HighSide Event Log Connectors allow for seamless integration with industry leading Compliance management tools like Splunk and SumoLogic. This allows for all events that occur within a HighSide team to be tracked and sent to the external tool of your choice, however we do not currently support exporting messages to these external tools so all messages eDiscovery will have to be done within the HighSide native Compliance Suite. We currently support both Splunk and SumoLogic, however we export via JSON and Syslog so all platforms should be able to handle our logs. Please contact HighSide Support if you use another system and would like to get that set up. Below is a more in depth walkthrough on what the events will look like as they come into your external system and what the parameters mean as they come through
Common structures
All events have the same basic structure.
Message structure
Field |
Data Type |
Example Value |
Description |
CompanyID |
number |
1000 |
ID corresponding to the Company |
IP |
IP |
192.168.1.1 |
IP used to connect to the server |
Address |
User Address |
CH-7n…..bD |
User address |
geoIPData |
JSON |
Example below |
Geolocation Data (only available if compliance bot is turned on) |
humanName |
string |
John Doe |
Name used by that user |
messageCode |
string |
uploadedNewContact |
Identifier of the event. Some of them might also bring parameters with further information. We will detail them in the following section |
time |
number (ms) |
1629870149477 |
Timestamp (in milliseconds) of the generated event |
useragent |
string |
/Highside Desktop Client:6.5.0/Windows:10/ |
A string that identifies the client the user is using as well as it’s operative system. The format is the following: /<client name>:<client version>/<OS Name>:<OS Version>/ |
Full example:
Message codes description
Message Code |
Description |
Params |
challengeChkResult1 |
The user has successfully connected to the server |
|
challengeChkResult19 |
The user cannot log in because their company’s account is disabled. |
|
challengeChkResult23 |
The user cannot log in because their account has already been requested to be wiped by the company admin. |
|
challengeChkResult24 |
The user cannot log in because of an inspecific signup error. |
|
challengeChkResult30 |
The user cannot log in because someone has guessed their 2FA details too many times (100 times). |
|
challengeChkResult31 |
The user cannot login because their account is inactive |
|
challengeChkResult32 |
The user cannot log in because this signup token or secret key is for a compliance bot but they are using a mobile client. Mobile clients don't support the compliance interface. |
|
challengeChkResult33 |
The user cannot log in because they used a signup token for compliance bot but they have other existing accounts in their client. |
|
challengeChkResult34 |
The user cannot log in because they used a secret key for a compliance bot but they have other existing accounts in their client. |
|
downloadDone |
The user finished downloading a file. |
Param1: msgID of the message |
updatedCompanyName |
The user has updated the company name |
Param1: new name for the company |
updatedRetentionPeriod |
The company retention period has been updated |
Param1: new retention period |
updateDeleteMessagesEnabled |
The user has toggled the delete-messages-enabled setting. |
Param1: 1 to enable, 0 to disable |
updatedContactHumanName |
A user has updated the human name of a contact (self of another in case of admins). |
Param1: contactID of the contact. Param2: contact name before the change Param3: new contact name |
updatedContactAccountStatus |
A user has updated a contact account status (self or others). |
Param1: contactID of the contact. Param2: contact account status before the change Param3: new contact account status Param4: contact name |
updatedContactGroupID |
A user has updated a contact group ID. |
Param1: contactID of the contact. Param2: contact group ID before the change Param3: new contact group ID Param4: contact name |
uploadedNewContact |
The user has uploaded a new contact |
Param1: ContactID Param2: Contact name |
reset2FA |
2FA setting was reseted for a user |
Param1: user address Param2: user name |
userEnabledPin2FA |
A user has enabled PIN 2FA for their account |
|
userEnabledPhoneToken2FA |
User has enabled SMS-based 2FA for their account |
|
userDisabledPin2FA |
User has disabled PIN 2FA for his account. |
|
userDisabledPhoneToken2FA |
User has disabled SMS-based 2FA for his account. |
|
wipe |
User has marked all devices of a user to be wiped the next time they connect |
Param1: User name to be wiped Param2: User address to be wiped |
wipeDevice |
User has marked one device to be wiped next time it connects |
Param1: Target user name Param2: Target user address Param3: ClientID of the device to be deleted |
setCompanyLogo |
User has changed the team logo |
|
channelAddMember |
User has added another user to the channel |
Param1: Address of the user that was added Param2: Name of the user that was added Param3: Channel ID Param4: Channel name |
channelDeleteMember |
User has removed another user from the channel |
Param1: Address of the user that was removed Param2: Name of the user that was removed Param3: Channel ID Param4: Channel name |
joinChannel |
