schema.json
1 { 2 "$schema": "http://json-schema.org/draft-07/schema#", 3 "title": "AuditEvent", 4 "description": "Represents a standardized security event for SIEM ingestion.\n\nArgs: * `timestamp` - Unix epoch seconds when the event was recorded. * `actor_did` - The KERI decentralized identifier initiating the action. * `action` - The specific capability or operation attempted. * `status` - The resolution of the event (e.g., \"Success\", \"Denied\"). * `trace_id` - Optional W3C traceparent-compatible trace identifier.\n\nUsage: ```rust use auths_telemetry::build_audit_event; let event = build_audit_event(\"did:keri:abc...\", \"assume_role\", \"Denied\", 0); ```", 5 "type": "object", 6 "required": [ 7 "action", 8 "actor_did", 9 "status", 10 "timestamp" 11 ], 12 "properties": { 13 "action": { 14 "type": "string" 15 }, 16 "actor_did": { 17 "type": "string" 18 }, 19 "status": { 20 "type": "string" 21 }, 22 "timestamp": { 23 "type": "integer", 24 "format": "int64" 25 }, 26 "trace_id": { 27 "type": [ 28 "string", 29 "null" 30 ] 31 } 32 } 33 }