HighSide Event Log Connectors allow for seamless integration with industry leading Compliance management tools like Splunk and SumoLogic. This allows for all events that occur within a HighSide team to be tracked and sent to the external tool of your choice, however we do not currently support exporting messages to these external tools so all messages eDiscovery will have to be done within the HighSide native Compliance Suite. We currently support both Splunk and SumoLogic, however we export via JSON and Syslog so all platforms should be able to handle our logs. Please contact HighSide Support if you use another system and would like to get that set up. Below is a more in depth walkthrough on what the events will look like as they come into your external system and what the parameters mean as they come through


Common structures

All events have the same basic structure.

Message structure



Field

Data Type

Example Value

Description

CompanyID

number

1000

ID corresponding to the Company

IP

IP

192.168.1.1

IP used to connect to the server

Address

User Address

CH-7n…..bD

User address


geoIPData

JSON

Example below

Geolocation Data (only available if compliance bot is turned on)


humanName

string

John Doe

 Name used by that user

messageCode

string

uploadedNewContact

Identifier of the event. Some of them might also bring parameters with further information. We will detail them in the following section

time

number (ms)

1629870149477

Timestamp (in milliseconds) of the generated event

useragent

string

/Highside Desktop Client:6.5.0/Windows:10/

A string that identifies the client the user is using as well as it’s operative system. The format is the following: /<client name>:<client version>/<OS Name>:<OS Version>/



Full example:


Message codes description



Message Code

Description

Params

challengeChkResult1

The user has successfully connected to the server


challengeChkResult19

The user cannot log in because their company’s account is disabled.



challengeChkResult23

The user cannot log in because their account has already been requested to be wiped by the company admin.


challengeChkResult24

The user cannot log in because of an inspecific signup error.



challengeChkResult30

The user cannot log in because someone has guessed their 2FA details too many times (100 times).


challengeChkResult31

The user cannot login because their account is inactive



challengeChkResult32

The user cannot log in because this signup token or secret key is for a compliance bot but they are using a mobile client. Mobile clients don't support the compliance interface.


challengeChkResult33

The user cannot log in because they used a signup token for compliance bot but they have other existing accounts in their client.


challengeChkResult34

The user cannot log in because they used a secret key for a compliance bot but they have other existing accounts in their client.


downloadDone

The user finished downloading a file.

Param1: msgID of the message


updatedCompanyName

The user has updated the company name

Param1: new name for the company

updatedRetentionPeriod

The company retention period has been updated

Param1: new retention period

updateDeleteMessagesEnabled

The user has toggled the delete-messages-enabled setting.

Param1: 1 to enable, 0 to disable

updatedContactHumanName

A user has updated the human name of a contact (self of another in case of admins).

Param1: contactID of the contact.

Param2: contact name before the change

Param3: new contact name


updatedContactAccountStatus

A user has updated a contact account status (self or others). 

Param1: contactID of the contact.

Param2: contact account status before the change

Param3: new contact account status

Param4: contact name


updatedContactGroupID

A user has updated a contact group ID.

Param1: contactID of the contact.

Param2: contact group ID before the change

Param3: new contact group ID

Param4: contact name

uploadedNewContact

The user has uploaded a new contact

Param1: ContactID

Param2: Contact name

reset2FA

2FA setting was reseted for a user

Param1: user address

Param2: user name

userEnabledPin2FA

A user has enabled PIN 2FA for their account


userEnabledPhoneToken2FA

User has enabled SMS-based 2FA for their account


userDisabledPin2FA

User has disabled PIN 2FA for his account.


userDisabledPhoneToken2FA

User has disabled SMS-based  2FA for his account.


wipe

User has marked all devices of a user to be wiped the next time they connect

Param1: User name to be wiped

Param2: User address to be wiped

wipeDevice

User has marked one device to be wiped next time it connects

Param1: Target user name

Param2: Target user address

Param3: ClientID of the device to be deleted

setCompanyLogo

User has changed the team logo


channelAddMember

User has added another user to the channel

Param1: Address of the user that was added

Param2: Name of the user that was added

Param3: Channel ID

Param4: Channel name

channelDeleteMember

User has removed another user from the channel

Param1: Address of the user that was removed

Param2: Name of the user that was removed

Param3: Channel ID

Param4: Channel name

joinChannel

User joined a channel

Param1: Channel ID

Param2: Channel name

leaveChannel

User left a channel

Param1: Channel ID

Param2: Channel name

createChannel

User created a channel

Param1: Channel name

Param2: Channel type

Param3: Channel ID

updatedChannelName

User has updated the name of a channel

Param1: Previous name

Param2: New channel name

Param3: Channel ID

updatedChannelTopic

User has updated the topic of a channel

Param1: Channel name

Param2: New channel topic

Param3: Channel ID


promoteNewChannelOwner

When an owner of a channel si removed from an non-empty channel and a new user is promoted to owner

