Get Runtime Serverless Audit Events for a Timeframe

GET 
/api/v32.07/audits/runtime/serverless/timeslice

x-prisma-cloud-target-env: {"permission":"monitorRuntimeServerless"}

Retrieves all scan events for any configured serverless functions in Prisma Cloud Compute for a specific time frame.

Note: In Console, you can view the same under Monitor > Events > Container Audits.

Use the following mandatory query parameters to fetch results:

• from: Specifies the start time in UTC standard of the time period for which the audit events are returned.
• to: Specifies the end time in UTC standard of the time period for which the audit events are returned.
• buckets: Specifies the number of buckets (buckets of audits based on aggregation logic) to return. Query within the range of 1-100.

cURL Request

Refer to the following example cURL command:

$ curl -k \
  -u <USER> \
  -H 'Content-Type: application/json' \
  -X GET \
  "https://<CONSOLE>/api/v<VERSION>/audits/runtime/serverless/timeslice?from=2022-11-15T15:23:57Z&to=2022-11-16T15:23:57Z&buckets=5"

cURL Response

{
        "start": "2022-10-23T06:35:50.254Z",
        "end": "2022-10-24T04:58:47.103Z",
        "count": 4
}

Response Parameters:

• start: Specifies the start time of the bucket in date-time UTC format.
• end: Specifies the end time of the bucket in date-time UTC format.
• count: Specifies the number of audit occurrences.

Request

Query Parameters

offset integer

Offsets the result to a specific report count. Offset starts from 0.

limit integer

Limit is the amount to fix.

sort string

Sorts the result using a key.

reverse boolean

Sorts the result in reverse order.

id string[]

IDs are the audit IDs to filter.

profileID string[]

ProfileIDs are the profile IDs to filter.

from date-time

From is an optional minimum time constraints for the audit.

to date-time

To is an optional maximum time constraints for the audit.

time date-time

Time is used to filter by audit time.

imageName string[]

ImageNames is the image name filter.

container string[]

Containers is the container name filter.

containerID string[]

ContainerID is used to filter by container ID.

ruleName string[]

RuleNames is used to filter by rule name.

type string[]

Types is used to filter by runtime audit type.

effect string[]

Effect is used to filter by runtime audit effect (e.g., block/alert).

user string[]

Users is used to filter by host users.

os string[]

OS is the image OS distro filter.

namespace string[]

Namespaces is the namespaces filter.

fields string[]

Fields is used to fetch specific runtime audit fields.

cluster string[]

Clusters is the cluster filter.

attackType string[]

AttackTypes is used to filter by runtime audit attack type.

hostname string[]

Hostname is the hostname filter.

msg string[]

Message is the audit message text filter.

interactive string[]

Interactive is the audit interactive filter.

function string[]

Function is used to filter by function name.

runtime string[]

Runtime is used to filter by runtime.

attackTechniques string[]

AttackTechniques are the MITRE attack techniques.

app string[]

App is the name constraint of the service that triggered the audit.

processPath string[]

ProcessPath is the path constraint of the process that triggered the audit.

requestID string[]

RequestID is used to filter by request ID.

functionID string[]

FunctionID is used to filter by function ID.

aggregate boolean

Aggregate indicates whether the result audits should be aggregated according to the Select field.

appID string[]

AppID is used to filter by embedded app or Fargate task that triggered the audit.

buckets integer

Buckets is the number of buckets to return.

Responses

200

application/json

Schema

Schema

• Array [
count integer

Count is the number of audit occurrences.

end date-time

End is the end time of the bucket.

start date-time

Start is the start time of the bucket.

• ]

Example (from schema)

[
  {
    "count": 0,
    "end": "2024-07-29T15:51:28.071Z",
    "start": "2024-07-29T15:51:28.071Z"
  }
]

default

Loading...