Audit Trail for Read Events

Audit Trail for Read Events

Audit Trail Reporting allows administrators and compliance officers to track users' interactions with sensitive data at both the object and field levels.

Use cases

The audit trail reporting can be leveraged for auditing and compliance purposes. Administrators can utilize it for:

  • Satisfying regulatory mandates such as the Market Abuse Regulation.
  • Early detection of potential compliance breaches or insider threats.
  • Detecting unusual patterns of data access

Getting Started

This guide is meant to illustrate how to consume the audit trail read events from DealCloud using Publications – the DealCloud events API. In this guide specifically, we are demonstrating connecting to the Publications API from Swagger for testing purposes. For a practical deployment, an integration tool or consumption app would consume these read events to be processed downstream.

Step 1

Login to DealCloud and navigate to Tools → Publications

Step 2

Click 'OPEN SWAGGER' to access the Intapp Publication API

Step 3

In Publications, click the Authorize button and enter the required credentials for the following

  • client_domain: refers to the URL of the site
  • client_id: the client_id of the API key
  • client_secret: the API secret of the API key

Step 4

Select the publish scope and click Authorize

Step 5

Validate you can see the Audit trail topic by executing the GET Topics API endpoint.

Click GET (topics) → Try it out → Execute. A successful response is displayed below. Notice the default-audit-trail topic

[
  "bootstrap-data",
  "bootstrap-schema",
  "bootstrap-users",
  "default-audit-trail",
  "default-data",
  "default-schema",
  "default-users"
]

Step 6

Execute the poll API endpoint to start consuming events from the default-audit-trail topic/queue.

Click POST (publication/poll) → Try it out → Execute. Replace “string" with "default-audit-trail." Use the timeOut and count in the below example or adjust based on your needs. Read the Poll endpoint documentation for more information.

Request

{
  "topics": [
    "default-audit-trail"
  ],
  "timeOut": 5000,
  "count": 20
}

Step 7

An example of a successful Publication response will look like the following:

Response

    {
        "eventId": 4966171946499396472,
        "eventGuid": "cc9b5378-6312-44eb-85bc-e6492f9d8620",
        "modifiedAt": "2025-03-18T09:22:53.8727572Z",
        "topicName": "default-audit-trail",
        "topicOffset": 0,
        "entityType": "AuditTrail",
        "entityFormatType": "None",
        "modifiedById": 0,
        "modifiedByUserEmail": "",
        "auditTrailEvents": [
            {
                "eventDate": "2025-03-18T09:22:53.8703692Z",
                "clientId": 1,
                "ipAddress": "127.0.0.1",
                "eventType": "Read",
                "users": [
                    {
                        "user": "user.temp@intapp.com",
                        "userId": 1002010,
                        "proxyUser": "proxyUser.temp@intapp.com",
                        "proxyUserId": 1002011
                    }
                ],
                "objects": [
                    {
                        "entryId": 660481,
                        "entryListId": 20244,
                        "fieldIds": [
                            20252
                        ]
                    },
                    {
                        "entryId": 660482,
                        "entryListId": 20244,
                        "fieldIds": [
                            20252
                        ]
                    }
                ]
            }
        ]
    },
 

Response Schema parameters

ParameterTypeDescription
eventIDintUnique ID for the Publication event
eventGUIDintGlobally unique ID for AuditTrail messages
eventDateDateTimeTimestamp of when the event occurred. Generated in UTC
ipAddressStringIP address of the user’s device. Omitted if null. Note: Not set for scheduled reports and notifications
objectsintArray with EntryIDs, EntryListIDs, FieldIDs
eventTypesstringRead performed by the user.
clientIdintID of the client
userIDintID of the user
userstringUser's email
proxyUserIDintProxy userID
proxyUserstringProxy User email