Support of Work with Security Information and Event Management Systems

Foresight Analytics Platform supports work with security information and event management systems (SIEM systems).

A ready solution based on Foresight Analytics Platform can be integrated via an application system using a tool for real time analysis of running events and timely response to security threats in information systems.

NOTE. SIEM systems are not included in the software package of Foresight Analytics Platform.

SIEM systems are based on the concept that information system security data is collected from different sources, and the result of data processing is displayed in an unified interface that is available for security data analysts, which makes it easier to analyze characteristics that are inherent to security incidents.

One of the main objectives of SIEM systems use is increasing information security in the existing architecture by ensuring the ability to operate security information and execute anticipatory management of incidents and security events almost in real time.

Work with security information and event management systems is aimed at solving the following tasks:

Collection, processing and analysis of security events received by the system from various sources.
Detection of attacks and violations of security criteria and policies in real time.
Timely assessment of degree of security of information, telecommunication and other critically important resources.
Analysis and management of security risks.
Investigation of incidents.
Taking effective information protection solutions.
Creation of reporting documents.

An access protocol can be used for integration.

A security information and event management system is installed and set up by the system administrator.

A security information and event management is deployed in the environment. When planning and deploying an application, the environment system administrator must use administrator guides provided by corresponding SIEM system vendors.

Integration with third-party SIEM systems is supported via CEF files and forwarding CEF security event messages in real time via the syslog protocol.

Security Auditing Log Import to SIEM Systems

The security auditing log of Foresight Analytics Platform is stored in a database in internal format.

To export the file, use the security manager or the task scheduler.

In the security manager:

Open the security manager as an administrator.
Go to the Access Protocol tab.
Save the access protocol to file:

In the desktop application select the Access Protocol > Save to File > Full Protocol/Current View main menu item.
In the web application click the Export button on the toolbar.

The standard dialog box opens, in which specify:

File name.
File type. To export the full protocol, select the Access Protocol Files (*.cef) type. To export the current view, select the CEF (*.cef) type.
File location.

Click the Save button.

In the task scheduler:

Create a Fore unit using the IAuditLog.Archive or IAuditLog.ArchiveToDate methods.
Create a assembly execution task, specify the created unit and set up task execution frequency.
Start the task for execution.

Then set up file import by means of SIEM server.

For details about creating an event parsing decoder see the Example of Data Import to Wazuh article.

Forwarding CEF Security Event Messages in Real Time via the syslog Protocol

To forward auditing messages to syslog server, set up:

The settings.xml file.
System registry.

The priority of settings search:

settings.xml.
The [HKEY_CURRENT_USER] key.
The [HKEY_LOCAL_MACHINE] key.

If the SysLogServer section has been found during the search in the source, it is assumed that settings are read successfully event if the section is empty or contains incorrect records. Other sources are not searched. If any of parameters is absent in the source, default values are taken:

Active = False

Host = 127.0.0.1

Port = 514

Protocol = 0

CEF Event Format used in Foresight Analytics Platform

The CEF file consists of a set of events, each event is written as a text string. An event corresponds to a certain operation executed in the repository. An event string consists of a title and a set of fields. The title starts from CEF:0| and ends with |AuditLog|Unknown|. Depending on the executed operation, one can use a full or short list of fields. The following fields are available in operations:

act. Event (operation).
cs1Label. It is always set to MetabaseId.
cs1. Repository identifier.
rt. Date and time of event generation.
outcome. Operation execution result. Available values: Success, Failure.
shost. Workstation.
suser. OS user.
cs2Label. It is always set to PlatformUser.
cs2. Foresight Analytics Platform user. The field is empty if the logon failed, the field value: outcome = Failure.
cs3Label. It is always set to IPAddresses.
cs3. Set of IP addresses.
cs4Label. It is always set to ObjectName.
cs4. Object name.
cs5Label. It is always set to ObjectId.
cs5. Object identifier.
cs6Label. It is always set to AccessLevel. The field is available if mandatory access control method is enabled.
cs6. Access level. The field is available if mandatory access control method is enabled.
msg. Event comment. The field can be empty.

List of available operations:

