• Add to shared folder
• Created LastPass account
• Created shared folder
• Data export
• Data import
• Data printed
• Delete shared folder
• Deleted sites
• Disabled Google Authenticator
• Disabled Grid
• Disabled Microsoft Authenticated
• Disabled Multifactor Authentication
• Disabled Toopher
• Disabled YubiKey
• Edit secure note
• Failed login attempt
• Form filled
• History cleared
• Iterations changed
• Log in
• Login verification email sent
• master password changed
• master password reverted
• Move from shared folder
• Move to shared folder
• Multifactor enabled
• Open secure note
• Password changed
• Permanently deleted shared folder
• Renamed shared folder
• Restored shared folder
• SAML login
• Site added
• Site deleted
• Username changed

By default, reporting events for individual sites password entries will only show the site’s domain (e.g. https://login.salesforce.com will only show as salesforce.com). When reporting events for a secure note, the log will only show “Secure Note”. By default, additional details such as the username are never sent to LastPass in an unencrypted format.

However, if your company needs additional levels of detail, the following policies can be enabled under Policies > General policies:

• Log Full URL in reporting will show the entire URL in reports
• Log item name in reporting will show the name of the item
• Log username in reporting will show the username listed for the item
• If the item is in a shared folder, reporting will indicate which shared folder it is located in by adding "from Shared Folder."