User joined a channel |
Param1: Channel ID Param2: Channel name |
leaveChannel |
User left a channel |
Param1: Channel ID Param2: Channel name |
createChannel |
User created a channel |
Param1: Channel name Param2: Channel type Param3: Channel ID |
updatedChannelName |
User has updated the name of a channel |
Param1: Previous name Param2: New channel name Param3: Channel ID |
updatedChannelTopic |
User has updated the topic of a channel |
Param1: Channel name Param2: New channel topic Param3: Channel ID |
promoteNewChannelOwner |
When an owner of a channel si removed from an non-empty channel and a new user is promoted to owner |
Param1: Previous owner address Param2: New owner address Param3: Channel ID Param4: Channel name |
archivedChannel |
The user archived a channel |
Param1: Channel ID Param2: Channel Name |
unarchivedChannel |
The user has unarchived a channel |
Param1: Channel ID Param2: Channel Name |
ruleAdded |
A new rule has been added |
Param1: Rule action Param2: Group 1 name Param3: Group 2 name (optional) Param4: List of current rules |
ruleDeleted |
A new rule has been deleted |
Param1: Rule action Param2: Group 1 name Param3: Group 2 name (optional) Param4: List of current rules |
groupCreated |
The user has created a group |
Param1: Group name Param2: Group ID |
updatedActiveHours |
The user updated the active hours for a group |
Param1: Group ID Param2: Group name Param3: JSON with active hours information |
updatedActiveLocation |
The user updated the active location for a group |
Param1: Group ID Param2: Group name Param3: JSON with active location information |
SMSTokenIncorrect |
A user introduced an incorrect SMS token |
Param1: Counter with number of times that address inserted incorrect tokens |
pinIncorrect |
A user introduced an incorrect PIN |
Param1: Counter with number of times that address inserted incorrect PIN |
deleteContact |
A user has deleted a contact |
Param1: User name Param2: Contact ID |
verificationAdded |
User has verification an address |
Param1: Verified user address Param2: Verified user name |
verificationDeleted |
User has deleted a verification address |
Param1: Verified user address Param2: Verified user name |
activeDirectorySyncEnabled |
User has enabled Active Directory syncing |
|
activeDirectorySyncDisabled |
User has disabled Active Directory syncing |
|
startedCall |
User has started a call |
Param1: Call type
Param2: Tab address (direct) or channel ID (channel) Param3: User name (direct), or channel name |
callFinishedCallTookPlace |
User finished a call. |
Param1: Time the user has been in the call (ms) |
callFinishedNoOneAnswered |
The user tried to start a call, but no one answered |
|
bucketAddMember |
The user added another user to the drive |
Param1: Address to be added to the bucket Param2: User to be added Param3: Bucket ID Param4: Bucket name |
bucketDeleteMember |
User has removed a member from the drive |
Param1: Address to be added to the bucket Param2: User to be added Param3: Bucket ID Param4: Bucket name |
leftBucket |
User has left a drive |
Param1: Bucket ID Param2: Bucket name |
uploadedNewSecureDriveFile |
User has uploaded a new file to the drive |
Param1: Bucket ID Param2: Bucket name Param3: Item path |
uploadedNewVersionOfAFileThatWasPreviouslyDeleted |
User has uploaded a new version of a file that was previously deleted |
Param1: Bucket ID Param2: Bucket name Param3: Item path |
uploadedNewVersionOfExistingSecureDriveFile |
User has uploaded a new version of an existing file |
Param1: Bucket ID Param2: Bucket name Param3: Item path |
createdBucket |
User has created a drive |
Param1: Bucket ID Param2: Bucket name |
trashedAFolder |
User has trashed a folder in a drive |
Param1: Bucket ID Param2: Bucket name Param3: Item path |
trashedAFile |
User has trashed a file |
Param1: Bucket ID Param2: Bucket name Param3: Item path |
untrashedAFile |
User has untrashed a file |
Param1: Bucket ID Param2: Bucket name Param3: Item path |
restoredAFileVersion |
User has restored a different version of a file in a drive |
Param1: Bucket ID Param2: Bucket name Param3: Item path Param4: Version ID to restore |
updatedFileVersionsCountLimit |
User has updated the file version count limit for a drive |
Param1: Bucket ID Param2: Bucket name Param3: New max count number for file versions |
updatedSecureDriveRetentionPeriod |
User updated the trashed-item retention period for the drive |
Param1: Bucket ID Param2: Bucket name Param3: New value (milliseconds) |
lockedSecureDriveFile |
Locked a file in the drive |
Param1: Bucket ID Param2: Bucket name Param3: Item path |
unlockedSecureDriveFile |
Unlocked a file in the drive |
Param1: Bucket ID Param2: Bucket name Param3: Item path |
savedAFileOrFolderOutsideOfSecureDrive |
User has saved a file or folder outside of the SecureDrive environment. |
Param1: Bucket ID Param2: Bucket name Param3: Normalized path of the file Param4: Path where the selected file was saved |
lockedOutDueToALocationRestriction |
User is locked out of their UI due to a location restriction |
Param1: User location data |
archivedBucket |
User archived a drive |
Param1: Bucket ID Param2: Bucket name |
changedBucketName |
User changed the name of a drive |
Param1: Bucket ID Param2: Previous Bucket name Param3: New Bucket name |