Operation	Description	Fields	Example
FSAP_EV_LOGONS_IN	System logon.	act, cs1Label, cs1, rt, outcome, shost, suser, cs2Label, cs2, cs3Label, cs3, msg.	CEF:0\|Foresight\|Foresight Analytics Platform\|10.9.0\|FSAP_EV_LOGONS_IN\|AuditLog\|Unknown\|act= cs1Label=MetabaseId cs1=WAREHOUSE rt=Aug 05 2025 12:00:10+05:00 outcome=Success shost=IVANOV suser=ivan.ivanov cs2Label=PlatformUser cs2=ADMIN cs3Label=IPAddresses cs3=10.10.10.1 msg=Platform version: 10.9.15.0 x64 Desktop application
FSAP_EV_LOGONS_OUT	System logout.	act, cs1Label, cs1, rt, outcome, shost, suser, cs2Label, cs2, cs3Label, cs3, msg.	CEF:0\|Foresight\|Foresight Analytics Platform\|10.9.0\|FSAP_EV_LOGONS_OUT\|AuditLog\|Unknown\|act= cs1Label=MetabaseId cs1=WAREHOUSE rt=Aug 05 2025 14:15:50+05:00 outcome=Success shost=IVANOV suser=ivan.ivanov cs2Label=PlatformUser cs2=ADMIN cs3Label=IPAddresses cs3=10.10.10.1 msg=
FSAP_EV_LOGONS_NAVIGATOR	Enter navigator.	act, cs1Label, cs1, rt, outcome, shost, suser, cs2Label, cs2, cs3Label, cs3, msg.	CEF:0\|Foresight\|Foresight Analytics Platform\|10.9.0\|FSAP_EV_LOGONS_NAVIGATOR\|AuditLog\|Unknown\|act=Enter navigator cs1Label=MetabaseId cs1=WAREHOUSE rt=Aug 05 2025 12:00:11+05:00 outcome=Success shost=IVANOV suser=ivan.ivanov cs2Label=PlatformUser cs2=ADMIN cs3Label=IPAddresses cs3=10.10.10.1 msg=
FSAP_EV_OBJECT_OPERATIONS	Execute operation with repository object.	act, cs1Label, cs1, rt, outcome, shost, suser, cs2Label, cs2, cs3Label, cs3, cs4Label, cs4, cs5Label, cs5, cs6Label, cs6, msg.	CEF:0\|Foresight\|Foresight Analytics Platform\|10.9.0\|FSAP_EV_OBJECT_OPERATIONS\|AuditLog\|Unknown\|act=Write cs1Label=MetabaseId cs1=WAREHOUSE rt=Aug 05 2025 13:15:43+05:00 outcome=Success shost=IVANOV suser=ivan.ivanov cs2Label=PlatformUser cs2=ADMIN cs3Label=IPAddresses cs3=10.10.10.1 cs4Label=ObjectName cs4=Data entry form cs5Label=ObjectId cs5=OBJ444299 msg=
FSAP_EV_OO_READ	Read object.	act, cs1Label, cs1, rt, outcome, shost, suser, cs2Label, cs2, cs3Label, cs3, cs4Label, cs4, cs5Label, cs5, cs6Label, cs6, msg.	CEF:0\|Foresight\|Foresight Analytics Platform\|10.9.0\|FSAP_EV_OO_READ\|AuditLog\|Unknown\|act=Read cs1Label=MetabaseId cs1=WAREHOUSE rt=Aug 05 2025 13:20:59+05:00 outcome=Success shost=IVANOV suser=ivan.ivanov cs2Label=PlatformUser cs2=ADMIN cs3Label=IPAddresses cs3=10.10.10.1 cs4Label=ObjectName cs4=Data entry form cs5Label=ObjectId cs5=OBJ444299 msg=
FSAP_EV_OO_CREATE	Create an object.	act, cs1Label, cs1, rt, outcome, shost, suser, cs2Label, cs2, cs3Label, cs3, cs4Label, cs4, cs5Label, cs5, cs6Label, cs6, msg.	CEF:0\|Foresight\|Foresight Analytics Platform\|10.9.0\|FSAP_EV_OO_CREATE\|AuditLog\|Unknown\|act=Create cs1Label=MetabaseId cs1=WAREHOUSE rt=Aug 05 2025 12:08:25+05:00 outcome=Success shost=IVANOV suser=ivan.ivanov cs2Label=PlatformUser cs2=ADMIN cs3Label=IPAddresses cs3=10.10.10.1 cs4Label=ObjectName cs4=Table cs5Label=ObjectId cs5=OBJ446424 msg=
FSAP_EV_OO_CHANGE	Change object.	act, cs1Label, cs1, rt, outcome, shost, suser, cs2Label, cs2, cs3Label, cs3, cs4Label, cs4, cs5Label, cs5, cs6Label, cs6, msg.	CEF:0\|Foresight\|Foresight Analytics Platform\|10.9.0\|FSAP_EV_OO_CHANGE\|AuditLog\|Unknown\|act=Change cs1Label=MetabaseId cs1=WAREHOUSE rt=Aug 06 2025 16:39:12+05:00 outcome=Success shost=IVANOV suser=ivan.ivanov cs2Label=PlatformUser cs2=ADMIN cs3Label=IPAddresses cs3=10.10.10.1 cs4Label=ObjectName cs4=Regular report cs5Label=ObjectId cs5=OBJ446419 msg=
