The Auth section is used for both authentication and authorization attempts, such as Kerberos, NTLM, Oauth2, Login, MFA, or SSO.In case of authentication/authorization over the network or from endpoint data, it is preferred to use the Auth section.
xdm.auth.service
Description |
The authentication service name. |
Datatype |
String |
Dataclass |
Scalar |
xdm.auth.auth_method
Description |
The authentication method. |
Datatype |
String |
Dataclass |
Scalar |
xdm.auth.privilege_level
Description |
The privilege level. |
Datatype |
|
Dataclass |
Scalar |
Examples |
XDM_CONST.PRIVILEGE_LEVEL_GUEST, XDM_CONST.PRIVILEGE_LEVEL_USER, XDM_CONST.PRIVILEGE_LEVEL_ADMIN, XDM_CONST.PRIVILEGE_LEVEL_SYSTEM |
xdm.auth.kerberos_tgt
Kerberos protocol specific fields.
xdm.auth.kerberos_tgt.msg_type
Description |
Kerberos 5 message type assigned numbers. |
Datatype |
|
Dataclass |
Scalar |
Examples |
XDM_CONST.KERBEROS_MSG_TYPE_AS_REQ, XDM_CONST.KERBEROS_MSG_TYPE_AS_REP, XDM_CONST.KERBEROS_MSG_TYPE_TGS_REQ, XDM_CONST.KERBEROS_MSG_TYPE_TGS_REP, XDM_CONST.KERBEROS_MSG_TYPE_AP_REQ |
xdm.auth.kerberos_tgt.spn_type
Description |
The type of the requested service principal. |
Datatype |
|
Dataclass |
Scalar |
Examples |
XDM_CONST.KERBEROS_PRINCIPAL_TYPE_UNKNOWN, XDM_CONST.KERBEROS_PRINCIPAL_TYPE_PRINCIPAL, XDM_CONST.KERBEROS_PRINCIPAL_TYPE_SRV_INST, XDM_CONST.KERBEROS_PRINCIPAL_TYPE_SRV_HST, XDM_CONST.KERBEROS_PRINCIPAL_TYPE_SRV_XHST |
xdm.auth.kerberos_tgt.spn_values
Description |
The service names being requested. |
Datatype |
String |
Dataclass |
Array |
xdm.auth.kerberos_tgt.cname_type
Description |
The client principal type. |
Datatype |
|
Dataclass |
Scalar |
Examples |
XDM_CONST.KERBEROS_PRINCIPAL_TYPE_UNKNOWN, XDM_CONST.KERBEROS_PRINCIPAL_TYPE_PRINCIPAL, XDM_CONST.KERBEROS_PRINCIPAL_TYPE_SRV_INST, XDM_CONST.KERBEROS_PRINCIPAL_TYPE_SRV_HST, XDM_CONST.KERBEROS_PRINCIPAL_TYPE_SRV_XHST |
xdm.auth.kerberos_tgt.cname_values
Description |
The client principal names being requested. |
Datatype |
String |
Dataclass |
Array |
xdm.auth.kerberos_tgt.kdc_options
Description |
The key distribution center options. |
Datatype |
|
Dataclass |
Scalar |
Examples |
XDM_CONST.KERBEROS_KDC_OPTION_RESERVED, XDM_CONST.KERBEROS_KDC_OPTION_FORWARDABLE, XDM_CONST.KERBEROS_KDC_OPTION_FORWARDED, XDM_CONST.KERBEROS_KDC_OPTION_PROXIABLE, XDM_CONST.KERBEROS_KDC_OPTION_PROXY |
xdm.auth.kerberos_tgt.ticket_expiration
Description |
The time remaining until the ticket expires in seconds. |
Datatype |
Number |
Dataclass |
Scalar |
xdm.auth.kerberos_tgt.renew_ticket_expiration
Description |
The time remaining until the ticket renewal expires in seconds. |
Datatype |
Number |
Dataclass |
Scalar |
xdm.auth.kerberos_tgt.encryption_type
Description |
The encryption type. |
Datatype |
|
Dataclass |
Scalar |
Examples |
XDM_CONST.KERBEROS_ENCRYPTION_TYPE_DES_CBC_CRC, XDM_CONST.KERBEROS_ENCRYPTION_TYPE_DES_CBC_MD4, XDM_CONST.KERBEROS_ENCRYPTION_TYPE_DES_CBC_MD5, XDM_CONST.KERBEROS_ENCRYPTION_TYPE_DES_CBC_RAW, XDM_CONST.KERBEROS_ENCRYPTION_TYPE_DES3_CBC_MD5 |
xdm.auth.kerberos_tgt.padata_type
Description |
