Real-time Auditing Section: Event Log Catalog Reference
The tables below offers a quick reference to events monitored in real time on the Citrix Secure Developer Spaces (SDS) platform. These events are systematically captured using standardized methods and are available in the audit section. They can be easily exported in common formats for integration with Security Information and Event Management (SIEM) systems, supporting comprehensive monitoring and analysis.
All events
| ID | Category | Event Type | Event Description | Attributes |
|---|---|---|---|---|
| All | Attributes shared by all events | id, timestamp, user_id, user_name, session_id, project_id, project_name, workspace_id, workspace_name, severity |
Authentication
| ID | Category | Event Type | Event Description | Attributes |
|---|---|---|---|---|
| 1 | Authentication | Login | The user logged on to the platform | |
| 2 | Authentication | Logout | The user logged out of the platform | |
| 3 | Authentication | SessionStart | The user started a workspace session | |
| 4 | Authentication | SessionEnd | The user ended a workspace session | |
| 5 | Authentication | SessionInterrupt | The user workspace session has been interrupted |
Authorization
| ID | Category | Event Type | Event Description | Attributes |
|---|---|---|---|---|
| 6 | User Authorization | UserBlocked | The user has been blocked | user_id, user_name, role_name |
| 7 | User Authorization | UserUnblocked | The user has been unblocked | user_id, user_name, role_name |
| 9 | Workspace Authorization | SharedWithUser | User shares workspace with another user | user_id, user_name |
| 10 | Workspace Authorization | UnsharedWithUser | User revokes previously shared workspace access. | user_id, user_name |
Data Security
| ID | Category | Event Type | Event Description | Attributes |
|---|---|---|---|---|
| 11 | Data Security | Copy | In the workspace, the user copies data to the clipboard | data, is_secret, is_code |
| 12 | Data Security | Paste | In the workspace, the user pastes copied data into a new location | data, is_secret, is_code |
| 13 | Data Security | Cut | In the workspace, the user cuts selected data for potential relocation | data, is_secret, is_code |
| 14 | Data Security | Clipboard | In the secure browser, data is copied, cut, or pasted | data, is_secret, is_code |
| 15 | Data Security | ShareClipboardUrl | In the secure browser, the user shares a URL or link stored in the clipboard | data, is_secret, is_code |
| 16 | Data Security | Upload | Sends a file or data from a local device to a remote environment | data, is_secret, is_code |
| 17 | Data Security | UploadLargeFile | Sends large-sized files from a local device to a remote environment | data, is_secret, is_code |
| 18 | Data Security | Download | Retrieves a file or data from a remote environment to a local device | data, is_secret, is_code |
| 19 | Data Security | DownloadLargeFile | Retrieves large-sized files from a remote environment to a local device | data, is_secret, is_code |
| 20 | Data Security | SupervisedCopy | In the workspace, the copy action under supervision or monitoring | data, is_secret, is_code |
System
| ID | Category | Event Type | Event Description | Attributes |
|---|---|---|---|---|
| 21 | System | WorkspaceSpecsUpdated | Modifications or updates made to the specifications of a workspace |
Data Security
| ID | Category | Event Type | Event Description | Attributes |
|---|---|---|---|---|
| 22 | SecureBrowserNavigation | SecureBrowserNavigation | Ensures secure browsing practices during navigation | url, title allowed |
| 23 | VSCodeExtensionInstalled | VSCodeExtensionInstalled | Installation of an extension within Visual Studio Code | extension_name, extension_id extension_uuid |
| 24 | AccountManagement | UserAddedToProject | Addition of a user to a specific project | user_id, user_name, role_name |
| 25 | AccountManagement | UserRemovedFromProject | Removal of a user from a specific project | |
| 26 | AccountManagement | RoleChanged | Modification or alteration of a user roles and permissions | |
| 27 | AccountManagement | UserCreated | Creation of a new user profile or account | |
| 28 | AccountManagement | UserDeleted | Deletion or removal of a user profile or account |
Network Traffic
| ID | Category | Event Type | Event Description | Attributes |
|---|---|---|---|---|
| 29 | SSHCommand | SSHCommand | Execution of a command via Secure Shell (SSH) | issuer, command, type, destination, commit, request, git_branch |
| 30 | ExternalSSHCommand | ExternalSSHCommand | Execution of an external command through Secure Shell (SSH) | service_id, command, destination, type |
| 31 | HTTPRequest | HTTPRequest | Transmission of a request using Hypertext Transfer Protocol (HTTP) | issuer, destination, request_type, blocked, status_code, browser_id |
| 32 | GitOverHTTP | GitOverHTTP | Git operations performed over HTTP protocol | issuer, command, destination, request |
| 33 | TCPForwarding | TCPForwarding | Forwarding of Transmission Control Protocol (TCP) traffic | destination_address |
| 34 | DNS | DNS | Domain Name System (DNS) operations or requests | domain, address, inspected |
| 35 | ResourceAccess | Created | A resource is newly created within the system | resource_name, resource_id, action_type, resource_type, o_auth_app |
| 36 | ResourceAccess | Imported | Data or information is brought in from an external source | resource_name, resource_id, action_type, resource_type, o_auth_app |
| 37 | ResourceAccess | ManuallyImported | Specific data is manually transferred or imported into the system | resource_name, resource_id, action_type, resource_type, o_auth_app |