FSAP_EV_OO_DELETE	Delete object.	act, cs1Label, cs1, rt, outcome, shost, suser, cs2Label, cs2, cs3Label, cs3, cs4Label, cs4, cs5Label, cs5, cs6Label, cs6, msg.	CEF:0\|Foresight\|Foresight Analytics Platform\|10.9.0\|FSAP_EV_OO_DELETE\|AuditLog\|Unknown\|act=Delete cs1Label=MetabaseId cs1=WAREHOUSE rt=Jul 18 2025 17:18:19+05:00 outcome=Success shost=IVANOV suser=ivan.ivanov cs2Label=PlatformUser cs2=ADMIN cs3Label=IPAddresses cs3=10.10.10.1 cs4Label=ObjectName cs4=Standard cube cs5Label=ObjectId cs5=OBJ444245 msg=
FSAP_EV_RDSE_READ	Read dictionary elements.	act, cs1Label, cs1, rt, outcome, shost, suser, cs2Label, cs2, cs3Label, cs3, cs4Label, cs4, cs5Label, cs5, cs6Label, cs6, msg.	CEF:0\|Foresight\|Foresight Analytics Platform\|10.9.0\|FSAP_EV_RDSE_READ\|AuditLog\|Unknown\|act=Read dictionary elements cs1Label=MetabaseId cs1=WAREHOUSE rt=Jul 30 2025 16:25:37+05:00 outcome=Success shost=IVANOV suser=ivan.ivanov cs2Label=PlatformUser cs2=ADMIN cs3Label=IPAddresses cs3=10.10.10.1 cs4Label=ObjectName cs4=Territories cs5Label=ObjectId cs5=DIC_RF msg=
FSAP_EV_RDSE_CHANGE	Change dictionary elements.	act, cs1Label, cs1, rt, outcome, shost, suser, cs2Label, cs2, cs3Label, cs3, cs4Label, cs4, cs5Label, cs5, cs6Label, cs6, msg.	CEF:0\|Foresight\|Foresight Analytics Platform\|10.9.0\|FSAP_EV_RDSE_CHANGE\|AuditLog\|Unknown\|act=Change dictionary elements cs1Label=MetabaseId cs1=WAREHOUSE rt=Jul 17 2025 13:08:29+05:00 outcome=Success shost=IVANOV suser=ivan.ivanov cs2Label=PlatformUser cs2=ADMIN cs3Label=IPAddresses cs3=10.10.10.1 cs4Label=ObjectName cs4=Dictionary cs5Label=ObjectId cs5=DICT2 msg=Elements changed: 5 attributes: Order.
FSAP_EV_RDSE_ADD	Add elements to dictionary.	act, cs1Label, cs1, rt, outcome, shost, suser, cs2Label, cs2, cs3Label, cs3, cs4Label, cs4, cs5Label, cs5, cs6Label, cs6, msg.	CEF:0\|Foresight\|Foresight Analytics Platform\|10.9.0\|FSAP_EV_RDSE_ADD\|AuditLog\|Unknown\|act=Add elements to dictionary cs1Label=MetabaseId cs1=WAREHOUSE rt=Jul 30 2025 10:39:41+05:00 outcome=Success shost=IVANOV suser=ivan.ivanov cs2Label=PlatformUser cs2=ADMIN cs3Label=IPAddresses cs3=10.10.10.1 cs4Label=ObjectName cs4=Dictionary cs5Label=ObjectId cs5=OBJ444935 msg=Elements added: Totals.
FSAP_EV_RDSE_DELETE	Delete dictionary elements.	act, cs1Label, cs1, rt, outcome, shost, suser, cs2Label, cs2, cs3Label, cs3, cs4Label, cs4, cs5Label, cs5, cs6Label, cs6, msg.	CEF:0\|Foresight\|Foresight Analytics Platform\|10.9.0\|FSAP_EV_RDSE_DELETE\|AuditLog\|Unknown\|act=Delete dictionary elements cs1Label=MetabaseId cs1=WAREHOUSE rt=Jul 17 2025 17:07:10+05:00 outcome=Success shost=IVANOV suser=ivan.ivanov cs2Label=PlatformUser cs2=ADMIN cs3Label=IPAddresses cs3=10.10.10.1 cs4Label=ObjectName cs4=Dictionary cs5Label=ObjectId cs5=OBJ444935 msg=Elements deleted: For checking.
FSAP_EV_OSO_OBJECT_RIGHTS_CHANGE	Change element permissions.	act, cs1Label, cs1, rt, outcome, shost, suser, cs2Label, cs2, cs3Label, cs3, cs4Label, cs4, cs5Label, cs5, cs6Label, cs6, msg.	CEF:0\|Foresight\|Foresight Analytics Platform\|10.9.0\|FSAP_EV_OSO_OBJECT_RIGHTS_CHANGE\|AuditLog\|Unknown\|act=Change permissions cs1Label=MetabaseId cs1=WAREHOUSE rt=Jul 02 2025 16:04:12+05:00 outcome=Success shost=IVANOV suser=ivan.ivanov cs2Label=PlatformUser cs2=ADMIN cs3Label=IPAddresses cs3=10.10.10.1 cs4Label=ObjectName cs4=Cube segment cs5Label=ObjectId cs5=OBJ433272 msg=Removed inheritance of parent object access permissions
FSAP_EV_OSO_RDS_ELEMENT_RIGHTS_CHANGE	Change MDM dictionary element permissions.	act, cs1Label, cs1, rt, outcome, shost, suser, cs2Label, cs2, cs3Label, cs3, cs4Label, cs4, cs5Label, cs5, cs6Label, cs6, msg.	CEF:0\|Foresight\|Foresight Analytics Platform\|10.9.0\|FSAP_EV_OSO_RDS_ELEMENT_RIGHTS_CHANGE\|AuditLog\|Unknown\|act=Change element permissions cs1Label=MetabaseId cs1=WAREHOUSE rt=Dec 16 2025 11:59:25+05:00 outcome=Success shost=IVANOV suser=ivan.ivanov cs2Label=PlatformUser cs2=ADMIN cs3Label=IPAddresses cs3=10.10.10.1 cs4Label=ObjectName cs4=Dictionary of socio-economic indicators cs5Label=ObjectId cs5=DIC_SEP_COPY3 msg=Changed permissions for the 'TESTER' user/group - before: 'Read,Write,Delete'; after: 'No access to' the 'INVESTMENTS' element
