Tracked encryption activity events display under the BYOK filter in Audit.

Event codeEvent message
DSM-071
displays as:
DSM-DAO0071I
Create key pair with key 
DSM-072
displays as:
DSM-DAO0072I
Delete key pair with key 
DSM-239
displays as:
DSM-DAO0239I

Create symmetric key with key

Note: The same key is used for both encryption and decryption.

DSM-240
displays as: 
DSM-DAO0240I  

Delete symmetric key


DSM-267
displays as: 
DSM-DAO0267I 
A user logged in
DSM-405
displays as:
DSM-DAO0405I
Assigned roles to a user in the domain
DSM-406
displays as:
DSM-DAO0406I
Remove user from domain
DSM-425
displays as:
DSM-DAO0425I
Enable user in a domain
DSM-426
displays as: 
DSM-DAO0426I 
Switch the domain
DSM-576
displays as: 
DSM-DAO576I
Update Key
DSM-674
displays as:
DSM-DAO0674I
Create key attribute

The associated object ID for each event is a user ID. This user ID is: 

  • the logged-in user for DSM-267 (A user logged in).
  • the user associated with the key for DSM-239 (Create symmetric key with key), DSM-240 (Delete symmetric key), and DSM-576 (Update key).
  • the user associated with the action for all other events.

If your Anaplan tenant is hosted on Google Cloud Platform (GCP), enhanced audit events display (BYOK, not the DSM prefix). See Enhanced BYOK events.