Hi forum,
I am trying to setup an alert/rule with audit data from Confluent Cloud.
When I invite a user into the organization the following among others are generated and visible in Kibana under discover.
{
"_index": "kafka-audit-2022.04.20",
"_type": "_doc",
"_id": "fEGMSIABmHV0cT-yE9ot",
"_version": 1,
"_score": 1,
"_source": {
"source": "crn://confluent.cloud/",
"type": "io.confluent.cloud/request",
"specversion": "1.0",
"data": {
"result": {
"status": "SUCCESS",
"data": {
"api_version": "v2",
"send_invitation": true,
"kind": "UserInvitation",
"user": {
"api_version": "v2",
"email": "ext.frede.hansen@dummymail.vombat",
"id": "u-xqp96k",
"kind": "User"
},
"metadata": {
"self": "",
"resource_name": "crn://confluent.cloud/organization=63063aee-791f-4a10-881d-8c98506df535/user-invitation=i-8wjn5"
}
}
},
"request": {
"accessType": "MODIFICATION",
"data": {
"api_version": "v2",
"send_invitation": true,
"kind": "UserInvitation",
"user": {
"api_version": "v2",
"email": "ext.frede.hansen@dummymail.vombat",
"kind": "User"
},
"metadata": {
"self": "",
"resource_name": "crn://confluent.cloud/organization=63063aee-791f-4a10-881d-8c98506df535/user-invitation=*"
}
}
},
"requestMetadata": {
"requestId": [
"c81157aa5b6e446333af97384334bdba"
],
"clientAddress": [
{
"ip": "193.162.26.14"
}
]
},
"temp": {
"email": "xxx.yyy@zzz.com",
"confluentUser": {
"resourceId": "u-mvy32w"
}
},
"cloudResources": [
{
"scope": {
"resources": [
{
"resourceId": "63063aee-791f-4a10-881d-8c98506df535",
"type": "ORGANIZATION"
}
]
},
"resource": {
"resourceId": "i-8wjn5",
"type": "USER_INVITATION"
}
}
],
"resourceName": "crn://confluent.cloud/organization=63063aee-791f-4a10-881d-8c98506df535/user-invitation=i-8wjn5",
"serviceName": "crn://confluent.cloud/",
"methodName": "InviteUser",
"authenticationInfo": {
"result": "SUCCESS"
}
},
"time": "2022-04-20T19:56:20.775Z",
"subject": "crn://confluent.cloud/organization=63063aee-791f-4a10-881d-8c98506df535/user-invitation=i-8wjn5",
"datacontenttype": "application/json",
"id": "24ca7045-f5e9-4904-83ab-6b9e2639715c",
"@version": "1",
"@timestamp": "2022-04-20T19:56:21.061Z"
},
"fields": {
"data.requestMetadata.requestId": [
"c81157aa5b6e446333af97384334bdba"
],
"data.temp.email.keyword": [
"xxx.yyy@zzz.com"
],
"datacontenttype": [
"application/json"
],
"data.request.data.metadata.self.keyword": [
""
],
"subject": [
"crn://confluent.cloud/organization=63063aee-791f-4a10-881d-8c98506df535/user-invitation=i-8wjn5"
],
"data.result.data.metadata.self": [
""
],
"data.result.data.kind": [
"UserInvitation"
],
"source": [
"crn://confluent.cloud/"
],
"type": [
"io.confluent.cloud/request"
],
"datacontenttype.keyword": [
"application/json"
],
"data.result.data.metadata.resource_name.keyword": [
"crn://confluent.cloud/organization=63063aee-791f-4a10-881d-8c98506df535/user-invitation=i-8wjn5"
],
"data.request.data.user.email.keyword": [
"ext.frede.hansen@dummymail.vombat"
],
"data.request.accessType": [
"MODIFICATION"
],
"subject.keyword": [
"crn://confluent.cloud/organization=63063aee-791f-4a10-881d-8c98506df535/user-invitation=i-8wjn5"
],
"type.keyword": [
"io.confluent.cloud/request"
],
"data.cloudResources.scope.resources.type": [
"ORGANIZATION"
],
"data.cloudResources.resource.type": [
"USER_INVITATION"
],
"id": [
"24ca7045-f5e9-4904-83ab-6b9e2639715c"
],
"data.request.data.send_invitation": [
true
],
"data.result.status": [
