Skip to main content

Download Admission Audit Events



x-prisma-cloud-target-env: {"permission":"monitorAccessKubernetes","saas":true,"self-hosted":true}
x-public: true

Returns the access admission events data in CSV format that were alerted or blocked by Defender functioning as Open Policy Agent admission controller.

cURL Request

Refer to the following example cURL command that downloads the admission audit events:

$ curl -k \
-u <USER> \
-H 'Content-Type: text/csv' \
-X GET \
-o <admission_audits.csv> \


Query Parameters

    offset integer

    Offsets the result to a specific report count. Offset starts from 0.

    limit integer

    Limit is the amount to fix.

    sort string

    Sorts the result using a key.

    reverse boolean

    Sorts the result in reverse order.

    from date-time

    From is an optional minimum time constraints for the activity.

    to date-time

    To is an optional maximum time constraints for the activity.

    namespace string[]

    Namespaces is the list of namespaces to use for filtering.

    operation string[]

    Operations is the list of operations to use for filtering.

    cluster string[]

    Clusters is the cluster filter.

    attackTechniques string[]

    AttackTechniques are the MITRE attack techniques.