Audit Event Types

CORTEX captures various event types organized by resource and action.

Get Available Types

Resource Types

GET /audit-logs/resource-types

["USER", "ORGANIZATION", "TENANT", "ROLE", "PERMISSION", "SESSION"]

Action Types

GET /audit-logs/actions

["CREATE", "READ", "UPDATE", "DELETE", "LOGIN", "LOGOUT", "LOGIN_FAILURE"]

Authentication Events

Successful user authentication.

{
  "action": "LOGIN",
  "resourceType": "SESSION",
  "resourceId": "session-id",
  "userId": "user-id",
  "metadata": {
    "method": "password"
  }
}

LOGIN_FAILURE

Failed authentication attempt.

{
  "action": "LOGIN_FAILURE",
  "resourceType": "USER",
  "resourceId": null,
  "userId": null,
  "metadata": {
    "email": "attempted@example.com",
    "reason": "INVALID_PASSWORD",
    "attemptCount": 3
  }
}

LOGOUT

User session termination.

{
  "action": "LOGOUT",
  "resourceType": "SESSION",
  "resourceId": "session-id",
  "userId": "user-id"
}

PASSWORD_CHANGE

Password modification.

{
  "action": "PASSWORD_CHANGE",
  "resourceType": "USER",
  "resourceId": "user-id",
  "userId": "user-id"
}

Resource Events

CREATE

New resource creation.

{
  "action": "CREATE",
  "resourceType": "USER",
  "resourceId": "new-user-id",
  "userId": "admin-id",
  "newValue": {
    "email": "new.user@example.com",
    "firstName": "New",
    "lastName": "User",
    "status": "ACTIVE"
  }
}

UPDATE

Resource modification.

{
  "action": "UPDATE",
  "resourceType": "USER",
  "resourceId": "user-id",
  "userId": "admin-id",
  "oldValue": {
    "firstName": "John"
  },
  "newValue": {
    "firstName": "Jonathan"
  },
  "metadata": {
    "changedFields": ["firstName"]
  }
}

DELETE

Resource removal (soft delete).

{
  "action": "DELETE",
  "resourceType": "USER",
  "resourceId": "user-id",
  "userId": "admin-id",
  "oldValue": {
    "email": "deleted.user@example.com",
    "status": "ACTIVE"
  }
}

Access Control Events

ROLE_ASSIGNED

Role assignment to user.

{
  "action": "ROLE_ASSIGNED",
  "resourceType": "ROLE_ASSIGNMENT",
  "resourceId": "assignment-id",
  "userId": "admin-id",
  "metadata": {
    "targetUserId": "user-id",
    "roleId": "role-id",
    "roleName": "ORG_ADMIN",
    "organizationId": "org-id"
  }
}

ROLE_REVOKED

Role removal from user.

{
  "action": "ROLE_REVOKED",
  "resourceType": "ROLE_ASSIGNMENT",
  "resourceId": "assignment-id",
  "userId": "admin-id",
  "metadata": {
    "targetUserId": "user-id",
    "roleId": "role-id",
    "roleName": "ORG_ADMIN"
  }
}

Status Events

USER_SUSPENDED

User account suspension.

{
  "action": "USER_SUSPENDED",
  "resourceType": "USER",
  "resourceId": "user-id",
  "userId": "admin-id",
  "oldValue": { "status": "ACTIVE" },
  "newValue": { "status": "SUSPENDED" }
}

USER_REACTIVATED

User account reactivation.

{
  "action": "USER_REACTIVATED",
  "resourceType": "USER",
  "resourceId": "user-id",
  "userId": "admin-id",
  "oldValue": { "status": "SUSPENDED" },
  "newValue": { "status": "ACTIVE" }
}

Event Reference Table

Resource Type	Actions
`USER`	CREATE, UPDATE, DELETE, SUSPEND, REACTIVATE
`ORGANIZATION`	CREATE, UPDATE, DELETE
`TENANT`	CREATE, UPDATE
`ROLE`	CREATE, UPDATE, DELETE
`PERMISSION`	CREATE, DELETE
`ROLE_ASSIGNMENT`	ROLE_ASSIGNED, ROLE_REVOKED
`SESSION`	LOGIN, LOGOUT, TOKEN_REFRESH

Custom Events

Applications can log custom events:

// In a service
await this.auditService.log({
  action: 'REPORT_GENERATED',
  resourceType: 'REPORT',
  resourceId: reportId,
  metadata: {
    reportType: 'monthly-summary',
    dateRange: { start: '2024-01-01', end: '2024-01-31' }
  }
});

Get Available Types​

Resource Types​

Action Types​

Authentication Events​

LOGIN​

LOGIN_FAILURE​

LOGOUT​

PASSWORD_CHANGE​

Resource Events​

CREATE​

UPDATE​

DELETE​

Access Control Events​

ROLE_ASSIGNED​

ROLE_REVOKED​

Status Events​

USER_SUSPENDED​

USER_REACTIVATED​

Event Reference Table​

Custom Events​