FSAP_EV_UO_READ	Read update from file or repository object.	act, cs1Label, cs1, rt, outcome, shost, suser, cs2Label, cs2, cs3Label, cs3, msg.	CEF:0\|Foresight\|Foresight Analytics Platform\|10.9.0\|FSAP_EV_UO_READ\|AuditLog\|Unknown\|act=Read update cs1Label=MetabaseId cs1=WAREHOUSE rt=Jul 24 2025 09:33:35+05:00 outcome=Success shost=IVANOV suser=ivan.ivanov cs2Label=PlatformUser cs2=ADMIN cs3Label=IPAddresses cs3=10.10.10.1 msg=File: D:\\Updates\\2.pefx Date: 24.07.2025 9:33:35 Size: 2602578
FSAP_EV_UO_SAVE	Save update to file or repository object.	act, cs1Label, cs1, rt, outcome, shost, suser, cs2Label, cs2, cs3Label, cs3, msg.	CEF:0\|Foresight\|Foresight Analytics Platform\|10.9.0\|FSAP_EV_UO_SAVE\|AuditLog\|Unknown\|act=Write update cs1Label=MetabaseId cs1=WAREHOUSE rt=Aug 01 2025 13:54:26+05:00 outcome=Success shost=IVANOV suser=ivan.ivanov cs2Label=PlatformUser cs2=ADMIN cs3Label=IPAddresses cs3=10.10.10.1 msg=Dile: D:\\Updates\\3.pefx Date: 01.08.2025 13:43:31 Size: 1241279
FSAP_EV_UO_APPLY	Apply update to repository.	act, cs1Label, cs1, rt, outcome, shost, suser, cs2Label, cs2, cs3Label, cs3, msg.	CEF:0\|Foresight\|Foresight Analytics Platform\|10.9.0\|FSAP_EV_UO_APPLY\|AuditLog\|Unknown\|act=Apply update cs1Label=MetabaseId cs1=WAREHOUSE rt=Jul 24 2025 09:36:30+05:00 outcome=Success shost=IVANOV suser=ivan.ivanov cs2Label=PlatformUser cs2=ADMIN cs3Label=IPAddresses cs3=10.10.10.1 msg=
FSAP_EV_UO_QUERY	Execute SQL query during the update.	act, cs1Label, cs1, rt, outcome, shost, suser, cs2Label, cs2, cs3Label, cs3, msg.	CEF:0\|Foresight\|Foresight Analytics Platform\|10.9.0\|FSAP_EV_UO_QUERY\|AuditLog\|Unknown\|act=Apply SQL command cs1Label=MetabaseId cs1=WAREHOUSE rt=Aug 07 2025 14:56:40+05:00 outcome=Success shost=IVANOV suser=ivan.ivanov cs2Label=PlatformUser cs2=Admin cs3Label=IPAddresses cs3=10.10.10.1 msg=INSERT into "T_UPDATE" (updatedate) VALUES (CURRENT_TIMESTAMP);
FSAP_EV_SO_POLICY_CHANGE	Change security policy.	act, cs1Label, cs1, rt, outcome, shost, suser, cs2Label, cs2, cs3Label, cs3, msg.	CEF:0\|Foresight\|Foresight Analytics Platform\|10.9.0\|FSAP_EV_SO_POLICY_CHANGE\|AuditLog\|Unknown\|act=Change policy cs1Label=MetabaseId cs1=WAREHOUSE rt=Jul 15 2025 14:40:47+05:00 outcome=Success shost=IVANOV suser=ivan.ivanov cs2Label=PlatformUser cs2=ADMIN cs3Label=IPAddresses cs3=10.10.10.1 msg=Change password for the 'TESTER' user
FSAP_EV_SO_POLICY_READ	Read security policy.	act, cs1Label, cs1, rt, outcome, shost, suser, cs2Label, cs2, cs3Label, cs3, msg.	CEF:0\|Foresight\|Foresight Analytics Platform\|10.9.0\|FSAP_EV_SO_POLICY_READ\|AuditLog\|Unknown\|act=Read policy cs1Label=MetabaseId cs1=WAREHOUSE rt=Aug 07 2025 09:47:32+05:00 outcome=Success shost=IVANOV suser=ivan.ivanov cs2Label=PlatformUser cs2=ADMIN cs3Label=IPAddresses cs3=10.10.10.1 msg=
FSAP_EV_SO_SNAPSHOT_SAVE	Save security policy backup.	act, cs1Label, cs1, rt, outcome, shost, suser, cs2Label, cs2, cs3Label, cs3, msg.	CEF:0\|Foresight\|Foresight Analytics Platform\|10.9.0\|FSAP_EV_SO_SNAPSHOT_SAVE\|AuditLog\|Unknown\|act=Save security policy environment cs1Label=MetabaseId cs1=WAREHOUSE rt=Aug 07 2025 14:54:36+05:00 outcome=Success shost=IVANOV suser=ivan.ivanov cs2Label=PlatformUser cs2=Admin cs3Label=IPAddresses cs3=10.10.10.1 filePath=File: D:\\Archive\\Warehouse[07_08_2025].pppolicy
