Expand description
Entity creation analysis command.
⚠️ DEPRECATED: Use entity-analysis creation instead.
# Old (deprecated):
vault-audit entity-creation logs/*.log
# New (recommended):
vault-audit entity-analysis creation logs/*.logSee entity_analysis for the unified command.
Identifies when entities first appear in audit logs, grouped by authentication method and mount path. Supports multi-file analysis for tracking entity creation over time.
§Usage
# Single file analysis
vault-audit entity-creation audit.log
# Multi-day analysis
vault-audit entity-creation logs/*.log --output entity-creation.json
# With entity mappings from entity-list (CSV or JSON)
vault-audit entity-creation logs/*.log --entity-map entities.csv
vault-audit entity-creation logs/*.log --entity-map entities.json§Output
Displays entity creation events grouped by authentication path:
- Entity ID
- Display name
- Mount path (authentication method)
- First seen timestamp
- Creation count by auth method
Use --json to output structured data for further processing.
Structs§
- Entity
Mapping - Entity mapping data structure for JSON output
Functions§
- load_
entity_ mappings - Load entity mappings from either JSON or CSV format
- run