Get Management Audit Events
GET/api/v33.01/audits/mgmt
x-prisma-cloud-target-env: {"permission":"systemLogs"}
Retrieves a list of all management audit events.
Management audit events are:
- Changes to any settings (including previous and new values)
- Changes to any rules (create, modify, or delete)
- Logon activities (success and failure)
cURL Request
Refer to the following example cURL command:
$ curl -k \
-u <USER> \
-H 'Content-Type: application/json' \
-X GET \
"https://<CONSOLE>/api/v<VERSION>/audits/mgmt"
cURL Response
{
"username": "user",
"sourceIP": "10.47.99.218",
"time": "2022-11-22T03:11:15.39Z",
"type": "login",
"diff": "",
"status": "successful login attempt",
"failure": false,
"api": "/api/v1/authenticate"
}
Request
Query Parameters
Offsets the result to a specific report count. Offset starts from 0.
Limit is the amount to fix.
Sorts the result using a key.
Sorts the result in reverse order.
From is an optional minimum time constraints for the audit.
To is an optional maximum time constraints for the audit.
Types is the audit type filter.
Usernames is the username filter.
Responses
- 200
- default
- application/json
- Schema
- Example (from schema)
Schema
- Array [
- ]
API is the api used in the audit process.
Diff is the diff between old and new values.
Failure states whether the request failed or not.
SourceIP is the request's source IP.
Status is the request's response status.
Time is the time of the request.
Possible values: [login,profile,settings,rule,user,group,credential,tag,role,pairing
]
MgmtType represents management audit types
Username is the username of the user who performed the action.
[
{
"api": "string",
"diff": "string",
"failure": true,
"sourceIP": "string",
"status": "string",
"time": "2024-07-29T15:51:28.071Z",
"type": [
"login",
"profile",
"settings",
"rule",
"user",
"group",
"credential",
"tag",
"role",
"pairing"
],
"username": "string"
}
]