Adding Custom Information in Audit Logs

Hello members, I have implemented a custom rule where it disabled the identity/application based on it containing an example.
Next, I created a rule runner and imported the rule over to run. As for my main objective, I want values, information on the application, account name, or additional strings below the Attributes. Does anyone have any examples of how I can further customize my codes?

ArrayList<String> info = new ArrayList<String>();
  List<String> identities = context.getObjects(Identity.class);

  String c = "Wilson";
  for (Identity ident : identities) {
    if(ident.getAttribute("displayName").contains(c)){
      for (Link application : ident.getLinks()) {
        application.setAttribute("IIQDisabled", true);
        ident.setAttribute("IIQDisabled", true);
        }
      }
  }

You can always submit your own audit events with as much information as you want

import sailpoint.object.AuditEvent;
import sailpoint.server.Auditor;
AuditEvent ae = new AuditEvent();
ae.setSource(launcher.getName());
ae.setTarget(identity.getName());
ae.setApplication(app.getName());
ae.setAction("your action");
ae.setServerHost(Util.getHostName());
ae.setString1("you have custom 4 strings to");
ae.setString2("add whatever additional data you want");
ae.setString3("");
ae.setString4("");
Auditor.log(ae);
context.commitTransaction();

See the javadoc for AuditEvent for all of the methods.

To complete Marks answer - you could use also AuditEvent method setAttributes to add lot more information if you need or which wont fit into 4 strings.
AuditEvent UI shows also attributes nicely in the UI. The difference is though, that String1 - 4 are directly visible in the search results. But their limitation is being just 4 of them.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.