Download Kubernetes Audit Events
x-prisma-cloud-target-env: {"permission":"monitorAccessKubernetes","saas":true,"self-hosted":true}
x-public: true
Returns the audit events data that occur in an integrated Kubernetes cluster that you configured for Prisma Cloud Compute under Defend > Access > Kubernetes in CSV format.
Note: This endpoint relates to the Monitor > Events > Kubernetes audits in Prisma Cloud Compute.
cURL Request
Refer to the following example cURL command:
$ curl -k \
-u <USER> \
-H 'Content-Type: text/csv' \
-X GET \
-o <kubernetes_audits.csv> \
"https://<CONSOLE>/api/v<VERSION>/audits/kubernetes/download"
Query Parameters
- offset integer
Offsets the result to a specific report count. Offset starts from 0.
- limit integer
Number of reports to retrieve in a page. For PCCE, the maximum limit is 250. For PCEE, the maximum limit is 50. The default value is 50.
- search string
Retrieves the result for a search term.
- sort string
Sorts the result using a key. Refer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.
- reverse boolean
Sorts the result in reverse order.
- collections string[]
Filters the result based on collection names that you have defined in Prisma Cloud Compute.
- provider string[]
Scopes the query by cloud provider.
- accountIDs string[]
Filters the result based on cloud account IDs.
- resourceIDs string[]
Scopes the query by resource ID.
- region string[]
Scopes the query by cloud region.
- fields string[]
Retrieves the fields that you need in a report. Use the list of fields you want to retrieve. By default, the result shows all fields of data.
- from date-time
From is an optional minimum time constraints for the activity.
- to date-time
To is an optional maximum time constraints for the activity.
- user string[]
Users is the list of users to use for filtering.
- attackTechniques string[]
AttackTechniques are the MITRE attack techniques.
- cluster string[]
Clusters is the list of clusters for filtering.
- 200
- default
OK