When I access an Organization Control Hub and check Troubleshooting > Admin Activities, the records related to API requests are logged this way:
"Webex updated services from  to [, Advanced Space Meetings, 219227e-806.webex.com - WebEx Meeting Center] for user email@example.com via Webex for Broadworks Provisioning API".
As you can see, the referenced user is "Webex". These records don't show the account that send the API request, from Developers site or using an Integration app. This is a problem for tracking an attack.
Could it be possible that the referenced user be the account that sends the API request?
Thank you very much. Best regards,