Host App Firewall Audit Timeslice

x-prisma-cloud-target-env: {"permission":"monitorWAAS","saas":true,"self-hosted":true}
x-public: true

HostAppFirewallAuditTimeslice returns host firewall audit buckets according to the query timeframe

Query Parameters

• offset integer

  Offsets the result to a specific report count. Offset starts from 0.

• limit integer

  Number of reports to retrieve in a page. For PCCE, the maximum limit is 250. For PCEE, the maximum limit is 50. The default value is 50.

• search string

  Retrieves the result for a search term.

• sort string

  Sorts the result using a key. Refer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.

• reverse boolean

  Sorts the result in reverse order.

• collections string[]

  Filters the result based on collection names that you have defined in Prisma Cloud Compute.

• provider string[]

  Scopes the query by cloud provider.

• accountIDs string[]

  Filters the result based on cloud account IDs.

• resourceIDs string[]

  Scopes the query by resource ID.

• region string[]

  Scopes the query by cloud region.

• fields string[]

  Retrieves the fields that you need in a report. Use the list of fields you want to retrieve. By default, the result shows all fields of data.

• from date-time

  From is an optional minimum time constraints for the audit.

• to date-time

  To is an optional maximum time constraints for the audit.

• imageName string[]

  Images is the image names filter.

• containerName string[]

  Containers is the container names filter.

• hostname string[]

  Hosts is the hostnames filter.

• ruleName string[]

  RuleNames is the rule names filter.

• type string[]

  Types is the firewall audit type filter.

• effect string

  Effect is used to filter by runtime audit effect.

• ruleAppID string[]

  RuleAppIDs is the rule app IDs filter.

• function string[]

  FunctionName is used to filter by function name.

• runtime string[]

  Runtime is used to filter by runtime.

• ns string[]

  Namespaces is the list of namespaces to use for filtering.

• appID string[]

  AppIDs is the app embedded appID filter.

• subnet string[]

  Subnets is the source IPs filter.

• connectingIPs string[]

  ConnectingIPs is the connecting IPs filter.

• country string[]

  Countries is the source IP country filter.

• userAgentHeader string[]

  UserAgents is the user agent header filter.

• url string[]

  URLs is the URL filter.

• requestHost string[]

  RequestHosts is the request host filter.

• urlPath string[]

  Paths is the URL path filter.

• urlQuery string[]

  Queries is the URL query filter.

• method string[]

  Methods is the request method filter.

• requestHeaderNames string[]

  RequestHeaderNames is the request header names filter.

• os string[]

  OS is the OS filter.

• msg string[]

  Messages is the audit message text filter.

• cluster string[]

  Cluster is the audit cluster filter.

• attackTechniques string[]

  AttackTechniques are the MITRE attack techniques.

• aggregate boolean

  Aggregate indicates whether the result audits should be aggregated according to the Select field.

• protection string[]

  Protections is the firewall audit protection type filter.

• eventID string[]

  EventID is the event IDs filter.

• owaspTop10 string[]

  OWASPTop10 is the OWASP top 10 filter.

• owaspAPITop10 string[]

  OWASPAPITop10 is the OWASP API top 10 filter.

• buckets integer

  Buckets is the number of buckets to return.

Responses

• 200
• default

---

application/json

• Schema
• Example (from schema)

---

Schema

• Array [
• count integer

  Count is the number of audit occurrences.

• end date-time

  End is the end time of the bucket.

• start date-time

  Start is the start time of the bucket.

• ]

[
  {
    "count": 0,
    "end": "2023-06-07T22:06:28.936Z",
    "start": "2023-06-07T22:06:28.936Z"
  }
]

Loading...