Skip to main content

Download WAAS Container Audit Events

GET 

/api/v32.07/audits/firewall/app/container/download

x-prisma-cloud-target-env: {"permission":"monitorWAAS"}

Returns the container Web-Application and API Security (WAAS) audit events data in CSV format.

Note: These audit events relate to violations of WAAS policies defined under Defend > WAAS > Container > Container WAAS Policy.

cURL Request

Refer to the following example cURL command that downloads the WAAS container audit events:

$ curl -k \
-u <USER> \
-H 'Content-Type: text/csv' \
-X GET \
-o <waas-container-audits.csv> \
"https://<CONSOLE>/api/v<VERSION>/audits/firewall/app/container/download"

Request

Query Parameters

    offset integer

    Offsets the result to a specific report count. Offset starts from 0.

    limit integer

    Limit is the amount to fix.

    sort string

    Sorts the result using a key.

    reverse boolean

    Sorts the result in reverse order.

    from date-time

    From is an optional minimum time constraints for the audit.

    to date-time

    To is an optional maximum time constraints for the audit.

    imageName string[]

    Images is the image names filter.

    containerName string[]

    Containers is the container names filter.

    hostname string[]

    Hosts is the hostnames filter.

    ruleName string[]

    RuleNames is the rule names filter.

    type string[]

    Types is the firewall audit type filter.

    effect string

    Effect is used to filter by runtime audit effect.

    ruleAppID string[]

    RuleAppIDs is the rule app IDs filter.

    function string[]

    FunctionName is used to filter by function name.

    runtime string[]

    Runtime is used to filter by runtime.

    ns string[]

    Namespaces is the list of namespaces to use for filtering.

    appID string[]

    AppIDs is the app embedded appID filter.

    subnet string[]

    Subnets is the source IPs filter.

    connectingIPs string[]

    ConnectingIPs is the connecting IPs filter.

    country string[]

    Countries is the source IP country filter.

    userAgentHeader string[]

    UserAgents is the user agent header filter.

    url string[]

    URLs is the URL filter.

    requestHost string[]

    RequestHosts is the request host filter.

    urlPath string[]

    Paths is the URL path filter.

    urlQuery string[]

    Queries is the URL query filter.

    method string[]

    Methods is the request method filter.

    requestHeaderNames string[]

    RequestHeaderNames is the request header names filter.

    os string[]

    OS is the OS filter.

    msg string[]

    Messages is the audit message text filter.

    cluster string[]

    Cluster is the audit cluster filter.

    attackTechniques string[]

    AttackTechniques are the MITRE attack techniques.

    aggregate boolean

    Aggregate indicates whether the result audits should be aggregated according to the Select field.

    protection string[]

    Protections is the firewall audit protection type filter.

    eventID string[]

    EventID is the event IDs filter.

    owaspTop10 string[]

    OWASPTop10 is the OWASP top 10 filter.

    owaspAPITop10 string[]

    OWASPAPITop10 is the OWASP API top 10 filter.

    additionalHash string[]

    AdditionalHash is used to filter by the additional hash value.

    modelPath string[]

    ModelPath is used to filter by the API model path.

Responses

OK

Loading...