I got a earlier log that grabs all the necessary info into the following tables - username , defaultmsg , date , time. ============= Aug 25 17:41:05 IP_ADDR consolidated_audit: {"affectedEntityList":[{"entityType":"vm","name":"HOSTNAME01 | PROGRAMNAME","uuid":"11aef477-6f03-4a22-baa7-23736c8e741c"}],"alertUid":"VmUpdateAudit","classificationList":["UserAction"],"creationTimestampUsecs":"1629874233889978","defaultMsg":"Updated VM HOSTNAME01 | Tenable","opEndTimestampUsecs":"1629874233884373","opStartTimestampU==============
secs":"1629874233779524","operationType":"Update","originatingClusterUuid":"0005ad50-f430-a46c-001e-e4434bb76b0e","params":{"is_secure_boot":"false","is_uefi_boot":"true","vm_name":"HOSTNAME01 | PROGRAMNAME"},"recordType":"Audit","severity":"Audit","userName":"ABC@ABC.COM","userUuid":"3f73d040-7516-5caa-a956-91179b2cb1f5","uuid":"254f3952-bf9b-4205-8a14-ad2074ed70ab"} But the issue now is that in the earlier msg, there is no defaultmsg field in the earlier event and it under table (defualtmsg) , it's empty
... View more