Get Management Audit Events

GET 
/api/v30.00/audits/mgmt

x-prisma-cloud-target-env: {"permission":"systemLogs","saas":true,"self-hosted":true}
x-public: true

Retrieves a list of all management audit events.

Management audit events are:

• Changes to any settings (including previous and new values)
• Changes to any rules (create, modify, or delete)
• Logon activities (success and failure)

cURL Request

Refer to the following example cURL command:

$ curl -k \
  -u <USER> \
  -H 'Content-Type: application/json' \
  -X GET \
  "https://<CONSOLE>/api/v<VERSION>/audits/mgmt"

cURL Response

{
   "username": "user",
   "sourceIP": "10.47.99.218",
   "time": "2022-11-22T03:11:15.39Z",
   "type": "login",
   "diff": "",
   "status": "successful login attempt",
   "failure": false,
   "api": "/api/v1/authenticate"
 }

Request

Query Parameters

offset integer

Offsets the result to a specific report count. Offset starts from 0.

limit integer

Number of reports to retrieve in a page. For PCCE, the maximum limit is 250. For PCEE, the maximum limit is 50. The default value is 50.

search string

Retrieves the result for a search term.

sort string

Sorts the result using a key. Refer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.

reverse boolean

Sorts the result in reverse order.

collections string[]

Filters the result based on collection names that you have defined in Prisma Cloud Compute.

provider string[]

Scopes the query by cloud provider.

accountIDs string[]

Filters the result based on cloud account IDs.

resourceIDs string[]

Scopes the query by resource ID.

region string[]

Scopes the query by cloud region.

fields string[]

Retrieves the fields that you need in a report. Use the list of fields you want to retrieve. By default, the result shows all fields of data.

from date-time

From is an optional minimum time constraints for the audit.

to date-time

To is an optional maximum time constraints for the audit.

type string[]

Types is the audit type filter.

username string[]

Usernames is the username filter.

Responses

200

application/json

Schema

Schema

• Array [
api string

API is the api used in the audit process.

diff string

Diff is the diff between old and new values.

failure boolean

Failure states whether the request failed or not.

sourceIP string

SourceIP is the request's source IP.

status string

Status is the request's response status.

time date-time

Time is the time of the request.

type shared.MgmtType

Possible values: [login,profile,settings,rule,user,group,credential,tag,role]

MgmtType represents management audit types

username string

Username is the username of the user who performed the action.

• ]

Example (from schema)

[
  {
    "api": "string",
    "diff": "string",
    "failure": true,
    "sourceIP": "string",
    "status": "string",
    "time": "2023-12-06T03:39:59.186Z",
    "type": [
      "login",
      "profile",
      "settings",
      "rule",
      "user",
      "group",
      "credential",
      "tag",
      "role"
    ],
    "username": "string"
  }
]

default

Loading...