Skip to main content

Get Management Audit Events



x-prisma-cloud-target-env: {"permission":"systemLogs","saas":true,"self-hosted":true}
x-public: true

Retrieves a list of all management audit events.

Management audit events are:

  • Changes to any settings (including previous and new values)
  • Changes to any rules (create, modify, or delete)
  • Logon activities (success and failure)

cURL Request

Refer to the following example cURL command:

$ curl -k \
-u <USER> \
-H 'Content-Type: application/json' \
-X GET \

cURL Response

"username": "user",
"sourceIP": "",
"time": "2022-11-22T03:11:15.39Z",
"type": "login",
"diff": "",
"status": "successful login attempt",
"failure": false,
"api": "/api/v1/authenticate"


Query Parameters

    offset integer

    Offsets the result to a specific report count. Offset starts from 0.

    limit integer

    Limit is the amount to fix.

    sort string

    Sorts the result using a key.

    reverse boolean

    Sorts the result in reverse order.

    from date-time

    From is an optional minimum time constraints for the audit.

    to date-time

    To is an optional maximum time constraints for the audit.

    type string[]

    Types is the audit type filter.

    username string[]

    Usernames is the username filter.


  • Array [
  • api string

    API is the api used in the audit process.

    diff string

    Diff is the diff between old and new values.

    failure boolean

    Failure states whether the request failed or not.

    sourceIP string

    SourceIP is the request's source IP.

    status string

    Status is the request's response status.

    time date-time

    Time is the time of the request.

    type shared.MgmtType (string)

    Possible values: [login,profile,settings,rule,user,group,credential,tag,role,pairing]

    MgmtType represents management audit types

    username string

    Username is the username of the user who performed the action.

  • ]