Audits
Retrieve audits from the Prisma Cloud Compute database. Prisma Cloud Compute creates and stores audit events for the components that are associated with a policy (rule) and shows deviation from that policy. Endpoints support a wide range of filtering options.
Authentication
Basic Auth
Headers
- Authorization: required (string): Authenticates with the Base64-encoded "username:password" credentials.
JWT Access Token
Use POST, /api/vVERSION/authenticate for authorization
Headers
- Authorization: required (string): Authenticates with the Bearer authentication scheme to transmit the access token. Example: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJk…………
📄️ Get Docker Access Audit Events
Retrieves all docker access audit events that are logged and aggregated for any container resource protected by a Defender in Prisma Cloud Compute.
📄️ Download Docker Access Audit Events
Returns the docker access audit events data in CSV format that are logged and aggregated for any container resource protected by a Defender in Prisma Cloud Compute.
📄️ Get Admission Audit Events
Returns all activities that were alerted or blocked by Defender functioning as Open Policy Agent admission controller.
📄️ Download Admission Audit Events
Returns the access admission events data in CSV format that were alerted or blocked by Defender functioning as Open Policy Agent admission controller.
📄️ Get WAAS Agentless Audit Events
Retrieves all agentless Web-Application and API Security (WAAS) audit events.
📄️ Download WAAS Agentless Audit Events
Returns the agentless Web-Application and API Security (WAAS) audit events data in CSV format.
📄️ Get WAAS Agentless Audit Events for a Timeframe
Retrieves all agentless Web-Application and API Security (WAAS) audit buckets based on a specified query time frame.
📄️ Get WAAS App-embedded Audit Events
Returns all app-embedded WAAS audit events for the specified query parameters.
📄️ Download WAAS App-embedded Audit Events
Returns the app-embedded WAAS audit events data in CSV format for the specified query parameters.
📄️ Get WAAS App-embedded Audit Events for a Timeframe
Returns the app-embedded WAAS audit buckets based on the query time frame.
📄️ Get WAAS Container Audit Events
Retrieves all container Web-Application and API Security (WAAS) audits.
📄️ Download WAAS Container Audit Events
Returns the container Web-Application and API Security (WAAS) audit events data in CSV format.
📄️ Container App Firewall Audit Timeslice
ContainerAppFirewallAuditTimeslice returns container firewall audit buckets according to the query timeframe
📄️ Get WAAS Host Audit Events
Retrieves all host Web-Application and API Security (WAAS) audit events.
📄️ Download WAAS Host Audit Events
Returns the host Web-Application and API Security (WAAS) audit events data in CSV format.
📄️ Host App Firewall Audit Timeslice
HostAppFirewallAuditTimeslice returns host firewall audit buckets according to the query timeframe
📄️ Get WAAS Serverless Audit Events
Retrieves all serverless function Web-Application and API Security (WAAS) audit events.
📄️ Download WAAS Serverless Audit Events
Returns the serverless function Web-Application and API Security (WAAS) audit events data in CSV format.
📄️ Get WAAS Serverless Audit Events for a Timeframe
Retrieves all serverless Web-Application and API Security (WAAS) audit buckets based on a specified query time frame in UTC.
📄️ Get CNNS Container Audit Events
Retrieves all Cloud Native Network Segmentation (CNNS) container audit events.
📄️ Download CNNS Container Audit Events
Returns the Cloud Native Network Segmentation (CNNS) container audit events data in CSV format.
📄️ Get CNNS Host Audit Events
Retrieves all Cloud Native Network Segmentation (CNNS) host audits.
📄️ Download CNNS Host Audit Events
Returns the Cloud Native Network Segmentation (CNNS) host audit events data in CSV format.
📄️ Get Incident Audit Events
Retrieves a list of incidents that are not acknowledged (i.e., not in archived state).
📄️ Archive an Incident Audit Event
Acknowledges an incident and moves it to an archived state.
📄️ Download Incident Audit Events
Downloads a list of incidents which are not acknowledged (i.e., not in archived state) in CSV format.
📄️ Get Kubernetes Audit Events
Retrieves events that occur in an integrated Kubernetes cluster that you configured for Prisma Cloud Compute under **Defend > Access > Kubernetes**.
📄️ Download Kubernetes Audit Events
Returns the audit events data that occur in an integrated Kubernetes cluster that you configured for Prisma Cloud Compute under **Defend > Access > Kubernetes** in CSV format.
📄️ Get Management Audit Events
Retrieves a list of all management audit events.
📄️ Download Management Audit Events
Returns the management audit events data in CSV format.
📄️ Get Management Audit Event Filters
Retrieves a list of management audit types from your environment.
📄️ Get Runtime App-embedded Audit Events
Retrieves all app-embedded runtime audit events.
📄️ Download Runtime App-embedded Audit Events
Returns the app-embedded runtime audit events data in CSV format.
📄️ Get Runtime Container Audit Events
Retrieves all container audit events when a runtime sensor such as process, network, file system, or system call detects an activity that deviates from the predictive model.
📄️ Download Runtime Container Audit Events
Returns the container audit events data in CSV format when a runtime sensor such as process, network, file system, or system call detects an activity that deviates from the predictive model.
📄️ Get Runtime Container Audit Events for a Timeframe
Retrieves the container audit events when a runtime sensor such as process, network, file system, or system call detects an activity that deviates from the predictive model for a specific time frame.
📄️ Get Runtime File Integrity Audit Events
Retrieves all audit events for file-integrity checks that are configured under host runtime rules.
📄️ Download Runtime File Integrity Audit Events
Returns the audit events data in CSV format for file-integrity checks that are configured under host runtime rules.
📄️ Get Runtime Host Audit Events
Retrieves the runtime host audit events.
📄️ Download Runtime Host Audit Events
Returns the runtime host audit events data in CSV format.
📄️ Get Runtime Host Audit Events for a Timeframe
Retrieves the runtime host audit events for a specific time frame.
📄️ Get Runtime Log Inspection Audit Events
Retrieves all audit events for log inspection checks that are configured under host runtime rules.
📄️ Download Runtime Log Inspection Audit Events
Returns the audit events data in CSV format for log inspection checks that are configured under host runtime rules.
📄️ Get Runtime Serverless Audit Events
Retrieves all scan events for any configured serverless functions in Prisma Cloud Compute.
📄️ Download Serverless Audit Events
Returns the scan audit events data in CSV format for any configured serverless functions in Prisma Cloud Compute.
📄️ Get Runtime Serverless Audit Events for a Timeframe
Retrieves all scan events for any configured serverless functions in Prisma Cloud Compute for a specific time frame.
📄️ Get Trust Audit Events
Retrieves all the trust audit events.
📄️ Download Trust Audit Events
Returns the trust audit events data in CSV format.