app-login
August 11, 2025 · View on GitHub
Description
A user logged in to an application
Parameters
| Parameter | Value |
|---|---|
| Subject | app |
| Activity | login |
| Activity Type | app-login |
| Pretty Name | App Login |
Legacy Names
| Success | Fail |
|---|---|
| app-login webconference-login | failed-app-login webconference-login |
Fields
The possible fields for this activity type will vary depending on whether the activity was a success or a fail.
app-login:success
| Field | Core | Detection | Informational |
|---|---|---|---|
| os | ✓ | ||
| user_agent_client | |||
| login_type | ✓ | ||
| mime | ✓ | ||
| domain_user_name | |||
| src_host | ✓ | ||
| dest_zone | |||
| src_ip | ✓ | ||
| src_zone | |||
| browser | ✓ | ||
| dest_ip | ✓ | ||
| domain | ✓ | ||
| fingerprint | ✓ | ||
| dest_host | ✓ | ||
| email_domain | |||
| user | ✓ | ✓ | |
| operation | ✓ | ||
| user_agent | ✓ | ||
| object | ✓ | ||
| cid | ✓ |
app-login:fail
| Field | Core | Detection | Informational |
|---|---|---|---|
| failure_code | ✓ | ||
| os | ✓ | ||
| user_agent_client | |||
| login_type | ✓ | ||
| mime | ✓ | ||
| domain_user_name | |||
| failure_reason | ✓ | ||
| src_host | ✓ | ||
| dest_zone | |||
| src_ip | ✓ | ||
| src_zone | |||
| browser | ✓ | ||
| dest_ip | ✓ | ||
| domain | ✓ | ||
| fingerprint | ✓ | ||
| dest_host | ✓ | ||
| email_domain | |||
| user | ✓ | ✓ | |
| operation | ✓ | ||
| user_agent | ✓ | ||
| object | ✓ | ||
| cid | ✓ |