FSAP_EV_SO_SNAPSHOT_APPLY	Restore from security policy backup.	act, cs1Label, cs1, rt, outcome, shost, suser, cs2Label, cs2, cs3Label, cs3, msg.	CEF:0\|Foresight\|Foresight Analytics Platform\|10.9.0\|FSAP_EV_SO_SNAPSHOT_APPLY\|AuditLog\|Unknown\|act=Apply security policy environment cs1Label=MetabaseId cs1=WAREHOUSE rt=Aug 07 2025 14:54:40+05:00 outcome=Success shost=IVANOV suser=ivan.ivanov cs2Label=PlatformUser cs2=Admin cs3Label=IPAddresses cs3=10.10.10.1 filePath=File: D:\\Archive\\Warehouse[07_08_2025].pppolicy Date: 07.08.2025 14:54:36 Size: 3142
FSAP_EV_SO_AUDITLOG_ARCHIVE_SAVE	Save access protocol to file.	act, cs1Label, cs1, rt, outcome, shost, suser, cs2Label, cs2, cs3Label, cs3, msg.	CEF:0\|Foresight\|Foresight Analytics Platform\|10.9.0\|FSAP_EV_SO_AUDITLOG_ARCHIVE_SAVE\|AuditLog\|Unknown\|act=Save access protocol cs1Label=MetabaseId cs1=WAREHOUSE rt=Apr 03 2025 17:37:06+05:00 outcome=Success shost=IVANOV suser=ivan.ivanov cs2Label=PlatformUser cs2=ADMIN cs3Label=IPAddresses cs3=10.10.10.1 filePath=D:\\Archive\\access_protocol_Warehouse_2020-2025.pplog
FSAP_EV_VCS_CONNECTION_CHANGE	Connect to version control system (VCS).	act, cs1Label, cs1, rt, outcome, shost, suser, cs2Label, cs2, cs3Label, cs3, msg.	CEF:0\|Foresight\|Foresight Analytics Platform\|10.9.0\|FSAP_EV_VCS_CONNECTION_CHANGE\|AuditLog\|Unknown\|act=Connect to VCS cs1Label=MetabaseId cs1=WAREHOUSE rt=Aug 07 2025 17:10:55+05:00 outcome=Success shost=IVANOV suser=ivan.ivanov cs2Label=PlatformUser cs2=ADMIN cs3Label=IPAddresses cs3=10.10.10.1 msg=Repository is connected to version control system, Team Foundation Server - https://testserver.ru/company/WORK/_git/Project, Team Project -
FSAP_EV_VCS_PARAMETERS_CHANGE	Change version control system (VCS) settings.	act, cs1Label, cs1, rt, outcome, shost, suser, cs2Label, cs2, cs3Label, cs3, msg.	CEF:0\|Foresight\|Foresight Analytics Platform\|10.9.0\|FSAP_EV_VCS_PARAMETERS_CHANGE\|AuditLog\|Unknown\|act=Change VCS settings cs1Label=MetabaseId cs1=WAREHOUSE rt=Aug 07 2025 17:24:38+05:00 outcome=Success shost=IVANOV suser=ivan.ivanov cs2Label=PlatformUser cs2=ADMIN cs3Label=IPAddresses cs3=10.10.10.1 msg=Project is changed on TFS server - 'https://testserver.ru/company/WORK/_git/Test' (before - 'https://testserver.ru/company/WORK/_git/Project')
FSAP_EV_VCS_REPOSITORY_SYNCHRONIZED	Synchronize version control system settings with repository.	act, cs1Label, cs1, rt, outcome, shost, suser, cs2Label, cs2, cs3Label, cs3, msg.	CEF:0\|Foresight\|Foresight Analytics Platform\|10.9.0\|FSAP_EV_VCS_REPOSITORY_SYNCHRONIZED\|AuditLog\|Unknown\|act=Synchronize with VCS cs1Label=MetabaseId cs1=WAREHOUSE rt=Aug 07 2025 17:10:05+05:00 outcome=Success shost=IVANOV suser=ivan.ivanov cs2Label=PlatformUser cs2=ADMIN cs3Label=IPAddresses cs3=10.10.10.1 msg=Repository is synchronized with version control system, Team Foundation Server - https://testserver.ru/company/WORK/_git/Project, Team Project -
FSAP_EV_CUSTOM_OPERATIONS	Security events for operations with custom objects.	act, cs1Label, cs1, rt, outcome, shost, suser, cs2Label, cs2, cs3Label, cs3, cs4Label, cs4, cs5Label, cs5, cs6Label, cs6, msg.	CEF:0\|Foresight\|Foresight Analytics Platform\|10.9.0\|FSAP_EV_CUSTOM_OPERATIONS\|AuditLog\|Unknown\|act=Start cs1Label=MetabaseId cs1=WAREHOUSE rt=Apr 03 2025 18:29:35+05:00 outcome=Success shost=IVANOV suser=ivan.ivanov cs2Label=PlatformUser cs2=ADMIN cs3Label=IPAddresses cs3=10.10.10.1 cs4Label=ObjectName cs4=Process cs5Label=ObjectId cs5=OBJ347351 msg=Execute the Start operation of custom object
