Skip to main content

Download Docker Access Audit Events

x-prisma-cloud-target-env: {"permission":"monitorAccessDocker","saas":true,"self-hosted":true}
x-public: true

Returns the docker access audit events data in CSV format that are logged and aggregated for any container resource protected by a Defender in Prisma Cloud Compute.

Note: You can download the access events from Console under Monitor > Events > Docker audits > Download CSV.

$ curl -k \
-u <USER> \
-H 'Content-Type: text/csv' \
-X GET \
-O <access_audits.csv> \
Query Parameters
  • offset integer

    Offsets the result to a specific report count. Offset starts from 0.

  • limit integer

    Number of reports to retrieve in a page. For PCCE, the maximum limit is 250. For PCEE, the maximum limit is 50. The default value is 50.

  • search string

    Retrieves the result for a search term.

  • sort string

    Sorts the result using a key. Refer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.

  • reverse boolean

    Sorts the result in reverse order.

  • collections string[]

    Filters the result based on collection names that you have defined in Prisma Cloud Compute.

  • provider string[]

    Scopes the query by cloud provider.

  • accountIDs string[]

    Filters the result based on cloud account IDs.

  • resourceIDs string[]

    Scopes the query by resource ID.

  • region string[]

    Scopes the query by cloud region.

  • fields string[]

    Retrieves the fields that you need in a report. Use the list of fields you want to retrieve. By default, the result shows all fields of data.

  • from date-time

    From is an optional minimum time constraints for the audit.

  • to date-time

    To is an optional maximum time constraints for the audit.

  • type string

    Type is the audit type.

  • ruleName string[]

    RuleNames are the rules names to filter by.

  • api string[]

    APIs are apis to filter by.

  • hostname string[]

    Hosts are hosts to filter by.

  • user string[]

    Users are users to filter by.

  • allow string

    Allow indicated whether allowed requests should be shown.

  • cluster string[]

    Clusters is the cluster filter.