Param1: Previous owner address

Param2: New owner address

Param3: Channel ID

Param4: Channel name

archivedChannel

The user archived a channel

Param1: Channel ID

Param2: Channel Name

unarchivedChannel

The user has unarchived a channel

Param1: Channel ID

Param2: Channel Name

ruleAdded

A new rule has been added

Param1: Rule action

Param2: Group 1 name

Param3: Group 2 name (optional)

Param4: List of current rules

ruleDeleted

A new rule has been deleted

Param1: Rule action

Param2: Group 1 name

Param3: Group 2 name (optional)

Param4: List of current rules

groupCreated

The user has created a group

Param1: Group name

Param2: Group ID

updatedActiveHours

The user updated the active hours for a group

Param1: Group ID

Param2: Group name

Param3: JSON with active hours information

updatedActiveLocation

The user updated the active location for a group

Param1: Group ID

Param2: Group name

Param3: JSON with active location information

SMSTokenIncorrect

A user introduced an incorrect SMS token

Param1: Counter with number of times that address inserted incorrect tokens

pinIncorrect

A user introduced an incorrect PIN

Param1: Counter with number of times that address inserted incorrect PIN

deleteContact

A user has deleted a contact

Param1: User name

Param2: Contact ID

verificationAdded

User has verification an address

Param1: Verified user address

Param2: Verified user name

verificationDeleted

User has deleted a verification address

Param1: Verified user address

Param2: Verified user name

activeDirectorySyncEnabled

User has enabled Active Directory syncing


activeDirectorySyncDisabled

User has disabled Active Directory syncing


startedCall

User has started a call

Param1: Call type

  1. Direct call

  2. Call in a channel

Param2: Tab address (direct) or channel ID (channel)

Param3: User name (direct), or channel name


callFinishedCallTookPlace

User finished a call.

Param1: Time the user has been in the call (ms)

callFinishedNoOneAnswered

The user tried to start a call, but no one answered


bucketAddMember

The user added another user to the drive

Param1: Address to be added to the bucket

Param2: User to be added

Param3: Bucket ID

Param4: Bucket name

bucketDeleteMember

User has removed a member from the drive

Param1: Address to be added to the bucket

Param2: User to be added

Param3: Bucket ID

Param4: Bucket name

leftBucket

User has left a drive

Param1: Bucket ID

Param2: Bucket name

uploadedNewSecureDriveFile

User has uploaded a new file to the drive

Param1: Bucket ID

Param2: Bucket name

Param3: Item path

uploadedNewVersionOfAFileThatWasPreviouslyDeleted

User has uploaded a new version of a file that was previously deleted

Param1: Bucket ID

Param2: Bucket name

Param3: Item path

uploadedNewVersionOfExistingSecureDriveFile

User has uploaded a new version of an existing file

Param1: Bucket ID

Param2: Bucket name

Param3: Item path

createdBucket

User has created a drive

Param1: Bucket ID

Param2: Bucket name

trashedAFolder

User has trashed a folder in a drive

Param1: Bucket ID

Param2: Bucket name

Param3: Item path

trashedAFile

User has trashed a file

Param1: Bucket ID

Param2: Bucket name

Param3: Item path

untrashedAFile

User has untrashed a file

Param1: Bucket ID

Param2: Bucket name

Param3: Item path

restoredAFileVersion

User has restored a different version of a file in a drive

Param1: Bucket ID

Param2: Bucket name

Param3: Item path

Param4: Version ID to restore

updatedFileVersionsCountLimit

User has updated the file version count limit for a drive

Param1: Bucket ID

Param2: Bucket name

Param3: New max count number for file versions

updatedSecureDriveRetentionPeriod

User updated the trashed-item retention period for the drive

Param1: Bucket ID

Param2: Bucket name

Param3: New value (milliseconds)

lockedSecureDriveFile

Locked a file in the drive

Param1: Bucket ID

Param2: Bucket name

Param3: Item path

unlockedSecureDriveFile

Unlocked a file in the drive

Param1: Bucket ID

Param2: Bucket name

Param3: Item path

savedAFileOrFolderOutsideOfSecureDrive

User has saved a file or folder outside of the SecureDrive environment.

Param1: Bucket ID

Param2: Bucket name

Param3: Normalized path of the file

Param4: Path where the selected file was saved

lockedOutDueToALocationRestriction

User is locked out of their UI due to a location restriction

Param1: User location data

archivedBucket

User archived a drive

Param1: Bucket ID

Param2: Bucket name

changedBucketName

User changed the name of a drive

Param1: Bucket ID

Param2: Previous Bucket name

Param3: New Bucket name