FSAP_EV_IEO_PRINT	Print.	act, cs1Label, cs1, rt, outcome, shost, suser, cs2Label, cs2, cs3Label, cs3, cs4Label, cs4, cs5Label, cs5, cs6Label, cs6, msg.	CEF:0\|Foresight\|Foresight Analytics Platform\|10.9.0\|FSAP_EV_IEO_PRINT\|AuditLog\|Unknown\|act=Print cs1Label=MetabaseId cs1=WAREHOUSE rt=Aug 06 2025 11:44:56+05:00 outcome=Success shost=IVANOV suser=ivan.ivanov cs2Label=PlatformUser cs2=ADMIN cs3Label=IPAddresses cs3=10.10.10.1 cs4Label=ObjectName cs4=Information panel cs5Label=ObjectId cs5=OBJ425821 msg=Preview Number of pages: 1 Result: Printing
FSAP_EV_IEO_EXPORT	Export.	act, cs1Label, cs1, rt, outcome, shost, suser, cs2Label, cs2, cs3Label, cs3, cs4Label, cs4, cs5Label, cs5, cs6Label, cs6, msg.	CEF:0\|Foresight\|Foresight Analytics Platform\|10.9.0\|FSAP_EV_IEO_EXPORT\|AuditLog\|Unknown\|act=Export cs1Label=MetabaseId cs1=WAREHOUSE rt=Aug 06 2025 11:44:56+05:00 outcome=Success shost=IVANOV suser=ivan.ivanov cs2Label=PlatformUser cs2=ADMIN cs3Label=IPAddresses cs3=10.10.10.1 cs4Label=ObjectName cs4=Information panel cs5Label=ObjectId cs5=OBJ425821 msg=Number of copies: 1 Number of pages: 1 Result: Success
FSAP_EV_IEO_IMPORT	Import.	act, cs1Label, cs1, rt, outcome, shost, suser, cs2Label, cs2, cs3Label, cs3, cs4Label, cs4, cs5Label, cs5, cs6Label, cs6, msg.	CEF:0\|Foresight\|Foresight Analytics Platform\|10.9.0\|FSAP_EV_IEO_IMPORT\|AuditLog\|Unknown\|act=Import cs1Label=MetabaseId cs1=WAREHOUSE rt=Jul 17 2025 16:44:33+05:00 outcome=Success shost=IVANOV suser=ivan.ivanov cs2Label=PlatformUser cs2=ADMIN cs3Label=IPAddresses cs3=10.10.10.1 cs4Label=ObjectName cs4=Indicators cs5Label=ObjectId cs5=OBJ444003 msg=
FSAP_EV_IEO_EXPORT_WEB	Export to web.	act, cs1Label, cs1, rt, outcome, shost, suser, cs2Label, cs2, cs3Label, cs3, cs4Label, cs4, cs5Label, cs5, cs6Label, cs6, msg.	CEF:0\|Foresight\|Foresight Analytics Platform\|10.9.0\|FSAP_EV_IEO_EXPORT_WEB\|AuditLog\|Unknown\|act=Export cs1Label=MetabaseId cs1=WAREHOUSE rt=Aug 05 2025 11:39:29+05:00 outcome=Success shost=IVANOV suser=ivan.ivanov cs2Label=PlatformUser cs2=ADMIN cs3Label=IPAddresses cs3=10.10.10.1 cs4Label=ObjectName cs4=Regular report cs5Label=ObjectId cs5=OBJ446419 msg=Save information from object to clipboard
FSAP_EV_OO_TBL_SELECT	Retrieve data.	act, cs1Label, cs1, rt, outcome, shost, suser, cs2Label, cs2, cs3Label, cs3, cs4Label, cs4, cs5Label, cs5, cs6Label, cs6, msg.	CEF:0\|Foresight\|Foresight Analytics Platform\|10.9.0\|FSAP_EV_OO_TBL_SELECT\|AuditLog\|Unknown\|act=Retrieve data cs1Label=MetabaseId cs1=WAREHOUSE rt=Sep 03 2025 18:02:21+05:00 outcome=Success shost=IVANOV suser=ivan.ivanov cs2Label=PlatformUser cs2=ADMIN cs3Label=IPAddresses cs3=10.10.10.1 cs4Label=ObjectName cs4=Table cs5Label=ObjectId cs5=OBJ390754 msg=
FSAP_EV_OO_TBL_INSERT	Insert data.	act, cs1Label, cs1, rt, outcome, shost, suser, cs2Label, cs2, cs3Label, cs3, cs4Label, cs4, cs5Label, cs5, cs6Label, cs6, msg.	CEF:0\|Foresight\|Foresight Analytics Platform\|10.9.0\|FSAP_EV_OO_TBL_INSERT\|AuditLog\|Unknown\|act=Insert data cs1Label=MetabaseId cs1=WAREHOUSE rt=Jul 17 2025 18:01:26+05:00 outcome=Success shost=IVANOV suser=ivan.ivanov cs2Label=PlatformUser cs2=ADMIN cs3Label=IPAddresses cs3=10.10.10.1 cs4Label=ObjectName cs4=Table cs5Label=ObjectId cs5=OBJ444030 msg=
FSAP_EV_OO_TBL_UPDATE	Change data.	act, cs1Label, cs1, rt, outcome, shost, suser, cs2Label, cs2, cs3Label, cs3, cs4Label, cs4, cs5Label, cs5, cs6Label, cs6, msg.	CEF:0\|Foresight\|Foresight Analytics Platform\|10.9.0\|FSAP_EV_OO_TBL_UPDATE\|AuditLog\|Unknown\|act=Change data cs1Label=MetabaseId cs1=WAREHOUSE rt=Jul 18 2025 14:07:18+05:00 outcome=Success shost=IVANOV suser=ivan.ivanov cs2Label=PlatformUser cs2=ADMIN cs3Label=IPAddresses cs3=10.10.10.1 cs4Label=ObjectName cs4=Table cs5Label=ObjectId cs5=OBJ444030 msg=
