update the user password after complete forgot password flow | |
| user_resend_invitation | User invitation email was sent again due to resend request | |
| user_session_created | User session was created (example, on login) | |
| user_session_revoked | User session was revoked (example, on logout) | |
| Billing | add_account_credit_card | Account credit card was added |
| add_credits | New credits were added | |
| buy_licenses | New licenses were purchased | |
| update_auto_recharge | Auto recharge was updated | |
| update_billing_contacts | Billing contacts were updated |
Updated about 2 months ago