Host App Firewall Audit Timeslice
GET/api/v31.02/audits/firewall/app/host/timeslice
x-prisma-cloud-target-env: {"permission":"monitorWAAS","saas":true,"self-hosted":true}
x-public: true
HostAppFirewallAuditTimeslice returns host firewall audit buckets according to the query timeframe
Request
Query Parameters
Offsets the result to a specific report count. Offset starts from 0.
Limit is the amount to fix.
Sorts the result using a key.
Sorts the result in reverse order.
From is an optional minimum time constraints for the audit.
To is an optional maximum time constraints for the audit.
Images is the image names filter.
Containers is the container names filter.
Hosts is the hostnames filter.
RuleNames is the rule names filter.
Types is the firewall audit type filter.
Effect is used to filter by runtime audit effect.
RuleAppIDs is the rule app IDs filter.
FunctionName is used to filter by function name.
Runtime is used to filter by runtime.
Namespaces is the list of namespaces to use for filtering.
AppIDs is the app embedded appID filter.
Subnets is the source IPs filter.
ConnectingIPs is the connecting IPs filter.
Countries is the source IP country filter.
UserAgents is the user agent header filter.
URLs is the URL filter.
RequestHosts is the request host filter.
Paths is the URL path filter.
Queries is the URL query filter.
Methods is the request method filter.
RequestHeaderNames is the request header names filter.
OS is the OS filter.
Messages is the audit message text filter.
Cluster is the audit cluster filter.
AttackTechniques are the MITRE attack techniques.
Aggregate indicates whether the result audits should be aggregated according to the Select field.
Protections is the firewall audit protection type filter.
EventID is the event IDs filter.
OWASPTop10 is the OWASP top 10 filter.
OWASPAPITop10 is the OWASP API top 10 filter.
Buckets is the number of buckets to return.
Responses
- 200
- default
- application/json
- Schema
- Example (from schema)
Schema
- Array [
- ]
Count is the number of audit occurrences.
End is the end time of the bucket.
Start is the start time of the bucket.
[
{
"count": 0,
"end": "2023-12-01T18:46:53.849Z",
"start": "2023-12-01T18:46:53.849Z"
}
]