Download WAAS Agentless Audit Events
GET/api/v33.02/audits/firewall/app/agentless/download
x-prisma-cloud-target-env: {"permission":"monitorWAAS"}
Returns the agentless Web-Application and API Security (WAAS) audit events data in CSV format.
Note: These are based on violations of WAAS policies defined under Defend > WAAS > Agentless > Agentless WAAS Policy.
cURL Request
Refer to the following example cURL command that retrieves all agentless WAAS audit events:
$ curl -k \
-u <USER> \
-H 'Content-Type: text/csv' \
-X GET \
-o <waas_agentless_audits.csv> \
"https://<CONSOLE>/api/v<VERSION>/audits/firewall/app/agentless/download"
Request
Query Parameters
Offsets the result to a specific report count. Offset starts from 0.
Limit is the amount to fix.
Sorts the result using a key.
Sorts the result in reverse order.
From is an optional minimum time constraints for the audit.
To is an optional maximum time constraints for the audit.
Images is the image names filter.
Containers is the container names filter.
Hosts is the hostnames filter.
RuleNames is the rule names filter.
Types is the firewall audit type filter.
Effect is used to filter by runtime audit effect.
RuleAppIDs is the rule app IDs filter.
FunctionName is used to filter by function name.
Runtime is used to filter by runtime.
Namespaces is the list of namespaces to use for filtering.
AppIDs is the app embedded appID filter.
Subnets is the source IPs filter.
ConnectingIPs is the connecting IPs filter.
Countries is the source IP country filter.
UserAgents is the user agent header filter.
URLs is the URL filter.
RequestHosts is the request host filter.
Paths is the URL path filter.
Queries is the URL query filter.
Methods is the request method filter.
RequestHeaderNames is the request header names filter.
OS is the OS filter.
Messages is the audit message text filter.
Cluster is the audit cluster filter.
AttackTechniques are the MITRE attack techniques.
Aggregate indicates whether the result audits should be aggregated according to the Select field.
Protections is the firewall audit protection type filter.
EventID is the event IDs filter.
OWASPTop10 is the OWASP top 10 filter.
OWASPAPITop10 is the OWASP API top 10 filter.
AdditionalHash is used to filter by the additional hash value.
ModelPath is used to filter by the API model path.
Responses
- 200
- default
OK