"SUCCESS"
],
"data.cloudResources.scope.resources.resourceId.keyword": [
"63063aee-791f-4a10-881d-8c98506df535"
],
"data.request.data.metadata.resource_name.keyword": [
"crn://confluent.cloud/organization=63063aee-791f-4a10-881d-8c98506df535/user-invitation=*"
],
"data.result.data.user.kind.keyword": [
"User"
],
"data.result.data.metadata.resource_name": [
"crn://confluent.cloud/organization=63063aee-791f-4a10-881d-8c98506df535/user-invitation=i-8wjn5"
],
"data.resourceName.keyword": [
"crn://confluent.cloud/organization=63063aee-791f-4a10-881d-8c98506df535/user-invitation=i-8wjn5"
],
"data.serviceName": [
"crn://confluent.cloud/"
],
"@version.keyword": [
"1"
],
"data.result.data.user.id.keyword": [
"u-xqp96k"
],
"data.cloudResources.resource.type.keyword": [
"USER_INVITATION"
],
"data.requestMetadata.requestId.keyword": [
"c81157aa5b6e446333af97384334bdba"
],
"data.temp.confluentUser.resourceId.keyword": [
"u-mvy32w"
],
"data.methodName.keyword": [
"InviteUser"
],
"data.request.data.user.kind": [
"User"
],
"data.request.data.metadata.self": [
""
],
"data.request.data.api_version.keyword": [
"v2"
],
"specversion.keyword": [
"1.0"
],
"data.result.data.user.api_version": [
"v2"
],
"data.result.data.user.id": [
"u-xqp96k"
],
"data.methodName": [
"InviteUser"
],
"data.result.data.user.api_version.keyword": [
"v2"
],
"data.request.data.kind.keyword": [
"UserInvitation"
],
"data.authenticationInfo.result.keyword": [
"SUCCESS"
],
"data.requestMetadata.clientAddress.ip": [
"193.162.26.14"
],
"data.authenticationInfo.result": [
"SUCCESS"
],
"data.resourceName": [
"crn://confluent.cloud/organization=63063aee-791f-4a10-881d-8c98506df535/user-invitation=i-8wjn5"
],
"data.temp.confluentUser.resourceId": [
"u-mvy32w"
],
"id.keyword": [
"24ca7045-f5e9-4904-83ab-6b9e2639715c"
],
"data.request.data.user.api_version.keyword": [
"v2"
],
"@version": [
"1"
],
"specversion": [
"1.0"
],
"data.result.status.keyword": [
"SUCCESS"
],
"data.request.data.api_version": [
"v2"
],
"data.request.data.kind": [
"UserInvitation"
],
"data.requestMetadata.clientAddress.ip.keyword": [
"193.162.26.14"
],
"source.keyword": [
"crn://confluent.cloud/"
],
"data.result.data.api_version": [
"v2"
],
"data.cloudResources.resource.resourceId.keyword": [
"i-8wjn5"
],
"data.temp.email": [
"xxx.yyy@zzz.com"
],
"data.request.data.user.kind.keyword": [
"User"
],
"data.result.data.metadata.self.keyword": [
""
],
"data.result.data.user.email.keyword": [
"ext.frede.hansen@dummymail.vombat"
],
"data.request.data.metadata.resource_name": [
"crn://confluent.cloud/organization=63063aee-791f-4a10-881d-8c98506df535/user-invitation=*"
],
"data.request.data.user.api_version": [
"v2"
],
"data.result.data.send_invitation": [
true
],
"data.request.accessType.keyword": [
"MODIFICATION"
],
"@timestamp": [
"2022-04-20T19:56:21.061Z"
],
"data.cloudResources.scope.resources.resourceId": [
"63063aee-791f-4a10-881d-8c98506df535"
],
"data.serviceName.keyword": [
"crn://confluent.cloud/"
],
"data.request.data.user.email": [
"ext.frede.hansen@dummymail.vombat"
],
"data.result.data.user.email": [
"ext.frede.hansen@dummymail.vombat"
],
"data.result.data.kind.keyword": [
"UserInvitation"
],
"time": [
"2022-04-20T19:56:20.775Z"
],
"data.result.data.user.kind": [
"User"
],
"data.result.data.api_version.keyword": [
"v2"
],
"data.cloudResources.scope.resources.type.keyword": [
"ORGANIZATION"