Pre-authentication data types. |
Datatype |
|
Dataclass |
Scalar |
Examples |
XDM_CONST.KERBEROS_PA_TYPE_TGS_REQ, XDM_CONST.KERBEROS_PA_TYPE_ENC_TIMESTAMP, XDM_CONST.KERBEROS_PA_TYPE_PW_SALT, XDM_CONST.KERBEROS_PA_TYPE_ENC_UNIX_TIME, XDM_CONST.KERBEROS_PA_TYPE_SANDIA_SECUREID |
xdm.auth.kerberos_tgt.padata_prefix
Description |
Pre-authentication data that contains a PA-PAC-REQUEST structure. |
Datatype |
String |
Dataclass |
Scalar |
xdm.auth.kerberos_tgt.ticket_prefix
Description |
The prefix of the service principal's ticket. |
Datatype |
String |
Dataclass |
Scalar |
xdm.auth.kerberos_tgt.error_code
Description |
Kerberos error code. |
Datatype |
|
Dataclass |
Scalar |
Examples |
XDM_CONST.KERBEROS_ERROR_CODE_ERR_KDC_NONE, XDM_CONST.KERBEROS_ERROR_CODE_ERR_KDC_NAME_EXP, XDM_CONST.KERBEROS_ERROR_CODE_ERR_KDC_SERVICE_EXP, XDM_CONST.KERBEROS_ERROR_CODE_ERR_KDC_BAD_PVNO, XDM_CONST.KERBEROS_ERROR_CODE_ERR_KDC_C_OLD_MAST_KVNO |
xdm.auth.kerberos_tgs
Kerberos protocol specific fields.
xdm.auth.kerberos_tgs.msg_type
Description |
Kerberos 5 message type assigned numbers. |
Datatype |
|
Dataclass |
Scalar |
Examples |
XDM_CONST.KERBEROS_MSG_TYPE_AS_REQ, XDM_CONST.KERBEROS_MSG_TYPE_AS_REP, XDM_CONST.KERBEROS_MSG_TYPE_TGS_REQ, XDM_CONST.KERBEROS_MSG_TYPE_TGS_REP, XDM_CONST.KERBEROS_MSG_TYPE_AP_REQ |
xdm.auth.kerberos_tgs.spn_type
Description |
The type of the requested service principal. |
Datatype |
|
Dataclass |
Scalar |
Examples |
XDM_CONST.KERBEROS_PRINCIPAL_TYPE_UNKNOWN, XDM_CONST.KERBEROS_PRINCIPAL_TYPE_PRINCIPAL, XDM_CONST.KERBEROS_PRINCIPAL_TYPE_SRV_INST, XDM_CONST.KERBEROS_PRINCIPAL_TYPE_SRV_HST, XDM_CONST.KERBEROS_PRINCIPAL_TYPE_SRV_XHST |
xdm.auth.kerberos_tgs.spn_values
Description |
The service names being requested. |
Datatype |
String |
Dataclass |
Array |
xdm.auth.kerberos_tgs.cname_type
Description |
The client principal type. |
Datatype |
|
Dataclass |
Scalar |
Examples |
XDM_CONST.KERBEROS_PRINCIPAL_TYPE_UNKNOWN, XDM_CONST.KERBEROS_PRINCIPAL_TYPE_PRINCIPAL, XDM_CONST.KERBEROS_PRINCIPAL_TYPE_SRV_INST, XDM_CONST.KERBEROS_PRINCIPAL_TYPE_SRV_HST, XDM_CONST.KERBEROS_PRINCIPAL_TYPE_SRV_XHST |
xdm.auth.kerberos_tgs.cname_values
Description |
The client principal names being requested. |
Datatype |
String |
Dataclass |
Array |
xdm.auth.kerberos_tgs.kdc_options
Description |
The key distribution center options. |
Datatype |
|
Dataclass |
Scalar |
Examples |
XDM_CONST.KERBEROS_KDC_OPTION_RESERVED, XDM_CONST.KERBEROS_KDC_OPTION_FORWARDABLE, XDM_CONST.KERBEROS_KDC_OPTION_FORWARDED, XDM_CONST.KERBEROS_KDC_OPTION_PROXIABLE, XDM_CONST.KERBEROS_KDC_OPTION_PROXY |
xdm.auth.kerberos_tgs.ticket_expiration
Description |
The time remaining until the ticket expires in seconds. |
Datatype |
Number |
Dataclass |
Scalar |
xdm.auth.kerberos_tgs.renew_ticket_expiration
Description |
The time remaining until the ticket renewal expires in seconds. |
Datatype |
Number |
Dataclass |
Scalar |
xdm.auth.kerberos_tgs.encryption_type
Description |
The encryption type. |
Datatype |
|
Dataclass |
Scalar |
Examples |
