You can use the following resources with audit operations.
Represents a record of an operation performed by a partner user or application.
A GUID-formatted string that identifies the customer.
The customer name.
The user principal name or user identifier. Typically, this property is an Internet-style login name for a user in an email address format based on Internet standard RFC 822.
A string that identifies the application that performed the operation.
The type of resource acted upon by the operation. Possible values: customer, customer_user, order, subscription, license, third_party_add_on, mpn_association, transfer, application, application_credential, partner_user, partner_relationship, partner_customer_dap.
The date and time when the operation was performed.
The status of the operation being audited. Possible values: succeeded, failed, or progress, which means the operation is still in progress.
array of objects
Additional information. Each object contains two JSON key-value pairs: the first is key and a string value, the second is value and a string value. The number of objects in the array depends on the type of operation that was performed.