],
"data.cloudResources.resource.resourceId": [
"i-8wjn5"
]
}
}
{
"_index": "kafka-audit-2022.04.20",
"_type": "_doc",
"_id": "fUGMSIABmHV0cT-yE9rO",
"_version": 1,
"_score": 1,
"_source": {
"source": "crn://confluent.cloud/",
"type": "io.confluent.cloud/request",
"specversion": "1.0",
"data": {
"result": {
"status": "SUCCESS",
"data": {
"email": "ext.frede.hansen@dummymail.vombat",
"api_version": "iam/v2",
"kind": "User",
"metadata": {
"updated_at": "2022-04-20T19:56:20.543205Z",
"self": "https://api.confluent.cloud/iam/v2/users/u-xqp96k",
"created_at": "2022-04-20T19:56:20.543205Z",
"resource_name": "crn://confluent.cloud/user=u-xqp96k"
},
"full_name": "",
"id": "u-xqp96k"
}
},
"request": {
"accessType": "MODIFICATION",
"data": {
"api_version": "iam/v2",
"email": "ext.frede.hansen@dummymail.vombat",
"full_name": "",
"kind": "User"
}
},
"requestMetadata": {
"requestId": [
"c81157aa5b6e446333af97384334bdba"
]
},
"temp": {
"confluentUser": {
"resourceId": "u-mvy32w"
}
},
"cloudResources": [
{
"scope": {
"resources": [
{
"resourceId": "63063aee-791f-4a10-881d-8c98506df535",
"type": "ORGANIZATION"
}
]
},
"resource": {
"resourceId": "u-xqp96k",
"type": "USER"
}
}
],
"resourceName": "crn://confluent.cloud/organization=63063aee-791f-4a10-881d-8c98506df535/user=u-xqp96k",
"serviceName": "crn://confluent.cloud/",
"methodName": "CreateUser",
"authenticationInfo": {
"result": "SUCCESS"
}
},
"time": "2022-04-20T19:56:20.568Z",
"subject": "crn://confluent.cloud/organization=63063aee-791f-4a10-881d-8c98506df535/user=u-xqp96k",
"datacontenttype": "application/json",
"id": "a4dbb0f9-eeed-4914-912d-c85f63c08e5b",
"@version": "1",
"@timestamp": "2022-04-20T19:56:21.223Z"
},
"fields": {
"data.requestMetadata.requestId": [
"c81157aa5b6e446333af97384334bdba"
],
"datacontenttype": [
"application/json"
],
"data.result.data.metadata.updated_at": [
"2022-04-20T19:56:20.543Z"
],
"data.result.data.full_name.keyword": [
""
],
"subject": [
"crn://confluent.cloud/organization=63063aee-791f-4a10-881d-8c98506df535/user=u-xqp96k"
],
"data.result.data.metadata.self": [
"https://api.confluent.cloud/iam/v2/users/u-xqp96k"
],
"data.result.data.metadata.created_at": [
"2022-04-20T19:56:20.543Z"
],
"data.result.data.kind": [
"User"
],
"data.result.data.email.keyword": [
"ext.frede.hansen@dummymail.vombat"
],
"source": [
"crn://confluent.cloud/"
],
"type": [
"io.confluent.cloud/request"
],
"datacontenttype.keyword": [
"application/json"
],
"data.result.data.metadata.resource_name.keyword": [
"crn://confluent.cloud/user=u-xqp96k"
],
"data.result.data.id": [
"u-xqp96k"
],
"data.request.data.email.keyword": [
"ext.frede.hansen@dummymail.vombat"
],
"data.request.accessType": [
"MODIFICATION"
],
"subject.keyword": [
"crn://confluent.cloud/organization=63063aee-791f-4a10-881d-8c98506df535/user=u-xqp96k"
],
"type.keyword": [
"io.confluent.cloud/request"
],
"data.cloudResources.scope.resources.type": [
"ORGANIZATION"
],
"data.result.data.full_name": [
""
],
"data.cloudResources.resource.type": [
"USER"
],
"data.request.data.full_name.keyword": [
""
],
"id": [
"a4dbb0f9-eeed-4914-912d-c85f63c08e5b"
],
"data.result.status": [
"SUCCESS"
],
"data.cloudResources.scope.resources.resourceId.keyword": [
"63063aee-791f-4a10-881d-8c98506df535"
],
"data.result.data.metadata.resource_name": [
"crn://confluent.cloud/user=u-xqp96k"
],
"data.resourceName.keyword": [
