Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Mirror AuditEvent Data to a Data Extension
<script runat="server" language="JavaScript">
Platform.Load("core","1");
var debug = false;
// Mirrors AuditEvent REST Object data into a data extension
// - Audit Event Log must be configured in the account first -- Email Studio > Admin > Security Settings > Enable Audit Trail Data Collection: Yes
// - creates its own data extension
// - docs: https://developer.salesforce.com/docs/marketing/marketing-cloud/guide/getAuditEvents.html
// - defaults to the past 30 days of events
try {
var prox = new Script.Util.WSProxy();
var TargetDECustomerKey = 'AuditEvents';
var TargetDECategoryID = 12345; // target Data Extension CategoryId
var startTime = Now();
var maxMilliseconds = 1500000; // 25 minutes
// API CONFIGURATION
// NOTE: installed package must have permissions to read audit events
var clientId = "YOURCLIENTID";
var clientSecret = "YOURCLIENTSECRET";
var tenant = "YOURTENANT";
var mid = "YOURMID";
var authURL = "https://" + tenant + ".auth.marketingcloudapis.com/v2/token";
var endPoint = "https://" + tenant + ".rest.marketingcloudapis.com/";
// ASSUMPTION: this not take longer than the accessToken's expiration
var accessToken = getAccessToken(clientId, clientSecret, mid, authURL);
if (debug) { Write("<br>accessToken: " + accessToken); }
// CREATE SEND DE
try {
var result=prox.createItem("DataExtension",{"CustomerKey":"AuditEvents","Name":"AuditEvents","CategoryID":323569,"Fields":[
{"CustomerKey":"id","Name":"id","FieldType":"Number","IsPrimaryKey":true,"IsRequired":true},
{"CustomerKey":"createdDate","Name":"createdDate","FieldType":"Date","IsPrimaryKey":false,"IsRequired":false},
{"CustomerKey":"memberId","Name":"memberId","FieldType":"Number","IsPrimaryKey":false,"IsRequired":false},
{"CustomerKey":"enterpriseId","Name":"enterpriseId","FieldType":"Number","IsPrimaryKey":false,"IsRequired":false},
{"CustomerKey":"employee_id","Name":"employee_id","FieldType":"Number","IsPrimaryKey":false,"IsRequired":false},
{"CustomerKey":"employee_employeeName","Name":"employee_employeeName","FieldType":"Text","MaxLength":"100","IsPrimaryKey":false,"IsRequired":false},
{"CustomerKey":"employee_userName","Name":"employee_userName","FieldType":"Text","MaxLength":"100","IsPrimaryKey":false,"IsRequired":false},
{"CustomerKey":"objectType_id","Name":"objectType_id","FieldType":"Number","IsPrimaryKey":false,"IsRequired":false},
{"CustomerKey":"objectType_name","Name":"objectType_name","FieldType":"Text","MaxLength":"100","IsPrimaryKey":false,"IsRequired":false},
{"CustomerKey":"operation_id","Name":"operation_id","FieldType":"Number","IsPrimaryKey":false,"IsRequired":false},
{"CustomerKey":"operation_name","Name":"operation_name","FieldType":"Text","MaxLength":"100","IsPrimaryKey":false,"IsRequired":false},
{"CustomerKey":"object_id","Name":"object_id","FieldType":"Text","MaxLength":"36","IsPrimaryKey":false,"IsRequired":false},
{"CustomerKey":"object_name","Name":"object_name","FieldType":"Text","MaxLength":"100","IsPrimaryKey":false,"IsRequired":false},
{"CustomerKey":"transactionId","Name":"transactionId","FieldType":"Text","MaxLength":"36","IsPrimaryKey":false,"IsRequired":false},
{"CustomerKey":"insertedDate","Name":"insertedDate","FieldType":"Date","IsPrimaryKey":false,"IsRequired":false,"DefaultValue":"getdate()"},
]});
if (debug) {
Write("<br>add AuditEvents DE result:"+ Stringify(result))
}
} catch (e) {
if (debug) { Write("<br>e: " + Stringify(e)); }
}
// GET AUDIT TRAIL VIA REST API
if (accessToken != "") {
var url = endPoint + "data/v1/audit/auditEvents";
var headerNames = ["Authorization"];
var headerValues = ["Bearer " + accessToken];
var contentType = 'application/json';
try {
var auditEvents0 = Platform.Function.HTTPGet(url, false, 0, headerNames, headerValues, status);
var auditEvents = Platform.Function.ParseJSON(auditEvents0);
if (debug) { Write("<br>auditEvents.items.length: " + auditEvents.items.length); }
if (auditEvents.items && auditEvents.items.length > 0) {
var de = DataExtension.Init(TargetDECustomerKey);
var rowsAddedUpdated = 0;
for (i = 0; i < auditEvents.items.length; i++) {
var row = {};
row.id = auditEvents.items[i].id;
row.createdDate = auditEvents.items[i].createdDate;
row.memberId = auditEvents.items[i].memberId;
row.enterpriseId = auditEvents.items[i].enterpriseId;
row.employee_id = auditEvents.items[i].employee.id;
row.employee_employeeName = auditEvents.items[i].employee.employeeName;
row.employee_userName = auditEvents.items[i].employee.userName;
row.objectType_id = auditEvents.items[i].objectType.id;
row.objectType_name = auditEvents.items[i].objectType.name;
row.operation_id = auditEvents.items[i].operation.id;
row.operation_name = auditEvents.items[i].operation.name;
row.object_id = auditEvents.items[i].object.id;
row.object_name = auditEvents.items[i].object.name;
row.transactionId = auditEvents.items[i].transactionId;
try {
rowsAddedUpdated = de.Rows.Add(row);
} catch (e) {
if (debug) { Write("<br>e: " + Stringify(e)); }
try {
rowsAddedUpdated = de.Rows.Update(row, ['id'], [id]);
} catch(e2) {
if (debug) { Write("<br>e2: " + Stringify(e2)); }
}
}
if (debug) { Write("<br>rowsAddedUpdated: " + rowsAddedUpdated); }
}
}
} catch (e) {
if (debug) { Write("<br>REST API e: " + Stringify(e)); }
}
} // end accessToken if-then
function getAccessToken(clientId, clientSecret, mid, authURL) {
var accessToken = "";
if (clientId != "" && clientSecret != "" && mid != "" && authURL !="") {
var payload = {
"grant_type": "client_credentials",
"client_id": clientId,
"client_secret": clientSecret,
"account_id": mid
};
var contentType = "application/json";
var result = HTTP.Post(authURL, contentType, Stringify(payload), null, null);
accessToken = Platform.Function.ParseJSON(result["Response"][0]).access_token;
}
return accessToken
}
} catch (e) {
if (debug) {
Platform.Response.Write("<br><br>e: " + Stringify(e));
}
}
</script>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment