Skip to main content

Lists a page of audit events (SIEM)

POST 
/api/web/v2/reports/auditeventspaged/siem

Returns audit events for the provided search parameters in ascending order always. Caller requires the REPORTS:VIEW permission.The following searchByAttributes are supported:

  • startTime: a mandatory String value representing an ISO-8601 date in UTC time (e.g., 2018-08-04T18:15:30). Allowed operators are: GREATER_THAN_OR_EQUAL.
  • endTime: a String value representing an ISO-8601 date in UTC time (e.g., 2018-08-31T18:15:30). Allowed operators are: LESS_THAN_OR_EQUAL.
  • outcome: SUCCESS or FAIL. Allowed operator: EQUALS.
  • category: AUTHENTICATION or MANAGEMENT. Allowed operator: EQUALS.
If you provide more than one search attribute, they are joined with an AND condition.

The orderByAttribute is not used even if provided. Results are returned in ascending order always (oldest to newest event)

Request

Body

required

    attributes string[]

    Users search only: additional, non-core attributes to include in the returned object. Attribute names are specific to the returned object.

    cursor string

    Identifies the page to return when paging over a result set--if present, search by / order by attributes are ignored.

    limit int32

    Possible values: >= 1 and <= 100

    Identifies the maximum number of items to include in a page (1-100).

    orderByAttribute

    object

    An attribute used to sort the result from a search.

    ascending booleanrequired

    Identifies whether to order results in ascending order.

    name stringrequired

    Identifies the attribute.

    searchByAttributes

    object[]

    Identifies attributes for searching purposes. Some end-points have pre-defined values and ignore this attribute.

  • Array [

    • name stringrequired

    Identifies the attribute we are searching for.

    operator stringrequired

    Possible values: [EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS, STARTS_WITH, ENDS_WITH, GREATER_THAN, GREATER_THAN_OR_EQUAL, LESS_THAN, LESS_THAN_OR_EQUAL, IN, EXISTS, NOT_EXISTS]

    Identifies the operator.

    value string

    Identifies the value of the attribute we are searching for.

  • ]

Responses

Successful

Schema

    paging

    object

    Contains navigation information.

    limit int32required

    Possible values: >= 1 and <= 100

    The page limit used (1-100)

    nextCursor string

    The cursor pointing to the next page.

    prevCursor string

    The cursor pointing to the previous page.

    results

    object[]

    required

    A single page from the list of audit events found.

  • Array [

    • accountId string

    The UUID of the account containing this audit event.

    auditDetails

    object

    Additional audit details that may be included with an audit event.

    entityAttributes

    object[]

    A list of attributes when an entity is added or removed.

  • Array [

    • name string

    The name of the attribute.

    value string

    The value of the attribute.

  • ]

    • messageTokens string[]

    List of tokens referencing event attributes that can be used in the audit message.

    modifiedEntityAttributes

    object[]

    A list of attributes when an entity is modified.

  • Array [

    • name string

    The name of the attribute.

    newValue string

    The new value of the attribute.

    oldValue string

    The old value of the attribute.

  • ]

    • entityAction string

    For a management event, the action that was performed.

    entityId string

    For a management event, the UUID of the entity that was acted upon.

    entityName string

    For a management event, the name of the entity that was acted upon.

    entityType string

    For a management event, the entity type that was acted upon.

    eventCategory string

    Possible values: [AUTHENTICATION, MANAGEMENT, ISSUANCE]

    The category of the event. Values are AUTHENTICATION or MANAGEMENT.

    eventOutcome string

    Possible values: [SUCCESS, FAIL]

    The outcome of the event. Values are success or fail.

    eventTime date-timerequired

    The time of this event.

    eventType string

    The type of the event.

    eventVersion string

    Version information for future use.

    id string

    The UUID of this audit event.

    message string

    A message key describing the event.

    requiredPermission string

    The permission used for a management event.

    resourceId string

    The UUID of the resource associated with the event. For example the UUID of the application to which a user is authenticating.

    resourceName string

    The name of the resource.

    serviceProviderAdminRoleId string

    A UUID of the service provider role used for a management event.

    serviceProviderAdminRoleName string

    The name of the service provider role.

    sourceIp string

    The IP address of the client performing this event.

    subject string

    The UUID of the subject that performed this event. For administration events the subject will be the administrator or administration API application that performed the event. For authentication events the subject will be the user that performed the authentication.

    subjectName string

    The name of the subject that performed this event. For users the value will be the user's user Id. For administration API applications, the value will be the application's name.

    subjectType string

    Possible values: [USER, ADMIN_API, SERVICE_PROVIDER, AGENT]

    The type of the subject that performed this event. Values are USER or ADMIN_API.

    subscriberAdminRoleId string

    The UUID of the subscriber/site management role used for a management event.

    subscriberAdminRoleName string

    The name of the subscriber/site management role.

    token string

    Information about what authenticator was used for an authentication event.

  • ]

Loading...