"crn://confluent.cloud/organization=63063aee-791f-4a10-881d-8c98506df535/user=u-xqp96k"
],
"data.serviceName": [
"crn://confluent.cloud/"
],
"@version.keyword": [
"1"
],
"data.cloudResources.resource.type.keyword": [
"USER"
],
"data.requestMetadata.requestId.keyword": [
"c81157aa5b6e446333af97384334bdba"
],
"data.result.data.id.keyword": [
"u-xqp96k"
],
"data.temp.confluentUser.resourceId.keyword": [
"u-mvy32w"
],
"data.methodName.keyword": [
"CreateUser"
],
"data.request.data.api_version.keyword": [
"iam/v2"
],
"specversion.keyword": [
"1.0"
],
"data.methodName": [
"CreateUser"
],
"data.request.data.kind.keyword": [
"User"
],
"data.authenticationInfo.result.keyword": [
"SUCCESS"
],
"data.authenticationInfo.result": [
"SUCCESS"
],
"data.resourceName": [
"crn://confluent.cloud/organization=63063aee-791f-4a10-881d-8c98506df535/user=u-xqp96k"
],
"data.temp.confluentUser.resourceId": [
"u-mvy32w"
],
"data.request.data.email": [
"ext.frede.hansen@dummymail.vombat"
],
"id.keyword": [
"a4dbb0f9-eeed-4914-912d-c85f63c08e5b"
],
"@version": [
"1"
],
"specversion": [
"1.0"
],
"data.result.status.keyword": [
"SUCCESS"
],
"data.request.data.full_name": [
""
],
"data.request.data.api_version": [
"iam/v2"
],
"data.request.data.kind": [
"User"
],
"source.keyword": [
"crn://confluent.cloud/"
],
"data.result.data.api_version": [
"iam/v2"
],
"data.cloudResources.resource.resourceId.keyword": [
"u-xqp96k"
],
"data.result.data.metadata.self.keyword": [
"https://api.confluent.cloud/iam/v2/users/u-xqp96k"
],
"data.result.data.email": [
"ext.frede.hansen@dummymail.vombat"
],
"data.request.accessType.keyword": [
"MODIFICATION"
],
"@timestamp": [
"2022-04-20T19:56:21.223Z"
],
"data.cloudResources.scope.resources.resourceId": [
"63063aee-791f-4a10-881d-8c98506df535"
],
"data.serviceName.keyword": [
"crn://confluent.cloud/"
],
"data.result.data.kind.keyword": [
"User"
],
"time": [
"2022-04-20T19:56:20.568Z"
],
"data.result.data.api_version.keyword": [
"iam/v2"
],
"data.cloudResources.scope.resources.type.keyword": [
"ORGANIZATION"
],
"data.cloudResources.resource.resourceId": [
"u-xqp96k"
]
}
}
{
"_index": "kafka-audit-2022.04.20",
"_type": "_doc",
"_id": "LY-MSIABnd8NfSpePGk9",
"_version": 1,
"_score": 1,
"_source": {
"source": "crn://confluent.cloud/",
"type": "io.confluent.kafka.server/authorization",
"specversion": "1.0",
"data": {
"request": {
"correlation_id": "-1"
},
"requestMetadata": {},
"resourceName": "crn://confluent.cloud/organization=63063aee-791f-4a10-881d-8c98506df535/user=u-xqp96k",
"serviceName": "crn://confluent.cloud/",
"authorizationInfo": {
"operation": "Describe",
"patternType": "LITERAL",
"rbacAuthorization": {
"role": "OrganizationAdmin",
"scope": {
"outerScope": [
"organization=63063aee-791f-4a10-881d-8c98506df535"
]
}
},
"granted": true,
"resourceType": "User",
"resourceName": "u-xqp96k"
},
"methodName": "mds.Authorize",
"authenticationInfo": {
"principal": "User:u-mvy32w"
}
},
"time": "2022-04-20T19:56:30.418Z",
"subject": "crn://confluent.cloud/organization=63063aee-791f-4a10-881d-8c98506df535/user=u-xqp96k",
"datacontenttype": "application/json",
"id": "cbfe15bb-9af9-4186-b77f-53d5247abde3",
"@version": "1",
"@timestamp": "2022-04-20T19:56:31.574Z"
},
"fields": {
"datacontenttype": [
"application/json"
],
"data.request.correlation_id": [
"-1"
],
"subject": [
"crn://confluent.cloud/organization=63063aee-791f-4a10-881d-8c98506df535/user=u-xqp96k"