FSAP_EV_OO_TBL_DELETE	Delete data.	act, cs1Label, cs1, rt, outcome, shost, suser, cs2Label, cs2, cs3Label, cs3, cs4Label, cs4, cs5Label, cs5, cs6Label, cs6, msg.	CEF:0\|Foresight\|Foresight Analytics Platform\|10.9.0\|FSAP_EV_OO_TBL_DELETE\|AuditLog\|Unknown\|act=Delete data cs1Label=MetabaseId cs1=WAREHOUSE rt=Jul 15 2025 17:22:59+05:00 outcome=Success shost=IVANOV suser=ivan.ivanov cs2Label=PlatformUser cs2=ADMIN cs3Label=IPAddresses cs3=10.10.10.1 cs4Label=ObjectName cs4=Table cs5Label=ObjectId cs5=OBJ443707 msg=
FSAP_EV_OO_TBL_ALTER	Change table structure.	act, cs1Label, cs1, rt, outcome, shost, suser, cs2Label, cs2, cs3Label, cs3, cs4Label, cs4, cs5Label, cs5, cs6Label, cs6, msg.	CEF:0\|Foresight\|Foresight Analytics Platform\|10.9.0\|FSAP_EV_OO_TBL_ALTER\|AuditLog\|Unknown\|act=Change table structure cs1Label=MetabaseId cs1=WAREHOUSE rt=Aug 05 2025 12:08:23+05:00 outcome=Success shost=IVANOV suser=ivan.ivanov cs2Label=PlatformUser cs2=ADMIN cs3Label=IPAddresses cs3=10.10.10.1 cs4Label=ObjectName cs4=Table cs5Label=ObjectId cs5=OBJ446424 msg=
FSAP_EV_OO_PROC_EXECUTE	Execute procedure.	act, cs1Label, cs1, rt, outcome, shost, suser, cs2Label, cs2, cs3Label, cs3, cs4Label, cs4, cs5Label, cs5, cs6Label, cs6, msg.	CEF:0\|Foresight\|Foresight Analytics Platform\|10.9.0\|FSAP_EV_OO_PROC_EXECUTE\|AuditLog\|Unknown\|act=Execute procedure =MetabaseId cs1=WAREHOUSE rt=Jul 17 2025 10:15:25+05:00 outcome=Success shost=IVANOV suser=ivan.ivanov cs2Label=PlatformUser cs2=ADMIN cs3Label=IPAddresses cs3=10.10.10.1 cs4Label=ObjectName cs4=Delete incorrect data cs5Label=ObjectId cs5=_DELETE_INCORRECT_DATA msg=
FSAP_EV_OO_PROC_ALTER	Change procedure text.	act, cs1Label, cs1, rt, outcome, shost, suser, cs2Label, cs2, cs3Label, cs3, cs4Label, cs4, cs5Label, cs5, cs6Label, cs6, msg.	CEF:0\|Foresight\|Foresight Analytics Platform\|10.9.0\|FSAP_EV_OO_PROC_ALTER\|AuditLog\|Unknown\|act=Change text cs1Label=MetabaseId cs1=WAREHOUSE rt=Jul 16 2025 08:48:01+05:00 outcome=Success shost=IVANOV suser=ivan.ivanov cs2Label=PlatformUser cs2=ADMIN cs3Label=IPAddresses cs3=10.10.10.1 cs4Label=ObjectName cs4=Procedure cs5Label=ObjectId cs5=P_UPDATE msg=
FSAP_EV_OO_MSPRB_EXECUTE	It starts modeling problem calculation.	act, cs1Label, cs1, rt, outcome, shost, suser, cs2Label, cs2, cs3Label, cs3, cs4Label, cs4, cs5Label, cs5, cs6Label, cs6, msg.	CEF:0\|Foresight\|Foresight Analytics Platform\|10.9.0\|FSAP_EV_OO_MSPRB_EXECUTE\|AuditLog\|Unknown\|act=Execute cs1Label=MetabaseId cs1=WAREHOUSE rt=Aug 07 2025 15:37:32+05:00 outcome=Success shost=IVANOV suser=ivan.ivanov cs2Label=PlatformUser cs2=Admin cs3Label=IPAddresses cs3=10.10.10.1 cs4Label=ObjectName cs4=Modeling problem cs5Label=ObjectId cs5=OBJ20162 msg=
FSAP_EV_OO_MSVAL_EXECUTE	Execute validation rule.	act, cs1Label, cs1, rt, outcome, shost, suser, cs2Label, cs2, cs3Label, cs3, cs4Label, cs4, cs5Label, cs5, cs6Label, cs6, msg.	CEF:0\|Foresight\|Foresight Analytics Platform\|10.9.0\|FSAP_EV_OO_MSVAL_EXECUTE\|AuditLog\|Unknown\|act=Execution cs1Label=MetabaseId cs1=WAREHOUSE rt=Dec 08 2025 11:44:34+05:00 outcome=Success shost=IVANOV suser=ivan.ivanov cs2Label=PlatformUser cs2=ADMIN cs3Label=IPAddresses cs3=10.10.10.1 cs4Label=ObjectName cs4=New validation rule cs5Label=ObjectId cs5=OBJ33886 msg=
