The canonical identifier for this auth session

The name of the person triggering the event

The email address of the person triggering the event

The result of the authentication attempt

Success Fail

The initial auth status of the device attempting authentication.
One of 'all_good', 'will_Block', 'blocked' or 'unknown' if no
device was detected. "

IP address of the request initiating this event. May be IPv4 or IPv6

Version of the Kolide Agent running on the endpoint if known

The name of the country that the session originated from. This
location data is determined via IP address, and is subject to
the limitations of IP geocoding. See
https://www.kolide.com/docs/admins/auth-logs for details
on location accuracy.

City that the session originated from. This location data is
determined via IP address, and is subject to the limitations of
IP geocoding. See https://www.kolide.com/docs/admins/auth-logs
for details on location accuracy.

The common name of the browser used to initiate this session.
See https://www.kolide.com/docs/admins/auth-logs for
details on browser detection accuracy.

The user agent information for the browser used to initiate this
session. See https://www.kolide.com/docs/admins/auth-logs
for details on browser detection accuracy.

an error message describing why the endpoint is unavailable

a succinct error message

A longer-form error message explaining the reason for the response