],
"data.authenticationInfo.principal": [
"User:u-mvy32w"
],
"data.request.correlation_id.keyword": [
"-1"
],
"data.authorizationInfo.rbacAuthorization.role": [
"OrganizationAdmin"
],
"data.resourceName": [
"crn://confluent.cloud/organization=63063aee-791f-4a10-881d-8c98506df535/user=u-xqp96k"
],
"data.authorizationInfo.operation.keyword": [
"Describe"
],
"source": [
"crn://confluent.cloud/"
],
"type": [
"io.confluent.kafka.server/authorization"
],
"datacontenttype.keyword": [
"application/json"
],
"data.authorizationInfo.rbacAuthorization.scope.outerScope": [
"organization=63063aee-791f-4a10-881d-8c98506df535"
],
"data.authorizationInfo.patternType": [
"LITERAL"
],
"data.authorizationInfo.granted": [
true
],
"id.keyword": [
"cbfe15bb-9af9-4186-b77f-53d5247abde3"
],
"subject.keyword": [
"crn://confluent.cloud/organization=63063aee-791f-4a10-881d-8c98506df535/user=u-xqp96k"
],
"type.keyword": [
"io.confluent.kafka.server/authorization"
],
"@version": [
"1"
],
"data.authorizationInfo.rbacAuthorization.scope.outerScope.keyword": [
"organization=63063aee-791f-4a10-881d-8c98506df535"
],
"specversion": [
"1.0"
],
"id": [
"cbfe15bb-9af9-4186-b77f-53d5247abde3"
],
"data.authorizationInfo.resourceType": [
"User"
],
"source.keyword": [
"crn://confluent.cloud/"
],
"data.authorizationInfo.resourceName.keyword": [
"u-xqp96k"
],
"data.resourceName.keyword": [
"crn://confluent.cloud/organization=63063aee-791f-4a10-881d-8c98506df535/user=u-xqp96k"
],
"data.serviceName": [
"crn://confluent.cloud/"
],
"data.authorizationInfo.rbacAuthorization.role.keyword": [
"OrganizationAdmin"
],
"@version.keyword": [
"1"
],
"data.authorizationInfo.resourceName": [
"u-xqp96k"
],
"data.authenticationInfo.principal.keyword": [
"User:u-mvy32w"
],
"data.methodName.keyword": [
"mds.Authorize"
],
"@timestamp": [
"2022-04-20T19:56:31.574Z"
],
"specversion.keyword": [
"1.0"
],
"data.authorizationInfo.resourceType.keyword": [
"User"
],
"data.authorizationInfo.patternType.keyword": [
"LITERAL"
],
"data.serviceName.keyword": [
"crn://confluent.cloud/"
],
"data.methodName": [
"mds.Authorize"
],
"time": [
"2022-04-20T19:56:30.418Z"
],
"data.authorizationInfo.operation": [
"Describe"
]
}
}
{
"_index": "kafka-audit-2022.04.20",
"_type": "_doc",
"_id": "KUGMSIABmHV0cT-yINw1",
"_version": 1,
"_score": 1,
"_source": {
"source": "crn://confluent.cloud/",
"type": "io.confluent.kafka.server/authorization",
"specversion": "1.0",
"data": {
"request": {
"correlation_id": "-1"
},
"requestMetadata": {
"request_id": "11b097893837c4cb393b7b29dc62b655"
},
"resourceName": "crn://confluent.cloud/organization=63063aee-791f-4a10-881d-8c98506df535/user=u-xqp96k",
"serviceName": "crn://confluent.cloud/",
"authorizationInfo": {
"operation": "Describe",
"patternType": "LITERAL",
"rbacAuthorization": {
"role": "OrganizationAdmin",
"scope": {
"outerScope": [
"organization=63063aee-791f-4a10-881d-8c98506df535"
]
}
},
"granted": true,
"resourceType": "User",
"resourceName": "u-xqp96k"
},
"methodName": "mds.Authorize",
"authenticationInfo": {
"principal": "User:u-mvy32w"
}
},
"time": "2022-04-20T19:56:22.667Z",
"subject": "crn://confluent.cloud/organization=63063aee-791f-4a10-881d-8c98506df535/user=u-xqp96k",
"datacontenttype": "application/json",
"id": "12037025-886b-4013-8274-f4860662fb4d",
"@version": "1",
"@timestamp": "2022-04-20T19:56:24.393Z"
},
"fields": {