FSAP_EV_OO_SCHT_EXECUTE	Execute task in scheduled tasks container.	act, cs1Label, cs1, rt, outcome, shost, suser, cs2Label, cs2, cs3Label, cs3, cs4Label, cs4, cs5Label, cs5, cs6Label, cs6, msg.	CEF:0\|Foresight\|Foresight Analytics Platform\|10.9.0\|FSAP_EV_OO_SCHT_EXECUTE\|AuditLog\|Unknown\|act=Execute cs1Label=MetabaseId cs1=WAREHOUSE rt=Feb 05 2025 14:48:46+05:00 outcome=Success shost=IVANOV suser=ivan.ivanov cs2Label=PlatformUser cs2=ADMIN cs3Label=IPAddresses cs3=10.10.10.1 cs4Label=ObjectName cs4=Execute unit cs5Label=ObjectId cs5=OBJ414410 msg=
FSAP_EV_OO_CUBE_WRITE_DATA	Save data to cube.	act, cs1Label, cs1, rt, outcome, shost, suser, cs2Label, cs2, cs3Label, cs3, cs4Label, cs4, cs5Label, cs5, cs6Label, cs6, msg.	CEF:0\|Foresight\|Foresight Analytics Platform\|10.9.0\|FSAP_EV_OO_CUBE_WRITE_DATA\|AuditLog\|Unknown\|act=Save data cs1Label=MetabaseId cs1=WAREHOUSE rt=Jul 30 2025 10:42:04+05:00 outcome=Success shost=IVANOV suser=ivan.ivanov cs2Label=PlatformUser cs2=ADMIN cs3Label=IPAddresses cs3=10.10.10.1 cs4Label=ObjectName cs4=Cube cs5Label=ObjectId cs5=OBJ444939 msg=
FSAP_EV_OO_CUBE_READ_FORMULAS	Read calculated cube formulas.	act, cs1Label, cs1, rt, outcome, shost, suser, cs2Label, cs2, cs3Label, cs3, cs4Label, cs4, cs5Label, cs5, cs6Label, cs6, msg.	CEF:0\|Foresight\|Foresight Analytics Platform\|10.9.0\|FSAP_EV_OO_CUBE_READ_FORMULAS\|AuditLog\|Unknown\|act=Read formulas cs1Label=MetabaseId cs1=WAREHOUSE rt=Apr 09 2025 12:31:19+05:00 outcome=Success shost=IVANOV suser=ivan.ivanov cs2Label=PlatformUser cs2=ADMIN cs3Label=IPAddresses cs3=10.10.10.1 cs4Label=ObjectName cs4=Calculated cube cs5Label=ObjectId cs5=CALC_CUBE msg=
FSAP_EV_OO_CUBE_SAVE_FORMULAS	Save calculated cube formulas.	act, cs1Label, cs1, rt, outcome, shost, suser, cs2Label, cs2, cs3Label, cs3, cs4Label, cs4, cs5Label, cs5, cs6Label, cs6, msg.	CEF:0\|Foresight\|Foresight Analytics Platform\|10.9.0\|FSAP_EV_OO_CUBE_SAVE_FORMULAS\|AuditLog\|Unknown\|act=Save formulas cs1Label=MetabaseId cs1=WAREHOUSE rt=Aug 07 2025 17:08:36+05:00 outcome=Success shost=IVANOV suser=ivan.ivanov cs2Label=PlatformUser cs2=ADMIN cs3Label=IPAddresses cs3=10.10.10.1 cs4Label=ObjectName cs4=Calculated cube cs5Label=ObjectId cs5=CALC_CUBE msg=
FSAP_EV_OO_CUBE_EXECUTE	Execute cube data loader.	act, cs1Label, cs1, rt, outcome, shost, suser, cs2Label, cs2, cs3Label, cs3, cs4Label, cs4, cs5Label, cs5, cs6Label, cs6, msg.	CEF:0\|Foresight\|Foresight Analytics Platform\|10.9.0\|FSAP_EV_OO_CUBE_EXECUTE\|AuditLog\|Unknown\|act=Execute cs1Label=MetabaseId cs1=WAREHOUSE rt=Aug 07 2025 15:03:14+05:00 outcome=Success shost=IVANOV suser=ivan.ivanov cs2Label=PlatformUser cs2=Admin cs3Label=IPAddresses cs3=10.10.10.1 cs4Label=ObjectName cs4=Cube loader cs5Label=ObjectId cs5=OBJ20137 msg=
FSAP_EV_OO_DB_OPEN_CONNECTION	Open connection of the Database object.	act, cs1Label, cs1, rt, outcome, shost, suser, cs2Label, cs2, cs3Label, cs3, cs4Label, cs4, cs5Label, cs5, cs6Label, cs6, msg.	CEF:0\|Foresight\|Foresight Analytics Platform\|10.9.0\|FSAP_EV_OO_DB_OPEN_CONNECTION\|AuditLog\|Unknown\|act=Open connection cs1Label=MetabaseId cs1=WAREHOUSE rt=Jul 16 2025 15:13:05+05:00 outcome=Success shost=IVANOV suser=ivan.ivanov cs2Label=PlatformUser cs2=ADMIN cs3Label=IPAddresses cs3=10.10.10.1 cs4Label=ObjectName cs4=Database _test cs5Label=ObjectId cs5=OBJ443816 msg=Server: <test.server>
FSAP_EV_OO_ETL_TASK_EXECUTE	Execute ETL task.	act, cs1Label, cs1, rt, outcome, shost, suser, cs2Label, cs2, cs3Label, cs3, cs4Label, cs4, cs5Label, cs5, cs6Label, cs6, msg.	CEF:0\|Foresight\|Foresight Analytics Platform\|10.9.0\|FSAP_EV_OO_ETL_TASK_EXECUTE\|AuditLog\|Unknown\|act=Execute cs1Label=MetabaseId cs1=WAREHOUSE rt=Jul 16 2025 16:15:28+05:00 outcome=Success shost=IVANOV suser=ivan.ivanov cs2Label=PlatformUser cs2=ADMIN cs3Label=IPAddresses cs3=10.10.10.1 cs4Label=ObjectName cs4=ETL task cs5Label=ObjectId cs5=OBJ443815 msg=