| 38 | ResourceAccess | Updated | Existing data or information undergoes modification or refresh within the system | resource_name, resource_id, action_type, resource_type, o_auth_app |
| 39 | ResourceAccess | SharedWithUsers | Resource is shared with multiple users within the system | resource_name, resource_id, action_type, resource_type, o_auth_app |
| 40 | ResourceAccess | SharedPublicly | Resource is made accessible to the public users | resource_name, resource_id, action_type, resource_type, o_auth_app |
| 41 | ResourceAccess | WorkspaceAttached | Resource is attached to a workspace | resource_name, resource_id, action_type, resource_type, o_auth_app |
| 42 | ResourceAccess | WorkspaceDetached | Removal of resource from a workspace | resource_name, resource_id, action_type, resource_type, o_auth_app |
| 43 | ResourceAccess | Deleted | A resource is removed or deleted from the system | resource_name, resource_id, action_type, resource_type, o_auth_app |
| 44 | ResourceAccess | Repository | Management of a Git application used for code or data storage | resource_name, resource_id, action_type, resource_type, o_auth_app |
| 45 | ResourceAccess | Bucket | Container utilized for data storage, commonly used in cloud computing | resource_name, resource_id, action_type, resource_type, o_auth_app |
| 46 | ResourceAccess | Secret | Sensitive data such as passwords, keys, or tokens | resource_name, resource_id, action_type, resource_type, o_auth_app |
| 47 | ResourceAccess | Connected_service | Establishment or utilization of an external service or integration within the system | resource_name, resource_id, action_type, resource_type, o_auth_app |
| 48 | ResourceAccess | Network_policy | Setting rules or configurations governing network behavior or access | resource_name, resource_id, action_type, resource_type, o_auth_app |
| 49 | ResourceAccess | Image | Handling representations or snapshots of data, often used in computing environments | resource_name, resource_id, action_type, resource_type, o_auth_app |
| 50 | ResourceAccess | Credential | Management of information used for authentication or access control | resource_name, resource_id, action_type, resource_type, o_auth_app |
| 51 | ResourceAccess | Workspace_app | Utilization or management of a workspace application | resource_name, resource_id, action_type, resource_type, o_auth_app |
| 52 | ResourceAccess | Startup_script | Execution or management of scripts or instructions during system startup | resource_name, resource_id, action_type, resource_type, o_auth_app |
| 53 | ResourceAccess | Workspace | Management or utilization of a coding environment for collaborative work | resource_name, resource_id, action_type, resource_type, o_auth_app |
| 54 | ResourceAccess | GitHub | Utilization or interaction with the GitHub OAuth application for various purpose | resource_name, resource_id, action_type, resource_type, o_auth_app |
| 55 | ResourceAccess | GitLab | Utilization or interaction with the GitLab OAuth application for various purposes | resource_name, resource_id, action_type, resource_type, o_auth_app |
| 56 | ResourceAccess | Bitbucket | Utilization or interaction with the Bitbucket OAuth application for various purposes | resource_name, resource_id, action_type, resource_type, o_auth_app |
| 57 | ResourceAccess | AzureDevOps | Utilization or interaction with the AzureDevOps OAuth application for various purposes | resource_name, resource_id, action_type, resource_type, o_auth_app |
| 58 | ResourceAccess | JFrog | Utilization or interaction with the JFrog OAuth application for various purposes | resource_name, resource_id, action_type, resource_type, o_auth_app |
Attributes
| Attributes | Attribute Description |
|---|---|
| action_type | Action type |
| address | DNS address |
| allowed | Flag indicating whether navigation is allowed |
| blocked | Flag indicating whether the request is blocked |
| browser_id | Browser ID |
| command | The SSH command executed |
| commit | The related commit hash |
| data | Clipboard data, if applied |
| destination | The git service name |
| destination | The external service name |
| destination | The destination name |
| destination_address | Destination address |
| domain | Domain name |
| extension_id | ID of the Visual Studio Code extension |
| extension_name | Name of the Visual Studio Code extension |
| extension_uuid | UUID of the Visual Studio Code extension |
| git_branch | The git branch name, if applied |
| id | Event ID |
| inspected | Flag indicating whether it request has been inspected |
| is_code | Code detection flag |
| is_secret | Secret detection flag |
| issuer | Email or user ID of the issuer |
| o_auth_app | Third party app name, if applied |
| project_id | Project ID |
| project_name | Project name |
| request | The type of request |
| request_type | Request type |
| resource_id | Resource ID |
| resource_name | Resource name |
| resource_type | Resource type |
| role_name | The user role on the platform |
| role_name | The rolename in the project, if applied |
| service_id | The service ID |
| session_id | IDE session ID |
| severity | Severity 0-3 = Low - 4-6 = Medium - 7-8 = High - 9-10 = Critical |
| status_code | HTTP status code |
| timestamp | Date on which the event was recorded |
| title | Title of the webpage |
| type | Push or pull |
| url | URL of the webpage |
| user_id | The user id on the platform |
| user_name | The username on the platform |
| workspace_id | Workspace ID |
| workspace_name | Workspace name |
Real-time Auditing Section: Event Log Catalog Reference
Copied!
Failed!