Audit Trail for Read Events
Audit Trail Reporting allows administrators and compliance officers to track users' interactions with sensitive data at both the object and field levels.
Use cases
The audit trail reporting can be leveraged for auditing and compliance purposes. Administrators can utilize it for:
- Satisfying regulatory mandates such as the Market Abuse Regulation.
- Early detection of potential compliance breaches or insider threats.
- Detecting unusual patterns of data access
Getting Started
This guide is meant to illustrate how to consume the audit trail read events from DealCloud using Publications – the DealCloud events API. In this guide specifically, we are demonstrating connecting to the Publications API from Swagger for testing purposes. For a practical deployment, an integration tool or consumption app would consume these read events to be processed downstream.
Step 1
Login to DealCloud and navigate to Tools → Publications
Step 2
Click 'OPEN SWAGGER' to access the Intapp Publication API
Step 3
In Publications, click the Authorize button and enter the required credentials for the following
- client_domain: refers to the URL of the site
- client_id: the client_id of the API key
- client_secret: the API secret of the API key
Step 4
Select the publish
scope and click Authorize
Step 5
Validate you can see the Audit trail topic by executing the GET Topics API endpoint.
Click GET (topics) → Try it out → Execute. A successful response is displayed below. Notice the default-audit-trail
topic
[
"bootstrap-data",
"bootstrap-schema",
"bootstrap-users",
"default-audit-trail",
"default-data",
"default-schema",
"default-users"
]
Step 6
Execute the poll API endpoint to start consuming events from the default-audit-trail
topic/queue.
Click POST (publication/poll) → Try it out → Execute. Replace “string" with "default-audit-trail." Use the timeOut and count in the below example or adjust based on your needs. Read the Poll endpoint documentation for more information.
Request
{
"topics": [
"default-audit-trail"
],
"timeOut": 5000,
"count": 20
}
Step 7
An example of a successful Publication response will look like the following:
Response
{
"eventId": 4966171946499396472,
"eventGuid": "cc9b5378-6312-44eb-85bc-e6492f9d8620",
"modifiedAt": "2025-03-18T09:22:53.8727572Z",
"topicName": "default-audit-trail",
"topicOffset": 0,
"entityType": "AuditTrail",
"entityFormatType": "None",
"modifiedById": 0,
"modifiedByUserEmail": "",
"auditTrailEvents": [
{
"eventDate": "2025-03-18T09:22:53.8703692Z",
"clientId": 1,
"ipAddress": "127.0.0.1",
"eventType": "Read",
"users": [
{
"user": "user.temp@intapp.com",
"userId": 1002010,
"proxyUser": "proxyUser.temp@intapp.com",
"proxyUserId": 1002011
}
],
"objects": [
{
"entryId": 660481,
"entryListId": 20244,
"fieldIds": [
20252
]
},
{
"entryId": 660482,
"entryListId": 20244,
"fieldIds": [
20252
]
}
]
}
]
},
Response Schema parameters
Parameter | Type | Description |
---|---|---|
eventID | int | Unique ID for the Publication event |
eventGUID | int | Globally unique ID for AuditTrail messages |
eventDate | DateTime | Timestamp of when the event occurred. Generated in UTC |
ipAddress | String | IP address of the user’s device. Omitted if null. Note: Not set for scheduled reports and notifications |
objects | int | Array with EntryIDs, EntryListIDs, FieldIDs |
eventTypes | string | Read performed by the user. |
clientId | int | ID of the client |
userID | int | ID of the user |
user | string | User's email |
proxyUserID | int | Proxy userID |
proxyUser | string | Proxy User email |