Download Admission Audit Events
x-prisma-cloud-target-env: {"permission":"monitorAccessKubernetes","saas":true,"self-hosted":true}
x-public: true
Returns the access admission events data in CSV format that were alerted or blocked by Defender functioning as Open Policy Agent admission controller.
cURL Request
Refer to the following example cURL command that downloads the admission audit events:
$ curl -k \
-u <USER> \
-H 'Content-Type: text/csv' \
-X GET \
-o <admission_audits.csv> \
"https://<CONSOLE>/api/v<VERSION>/audits/admission/download"
Query Parameters
- offset integer
Offsets the result to a specific report count. Offset starts from 0.
- limit integer
Number of reports to retrieve in a page. For PCCE, the maximum limit is 250. For PCEE, the maximum limit is 50. The default value is 50.
- search string
Retrieves the result for a search term.
- sort string
Sorts the result using a key. Refer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.
- reverse boolean
Sorts the result in reverse order.
- collections string[]
Filters the result based on collection names that you have defined in Prisma Cloud Compute.
- provider string[]
Scopes the query by cloud provider.
- accountIDs string[]
Filters the result based on cloud account IDs.
- resourceIDs string[]
Scopes the query by resource ID.
- region string[]
Scopes the query by cloud region.
- fields string[]
Retrieves the fields that you need in a report. Use the list of fields you want to retrieve. By default, the result shows all fields of data.
- from date-time
From is an optional minimum time constraints for the activity.
- to date-time
To is an optional maximum time constraints for the activity.
- namespace string[]
Namespaces is the list of namespaces to use for filtering.
- operation string[]
Operations is the list of operations to use for filtering.
- cluster string[]
Clusters is the cluster filter.
- attackTechniques string[]
AttackTechniques are the MITRE attack techniques.
- 200
- default
OK