ReportsApi
Method | HTTP request | Description |
---|---|---|
AuditEventPageUsingPOST | POST /api/web/v2/reports/auditeventspaged | Lists a page of audit events |
SiemAuditEventPageUsingPOST | POST /api/web/v2/reports/auditeventspaged/siem | Lists a page of audit events (SIEM) |
AuditEventPageUsingPOST
AuditEventPage AuditEventPageUsingPOST (SearchParms searchParms)
Lists a page of audit events
Returns audit events for the provided search parameters. Caller requires the REPORTS:VIEW permission.The following searchByAttributes are supported:
- eventTime: a mandatory String value representing an ISO-8601 date in UTC time (e.g., 2018-08-04T18:15:30). Allowed operators are: GREATER_THAN, GREATER_THAN_OR_EQUAL, LESS_THAN, LESS_THAN_OR_EQUAL.
- outcome: SUCCESS or FAIL. Allowed operator: EQUALS.
- category: AUTHENTICATION or MANAGEMENT. Allowed operator: EQUALS.
- entityName: a String up to 100 characters. Allowed operators: EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS, STARTS_WITH, ENDS_WITH.
- entityType: a String up to 40 characters (e.g., USERS, GROUPS, QUESTIONS, REPORTS, ROLES). Allowed operators: EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS, STARTS_WITH, ENDS_WITH.
- entityAction: a String up to 100 characters (e.g., ADD, EDIT, REMOVE, ASSIGN, RESET). Allowed operators: EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS, STARTS_WITH, ENDS_WITH.
- resourceName: a String up to 100 characters. Allowed operators: EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS, STARTS_WITH, ENDS_WITH.
- sourceIp: a String up to 39 characters. Allowed operators: EQUALS, STARTS_WITH.
- subjectName: a String up to 100 characters (e.g., jsmith). Allowed operators: EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS, STARTS_WITH, ENDS_WITH.
- eventType: a String up to 100 characters (e.g., AuthenticationDeniedEvent). Allowed operators: EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS, STARTS_WITH, ENDS_WITH.
- subject: Restrict events to the UUID of a specific subject. Allowed operator: EQUALS.
If you provide more than one search attribute, they are joined with an AND condition.
The orderByAttribute supports these attribute names: eventTime, outcome, category, entityName, entityType, entityAction, resourceName, sourceIp, subjectName.
The results will only include audit events with data in the orderByAttribute selected. If ordering by entityName, entityType, or entityAction, then AUTHENTICATION events will not be returned.
Using the AuditEventPageUsingPOSTWithHttpInfo variant
This returns an ApiResponse object which contains the response data, status code and headers.
Parameters
Name | Type | Description | Notes |
---|---|---|---|
searchParms | SearchParms |
Return type
Authorization
HTTP request headers
- Content-Type: application/json
- Accept: application/json
HTTP response details
Status code | Description | Response headers |
---|---|---|
200 | Successful | - |
400 | Bad Request | - |
401 | Access denied | - |
403 | Forbidden | - |
404 | Not Found | - |
409 | Conflict | - |
SiemAuditEventPageUsingPOST
AuditEventPage SiemAuditEventPageUsingPOST (SearchParms searchParms)
Lists a page of audit events (SIEM)
Returns audit events for the provided search parameters in ascending order always. Caller requires the REPORTS:VIEW permission.The following searchByAttributes are supported:
- startTime: a mandatory String value representing an ISO-8601 date in UTC time (e.g., 2018-08-04T18:15:30). Allowed operators are: GREATER_THAN_OR_EQUAL.
- endTime: a String value representing an ISO-8601 date in UTC time (e.g., 2018-08-31T18:15:30). Allowed operators are: LESS_THAN_OR_EQUAL.
- outcome: SUCCESS or FAIL. Allowed operator: EQUALS.
- category: AUTHENTICATION or MANAGEMENT. Allowed operator: EQUALS.
If you provide more than one search attribute, they are joined with an AND condition.
The orderByAttribute is not used even if provided. Results are returned in ascending order always (oldest to newest event)
Example
Using the SiemAuditEventPageUsingPOSTWithHttpInfo variant
This returns an ApiResponse object which contains the response data, status code and headers.
Parameters
Name | Type | Description | Notes |
---|---|---|---|
searchParms | SearchParms |
Return type
Authorization
HTTP request headers
- Content-Type: application/json
- Accept: application/json
HTTP response details
Status code | Description | Response headers |
---|---|---|
200 | Successful | - |
400 | Bad Request | - |
401 | Access denied | - |
403 | Forbidden | - |
404 | Not Found | - |
409 | Conflict | - |