XDM_CONST.KERBEROS_ENCRYPTION_TYPE_DES_CBC_CRC, XDM_CONST.KERBEROS_ENCRYPTION_TYPE_DES_CBC_MD4, XDM_CONST.KERBEROS_ENCRYPTION_TYPE_DES_CBC_MD5, XDM_CONST.KERBEROS_ENCRYPTION_TYPE_DES_CBC_RAW, XDM_CONST.KERBEROS_ENCRYPTION_TYPE_DES3_CBC_MD5 |
xdm.auth.kerberos_tgs.padata_type
Description |
Pre-authentication data types. |
Datatype |
|
Dataclass |
Scalar |
Examples |
XDM_CONST.KERBEROS_PA_TYPE_TGS_REQ, XDM_CONST.KERBEROS_PA_TYPE_ENC_TIMESTAMP, XDM_CONST.KERBEROS_PA_TYPE_PW_SALT, XDM_CONST.KERBEROS_PA_TYPE_ENC_UNIX_TIME, XDM_CONST.KERBEROS_PA_TYPE_SANDIA_SECUREID |
xdm.auth.kerberos_tgs.padata_prefix
Description |
Pre-authentication data that contains a PA-PAC-REQUEST structure. |
Datatype |
String |
Dataclass |
Scalar |
xdm.auth.kerberos_tgs.ticket_prefix
Description |
The prefix of the service principal's ticket. |
Datatype |
String |
Dataclass |
Scalar |
xdm.auth.kerberos_tgs.error_code
Description |
Kerberos error code. |
Datatype |
|
Dataclass |
Scalar |
Examples |
XDM_CONST.KERBEROS_ERROR_CODE_ERR_KDC_NONE, XDM_CONST.KERBEROS_ERROR_CODE_ERR_KDC_NAME_EXP, XDM_CONST.KERBEROS_ERROR_CODE_ERR_KDC_SERVICE_EXP, XDM_CONST.KERBEROS_ERROR_CODE_ERR_KDC_BAD_PVNO, XDM_CONST.KERBEROS_ERROR_CODE_ERR_KDC_C_OLD_MAST_KVNO |
xdm.auth.ntlm
NTLM (New Technology LAN Manager) protocol specific fields.
xdm.auth.ntlm.version
Description |
The NTLM protocol version. |
Datatype |
String |
Dataclass |
Scalar |
xdm.auth.ntlm.user_name
Description |
The user name provided by the client. |
Datatype |
String |
Dataclass |
Scalar |
xdm.auth.ntlm.hostname
Description |
The host name provided by the client. |
Datatype |
String |
Dataclass |
Scalar |
xdm.auth.ntlm.target
Description |
The NTLM target provided by the server. |
Datatype |
String |
Dataclass |
Scalar |
xdm.auth.ntlm.domain
Description |
The domain name provided by the server. |
Datatype |
String |
Dataclass |
Scalar |
xdm.auth.ntlm.dns_domain
Description |
The DNS domain name provided by the server. |
Datatype |
String |
Dataclass |
Scalar |
xdm.auth.ntlm.dns_hostname
Description |
The DNS host name name provided by the server. |
Datatype |
String |
Dataclass |
Scalar |
xdm.auth.ntlm.dns_three
Description |
The DNS three provided by the server. |
Datatype |
String |
Dataclass |
Scalar |
xdm.auth.ntlm.challenge
Description |
The NTLM challenge. |
Datatype |
String |
Dataclass |
Scalar |
xdm.auth.ntlm.ntproof
Description |
The proof that the client provided, encoded as Base64. |
Datatype |
String |
Dataclass |
Scalar |
xdm.auth.is_mfa_needed
Description |
Whether multi-factor authentication was needed in this authentication attempt. |
Datatype |
Boolean |
Dataclass |
Scalar |
xdm.auth.mfa
Details about the multi-factor authentication attempt.
xdm.auth.mfa.method
Description |
The method being used by the multi-factor authentication provider. |
Datatype |
String |
Dataclass |
Scalar |
xdm.auth.mfa.provider
Description |
The multi-factor authentication provider. |
Datatype |
String |
Dataclass |
Scalar |
xdm.auth.mfa.client_details
Description |
Additional information about the client, as reported by the the multi-factor authentication provider. |
Datatype |
String |
Dataclass |
Scalar |