Variables available in audit notification channels

Access Manager provides a comprehensive set of variables you can use in your audit notifications.

See the guides on PowerShell auditing scripts and HTML and JSON audit templates to learn how to use these variables in your audit scripts and templates.

Global properties

Request element

This group of attributes represents the incoming request

Response element

This group of attributes represents the result of the access evaluation

User element

This group of attributes represents the user who performed the access request

Role element

If the authorization request was for a role, then this property will be populated with information about the role authorization rule

Computer element

If the authorization request was for a computer, then this property will be populated with information about the computer

RapidLapsLogin element

If the authorization request was for workstation login/unlock via RapidLAPS, then this property will be populated with information about the RapidLAPS login request

RapidLapsElevation element

If the authorization request was for UAC elevation via RapidLAPS, then this property will be populated with information about the RapidLAPS elevation request

Signature data structure

The RapidLapsElevation.Signature field contains information about the code signing of the executable run by the user.

Signer data structure

The Signer data structure is used to represent an entity that has digitally singed an executable.

SignatureCertificate data structure

The SignatureCertificate data structure represents the elements of an X.509 code signing certificate.

Response data structure

The RapidLapsLogin.Responses and RapidLapsElevation.Responses fields contain a list of responses to any prompts defined in the RapidLAPS policy.

LoggedOnUser data structure

The RapidLapsLogin.LoggedOnUsers and RapidLapsElevation.Responses fields contain a list of users logged into the machine at the time of the request.