Skip to main content
pdf?stylesheet=default
Blackboard Help

Standard Security Event Codes

Auditing is a detective security control that supports the ability to identify security incidents, policy violations, fraudulent activity, and operational problems as they occur. Logs today are voluminous, disorganized, difficult to understand, and inconsistent.

Log Locations

See Audit and Accountability

Event Codes

Blackboard adds event codes regularly. Items noted as "<Reserved>" are pre-allocated to an upcoming release.

Event Code Default Severity Definition Comments Available Beginning in Source Log Location
0 0 Login   9.1 SP8 Authentication bb-authentication-log.txt
1 2 Invalid Username   9.1 SP8  Authentication bb-authentication-log.txt 
2 2 Invalid Password   9.1 SP8  Authentication bb-authentication-log.txt 
3 0 Logout   9.1 SP8  Authentication bb-authentication-log.txt 
4 0 Session Expiration   9.1 SP8  Authentication bb-authentication-log.txt 
5 6 Error   9.1 SP8  Authentication bb-authentication-log.txt 
6 0 Info   9.1 SP8  Authentication bb-authentication-log.txt
7   <Reserved>        
8   <Reserved>        
9   <Reserved>        
10   <Reserved>        
11   <Reserved>        
12   <Reserved>        
13 6 Invalid or Missing Cross-site Request Forgery Nonce Detected   9.1 SP12  Application Sensor bb-security-validation-log.txt1
14 6 Invalid URL Redirection Detected   9.1 SP12   Application Sensor bb-security-validation-log.txt1
15 8 URL Redirection Whitelist Entry Added   9.1 SP12  Application Sensor  bb-security-validation-log.txt1
16 8 URL Redirection Whitelist Entry Deleted    9.1 SP12  Application Sensor  bb-security-validation-log.txt1
17 6 Invalid Resource Link in Course Package Course packages should not have invalid resource link tokens unless they are course packages from a different instance.

Numerous invalid resource link tokens could indicate a brute force attempt to gain unauthorized access to course files.
9.1 SP12 Application Sensor bb-security-validation-log.txt1
18 0 Input Validation Filter B2 Configuration File Updated   9.1 SP8 Input Validation Filter B2 bb-input-validation-filter-log.txt1
19 2 Input Validation Filter B2 Rule Violation Detected and Logged   9.1 SP8  Input Validation Filter B2  bb-input-validation-filter-log.txt1
20 6 Input Validation Filter B2 Rule Violation Detected and HTML Escaped    9.1 SP8  Input Validation Filter B2  bb-input-validation-filter-log.txt1
21 6 Input Validation Filter B2 Rule Violation Detected and Safe HTML Filtered    9.1 SP8  Input Validation Filter B2  bb-input-validation-filter-log.txt1
22 8 Input Validation Filter B2 Rule Violation Detected and Exception Thrown    9.1 SP8  Input Validation Filter B2  bb-input-validation-filter-log.txt1
23 10 Security Library OWASP ESAPI B2 Not Available but is called This situation would only occur if the Building Block encountered an availability or installation issue. This is a core building block that should always be available. If this situation arose, areas calling this method would be blocked from execution through the NotImplementedException, thus failing secure as part of secure design principles. 9.1 SP12 Security Library - OWASP ESAPI B2 bb-security-validation-log.txt1
24 6 Inline Receipt Message Signature Validation Failure Detected and Exception Thrown Indicates improper use of the inline receipt message framework or a malicious attempt at abusing the framework for use in a phishing attack. 9.1 SP12  Inline Receipt Message Framework bb-security-validation-log.txt1
25   <Reserved>        
26 6 Invalid Input Detected  Some locations in the Blackboard Learn platform log to this event code in the event input in an unexpected format or type is received.

This may be an indicator of a cross-site scripting attack.
9.1 SP12 Application Sensor bb-security-validation-log.txt1
27   <Reserved>        
28 0 if successful

6 if failure
User Password Migration On-login, user password hash migrated to new scheme successfully results in this event with outcome=success

On-login, user password hash migration could not occur due to an exception results in this event with outcome=failure
9.1 SP12 User Password Storage bb-security-authentication-log.txt2
29   <Reserved>        
30   <Reserved>        
31   <Reserved>        
32   <Reserved>        
33   <Reserved>        
34   <Reserved>        
35   <Reserved>        

Footnotes

  1. security-validation-log.txt will be renamed to security-log.txt beginning in Release 9.1, Service Pack 13
  2. Event Code 28 will be migrated from security-authentication-log.txt to security-log.txt in an upcoming release.