Security department ask us about Audit log parameters.
I do not understand some parameters for userType and eventType (the documentation does not explain when they arise)
what the following parameters mean, when they are displayed:
I am not finding any more information on this. I will have to reach out to Dynatrace to get a better idea of what these represent. With the holidays a lot of them are offline so likely would not have an answer for you till monday
For eventType my guess is General is a catch all for anything that does not fit into any of the other options. I am not sure what action would not fit any others haha.
SERVICE_NAME holds mostly the Session Management and any users who's actions (i.e. logout) are done automatically. So basically what Dynatrace is doing automatically. It also groups USER_NAME shows the actual user performing what actions.
One of my colleague uses this API often with their customer, they have not seen any log entry with GENERAL for eventType. It is likely just a catch all for when the value does not fit a different category but is not likely used often.
Request_ID and Token_hash are likely additional identifiers that can be stored. I reached out to our API team on these, still awaiting a response