"datacontenttype": [
"application/json"
],
"data.request.correlation_id": [
"-1"
],
"data.requestMetadata.request_id": [
"11b097893837c4cb393b7b29dc62b655"
],
"subject": [
"crn://confluent.cloud/organization=63063aee-791f-4a10-881d-8c98506df535/user=u-xqp96k"
],
"data.authenticationInfo.principal": [
"User:u-mvy32w"
],
"data.request.correlation_id.keyword": [
"-1"
],
"data.authorizationInfo.rbacAuthorization.role": [
"OrganizationAdmin"
],
"data.resourceName": [
"crn://confluent.cloud/organization=63063aee-791f-4a10-881d-8c98506df535/user=u-xqp96k"
],
"data.authorizationInfo.operation.keyword": [
"Describe"
],
"source": [
"crn://confluent.cloud/"
],
"type": [
"io.confluent.kafka.server/authorization"
],
"datacontenttype.keyword": [
"application/json"
],
"data.authorizationInfo.rbacAuthorization.scope.outerScope": [
"organization=63063aee-791f-4a10-881d-8c98506df535"
],
"data.requestMetadata.request_id.keyword": [
"11b097893837c4cb393b7b29dc62b655"
],
"data.authorizationInfo.patternType": [
"LITERAL"
],
"data.authorizationInfo.granted": [
true
],
"id.keyword": [
"12037025-886b-4013-8274-f4860662fb4d"
],
"subject.keyword": [
"crn://confluent.cloud/organization=63063aee-791f-4a10-881d-8c98506df535/user=u-xqp96k"
],
"type.keyword": [
"io.confluent.kafka.server/authorization"
],
"@version": [
"1"
],
"data.authorizationInfo.rbacAuthorization.scope.outerScope.keyword": [
"organization=63063aee-791f-4a10-881d-8c98506df535"
],
"specversion": [
"1.0"
],
"id": [
"12037025-886b-4013-8274-f4860662fb4d"
],
"data.authorizationInfo.resourceType": [
"User"
],
"source.keyword": [
"crn://confluent.cloud/"
],
"data.authorizationInfo.resourceName.keyword": [
"u-xqp96k"
],
"data.resourceName.keyword": [
"crn://confluent.cloud/organization=63063aee-791f-4a10-881d-8c98506df535/user=u-xqp96k"
],
"data.serviceName": [
"crn://confluent.cloud/"
],
"data.authorizationInfo.rbacAuthorization.role.keyword": [
"OrganizationAdmin"
],
"@version.keyword": [
"1"
],
"data.authorizationInfo.resourceName": [
"u-xqp96k"
],
"data.authenticationInfo.principal.keyword": [
"User:u-mvy32w"
],
"data.methodName.keyword": [
"mds.Authorize"
],
"@timestamp": [
"2022-04-20T19:56:24.393Z"
],
"specversion.keyword": [
"1.0"
],
"data.authorizationInfo.resourceType.keyword": [
"User"
],
"data.authorizationInfo.patternType.keyword": [
"LITERAL"
],
"data.serviceName.keyword": [
"crn://confluent.cloud/"
],
"data.methodName": [
"mds.Authorize"
],
"time": [
"2022-04-20T19:56:22.667Z"
],
"data.authorizationInfo.operation": [
"Describe"
]
}
}
Sorry about the super long and not very readable json, but i could not figure out how to copy clipboard with the table layout.
Right,
If i create a rule in the Rules and Connectors section i can get alerted when for example the field
data.methodName: "InviteUser" exits with given thresholds.
But i can for the life of me not figure out how to create a rule that also checks on what rbac role is assigned.
In the above JSON the dummy user I invited has the role of OrganizationAdmin, that and other roles would be nice to include in the alert.
Can someone here perhaps poke me in the right direction on how i could construct such a rule.
And as added bonus, it would also be nice with some pointers on how to actually display the actual event with username/emailaddress and such in the mail sent when the rule fires.
Thanks in advance.
Best regards
Oelsner