Host App Firewall Audit Timeslice
x-prisma-cloud-target-env: {"permission":"monitorWAAS","saas":true,"self-hosted":true}
x-public: true
HostAppFirewallAuditTimeslice returns host firewall audit buckets according to the query timeframe
Query Parameters
- offset integer
Offsets the result to a specific report count. Offset starts from 0.
- limit integer
Number of reports to retrieve in a page. For PCCE, the maximum limit is 250. For PCEE, the maximum limit is 50. The default value is 50.
- search string
Retrieves the result for a search term.
- sort string
Sorts the result using a key. Refer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.
- reverse boolean
Sorts the result in reverse order.
- collections string[]
Filters the result based on collection names that you have defined in Prisma Cloud Compute.
- provider string[]
Scopes the query by cloud provider.
- accountIDs string[]
Filters the result based on cloud account IDs.
- resourceIDs string[]
Scopes the query by resource ID.
- region string[]
Scopes the query by cloud region.
- fields string[]
Retrieves the fields that you need in a report. Use the list of fields you want to retrieve. By default, the result shows all fields of data.
- from date-time
From is an optional minimum time constraints for the audit.
- to date-time
To is an optional maximum time constraints for the audit.
- imageName string[]
Images is the image names filter.
- containerName string[]
Containers is the container names filter.
- hostname string[]
Hosts is the hostnames filter.
- ruleName string[]
RuleNames is the rule names filter.
- type string[]
Types is the firewall audit type filter.
- effect string
Effect is used to filter by runtime audit effect.
- ruleAppID string[]
RuleAppIDs is the rule app IDs filter.
- function string[]
FunctionName is used to filter by function name.
- runtime string[]
Runtime is used to filter by runtime.
- ns string[]
Namespaces is the list of namespaces to use for filtering.
- appID string[]
AppIDs is the app embedded appID filter.
- subnet string[]
Subnets is the source IPs filter.
- connectingIPs string[]
ConnectingIPs is the connecting IPs filter.
- country string[]
Countries is the source IP country filter.
- userAgentHeader string[]
UserAgents is the user agent header filter.
- url string[]
URLs is the URL filter.
- requestHost string[]
RequestHosts is the request host filter.
- urlPath string[]
Paths is the URL path filter.
- urlQuery string[]
Queries is the URL query filter.
- method string[]
Methods is the request method filter.
- requestHeaderNames string[]
RequestHeaderNames is the request header names filter.
- os string[]
OS is the OS filter.
- msg string[]
Messages is the audit message text filter.
- cluster string[]
Cluster is the audit cluster filter.
- attackTechniques string[]
AttackTechniques are the MITRE attack techniques.
- aggregate boolean
Aggregate indicates whether the result audits should be aggregated according to the Select field.
- protection string[]
Protections is the firewall audit protection type filter.
- eventID string[]
EventID is the event IDs filter.
- owaspTop10 string[]
OWASPTop10 is the OWASP top 10 filter.
- owaspAPITop10 string[]
OWASPAPITop10 is the OWASP API top 10 filter.
- buckets integer
Buckets is the number of buckets to return.
- 200
- default
- application/json
- Schema
- Example (from schema)
Schema
- Array [
- count integer
Count is the number of audit occurrences.
- end date-time
End is the end time of the bucket.
- start date-time
Start is the start time of the bucket.
- ]
[
{
"count": 0,
"end": "2023-06-07T22:06:28.936Z",
"start": "2023-06-07T22:06:28.936Z"
}
]