Download Docker Access Audit Events
GET/api/v30.03/audits/access/download
x-prisma-cloud-target-env: {"permission":"monitorAccessDocker","saas":true,"self-hosted":true}
x-public: true
Returns the docker access audit events data in CSV format that are logged and aggregated for any container resource protected by a Defender in Prisma Cloud Compute.
Note: You can download the access events from Console under Monitor > Events > Docker audits > Download CSV.
$ curl -k \
-u <USER> \
-H 'Content-Type: text/csv' \
-X GET \
-O <access_audits.csv> \
"https://<CONSOLE>/api/v<VERSION>/audits/access/download?type=docker"
Request
Query Parameters
Offsets the result to a specific report count. Offset starts from 0.
Number of reports to retrieve in a page. For PCCE, the maximum limit is 250. For PCEE, the maximum limit is 50. The default value is 50.
Retrieves the result for a search term.
Sorts the result using a key. Refer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.
Sorts the result in reverse order.
Filters the result based on collection names that you have defined in Prisma Cloud Compute.
Scopes the query by cloud provider.
Filters the result based on cloud account IDs.
Scopes the query by resource ID.
Scopes the query by cloud region.
Retrieves the fields that you need in a report. Use the list of fields you want to retrieve. By default, the result shows all fields of data.
From is an optional minimum time constraints for the audit.
To is an optional maximum time constraints for the audit.
Type is the audit type.
RuleNames are the rules names to filter by.
APIs are apis to filter by.
Hosts are hosts to filter by.
Users are users to filter by.
Allow indicated whether allowed requests should be shown.
Clusters is the cluster filter.
Responses
- 200
- default
OK