Lists a page of audit events (SIEM)
POST/api/web/v2/reports/auditeventspaged/siem
Returns audit events for the provided search parameters in ascending order always. Caller requires the REPORTS:VIEW permission.The following searchByAttributes are supported:
- startTime: a mandatory String value representing an ISO-8601 date in UTC time (e.g., 2018-08-04T18:15:30). Allowed operators are: GREATER_THAN_OR_EQUAL.
- endTime: a String value representing an ISO-8601 date in UTC time (e.g., 2018-08-31T18:15:30). Allowed operators are: LESS_THAN_OR_EQUAL.
- outcome: SUCCESS or FAIL. Allowed operator: EQUALS.
- category: AUTHENTICATION or MANAGEMENT. Allowed operator: EQUALS.
The orderByAttribute is not used even if provided. Results are returned in ascending order always (oldest to newest event)
Request
- application/json
Body
required
Array [
]
Users search only: additional, non-core attributes to include in the returned object. Attribute names are specific to the returned object.
Identifies the page to return when paging over a result set--if present, search by / order by attributes are ignored.
Possible values: >= 1
and <= 100
Identifies the maximum number of items to include in a page (1-100).
orderByAttribute
object
An attribute used to sort the result from a search.
Identifies whether to order results in ascending order.
Identifies the attribute.
searchByAttributes
object[]
Identifies attributes for searching purposes. Some end-points have pre-defined values and ignore this attribute.
Identifies the attribute we are searching for.
Possible values: [EQUALS
, NOT_EQUALS
, CONTAINS
, NOT_CONTAINS
, STARTS_WITH
, ENDS_WITH
, GREATER_THAN
, GREATER_THAN_OR_EQUAL
, LESS_THAN
, LESS_THAN_OR_EQUAL
, IN
, EXISTS
, NOT_EXISTS
]
Identifies the operator.
Identifies the value of the attribute we are searching for.
Responses
- 200
- 400
- 401
- 403
- 404
- 409
Successful
- application/json
- Schema
- Example (from schema)
Schema
Array [
Array [
]
Array [
]
]
paging
object
Contains navigation information.
Possible values: >= 1
and <= 100
The page limit used (1-100)
The cursor pointing to the next page.
The cursor pointing to the previous page.
results
object[]
required
A single page from the list of audit events found.
The UUID of the account containing this audit event.
auditDetails
object
Additional audit details that may be included with an audit event.
entityAttributes
object[]
A list of attributes when an entity is added or removed.
The name of the attribute.
The value of the attribute.
List of tokens referencing event attributes that can be used in the audit message.
modifiedEntityAttributes
object[]
A list of attributes when an entity is modified.
The name of the attribute.
The new value of the attribute.
The old value of the attribute.
For a management event, the action that was performed.
For a management event, the UUID of the entity that was acted upon.
For a management event, the name of the entity that was acted upon.
For a management event, the entity type that was acted upon.
Possible values: [AUTHENTICATION
, MANAGEMENT
, ISSUANCE
]
The category of the event. Values are AUTHENTICATION or MANAGEMENT.
Possible values: [SUCCESS
, FAIL
]
The outcome of the event. Values are success or fail.
The time of this event.
The type of the event.
Version information for future use.
The UUID of this audit event.
A message key describing the event.
The permission used for a management event.
The UUID of the resource associated with the event. For example the UUID of the application to which a user is authenticating.
The name of the resource.
A UUID of the service provider role used for a management event.
The name of the service provider role.
The IP address of the client performing this event.
The UUID of the subject that performed this event. For administration events the subject will be the administrator or administration API application that performed the event. For authentication events the subject will be the user that performed the authentication.
The name of the subject that performed this event. For users the value will be the user's user Id. For administration API applications, the value will be the application's name.
Possible values: [USER
, ADMIN_API
, SERVICE_PROVIDER
, AGENT
]
The type of the subject that performed this event. Values are USER or ADMIN_API.
The UUID of the subscriber/site management role used for a management event.
The name of the subscriber/site management role.
Information about what authenticator was used for an authentication event.
{
"paging": {
"limit": 0,
"nextCursor": "string",
"prevCursor": "string"
},
"results": [
{
"accountId": "string",
"auditDetails": {
"entityAttributes": [
{
"name": "string",
"value": "string"
}
],
"messageTokens": [
"string"
],
"modifiedEntityAttributes": [
{
"name": "string",
"newValue": "string",
"oldValue": "string"
}
]
},
"entityAction": "string",
"entityId": "string",
"entityName": "string",
"entityType": "string",
"eventCategory": "AUTHENTICATION",
"eventOutcome": "SUCCESS",
"eventTime": "2019-02-19T13:15:27Z",
"eventType": "string",
"eventVersion": "string",
"id": "string",
"message": "string",
"requiredPermission": "string",
"resourceId": "string",
"resourceName": "string",
"serviceProviderAdminRoleId": "string",
"serviceProviderAdminRoleName": "string",
"sourceIp": "string",
"subject": "string",
"subjectName": "string",
"subjectType": "USER",
"subscriberAdminRoleId": "string",
"subscriberAdminRoleName": "string",
"token": "string"
}
]
}
Bad Request
- application/json
- Schema
- Example (from schema)
Schema
Error Codes specific to cause of failure.
Additional Error Message describing the error.
Optional additional error information.
{
"errorCode": "invalid_user_response",
"errorMessage": "Application id cannot be null",
"parameters": [
{}
]
}
Access denied
- application/json
- Schema
- Example (from schema)
Schema
Error Codes specific to cause of failure.
Additional Error Message describing the error.
Optional additional error information.
{
"errorCode": "invalid_user_response",
"errorMessage": "Application id cannot be null",
"parameters": [
{}
]
}
Forbidden
- application/json
- Schema
- Example (from schema)
Schema
Error Codes specific to cause of failure.
Additional Error Message describing the error.
Optional additional error information.
{
"errorCode": "invalid_user_response",
"errorMessage": "Application id cannot be null",
"parameters": [
{}
]
}
Not Found
- application/json
- Schema
- Example (from schema)
Schema
Error Codes specific to cause of failure.
Additional Error Message describing the error.
Optional additional error information.
{
"errorCode": "invalid_user_response",
"errorMessage": "Application id cannot be null",
"parameters": [
{}
]
}
Conflict
- application/json
- Schema
- Example (from schema)
Schema
Error Codes specific to cause of failure.
Additional Error Message describing the error.
Optional additional error information.
{
"errorCode": "invalid_user_response",
"errorMessage": "Application id cannot be null",
"parameters": [
{}
]
}