Skip to main content
pdf?stylesheet=default
Blackboard Help

Standard Security Event Codes

Auditing is a detective security control that supports the ability to identify security incidents, policy violations, fraudulent activity, and operational problems as they occur. Logs today are voluminous, disorganized, difficult to understand, and inconsistent.

Log Locations

See Audit and Accountability

Event Codes

Blackboard adds event codes regularly. Items noted as "<Reserved>" are pre-allocated to an upcoming release.

Event Code Default Severity Definition Comments Available Beginning in Source Log Location
0 0 Login   9.1 SP8 Authentication bb-authentication-log.txt
1 2 Invalid Username   9.1 SP8 Authentication bb-authentication-log.txt 
2 2 Invalid Password   9.1 SP8 Authentication bb-authentication-log.txt 
3 0 Logout   9.1 SP8 Authentication bb-authentication-log.txt 
4 0 Session Expiration   9.1 SP8 Authentication bb-authentication-log.txt 
5 6 Error   9.1 SP8 Authentication bb-authentication-log.txt 
6 0 Info   9.1 SP8 Authentication bb-authentication-log.txt 
7   <Reserved>        
8   <Reserved>        
9   <Reserved>        
10   <Reserved>        
11   <Reserved>        
12   <Reserved>        
13 6 Invalid or Missing Cross-site Request Forgery Nonce Detected   9.1 SP12  Application Sensor bb-security-log.txt
14 6 Invalid URL Redirection Detected   9.1 SP12   Application Sensor bb-security-log.txt
15 8 URL Redirection Whitelist Entry Added   9.1 SP12 Application Sensor  bb-security-log.txt
16 8 URL Redirection Whitelist Entry Deleted    9.1 SP12 Application Sensor  bb-security-log.txt
17 6 Invalid Resource Link in Course Package Course packages should not have invalid resource link tokens unless they are course packages from a different instance. Numerous invalid resource link tokens could indicate a brute force attempt to gain unauthorized access to course files. 9.1 SP12 Application Sensor  bb-security-log.txt
18 0 Input Validation Filter B2 Configuration File Updated   9.1 SP8 Input Validation Filter B2 bb-input-validation-filter-log.txt
19 2 Input Validation Filter B2 Rule Violation Detected and Logged   9.1 SP8 Input Validation Filter B2 bb-input-validation-filter-log.txt
20 6 Input Validation Filter B2 Rule Violation Detected and HTML Escaped    9.1 SP8 Input Validation Filter B2 bb-input-validation-filter-log.txt
21 6 Input Validation Filter B2 Rule Violation Detected and Safe HTML Filtered    9.1 SP8 Input Validation Filter B2 bb-input-validation-filter-log.txt
22 8 Input Validation Filter B2 Rule Violation Detected and Exception Thrown    9.1 SP8 Input Validation Filter B2 bb-input-validation-filter-log.txt
23 10 Security Library OWASP ESAPI B2 Not Available but is called This situation would only occur if the B2 encountered an availability or installation issue. This is a core building block that should always be available. If this situation arose, areas calling this method would be blocked from execution through the NotImplementedException, thus failing secure as part of secure design principles. 9.1 SP12 Security Library - OWASP ESAPI B2 bb-security-log.txt
24 6 Inline Receipt Message Signature Validation Failure Detected and Exception Thrown Indicates improper use of the inline receipt message framework or a malicious attempt at abusing the framework for use in a phishing attack. 9.1 SP12 Inline Receipt Message Framework bb-security-log.txt
25   <Reserved>        
26 6 Invalid Input Detected  Some locations in the Blackboard Learn platform log to this event code in the event input in an unexpected format or type is received.

This may be an indicator of a cross-site scripting attack.
9.1 SP12 Application Sensor  bb-security-log.txt
27   <Reserved>        
28 0 if successful

6 if failure
User Password Migration On-login, user password hash migrated to new scheme successfully results in this event with outcome=success 

On-login, user password hash migration could not occur due to an exception results in this event with outcome=failure 
9.1 SP12 User Password Storage  bb-security-log.txt
29   <Reserved>        
30   <Reserved>        
31   <Reserved>        
32   <Reserved>        
33   <Reserved>        
34   <Reserved>        
35   <Reserved>        
36 0 User Starting an Assessment Violated IP Address Rule Identifies intentional and unintentional violations to the IP Address value or range restrictions set on an Assessment. An assessment that begins with an IP Address value/range restriction only has a severity of "0" 9.1 SP14   bb-security-log.txt
37 2 User Taking or Finishing an Assessment Violated IP Address Rule Identifies intentional and unintentional violations to the IP Address value or range restrictions set on an Assessment. An assessment that may start meeting the IP Address rule but then violates it during or at the completion of an assessment.   9.1 SP14   bb-security-log.txt
38 2 IP Address Rule Overriden for an Assessment Attempt Test Proctors may need to override a given blocked attempt for a particular student if the IP Address/Range was not configured correctly by the Administrator. These exceptions would be logged.  9.1 SP14   bb-security-log.txt
50   <Reserved>        
51   <Reserved>