Get Management Audit Events
x-prisma-cloud-target-env: {"permission":"systemLogs","saas":true,"self-hosted":true}
x-public: true
Retrieves a list of all management audit events.
Management audit events are:
- Changes to any settings (including previous and new values)
- Changes to any rules (create, modify, or delete)
- Logon activities (success and failure)
cURL Request
Refer to the following example cURL command:
$ curl -k \
-u <USER> \
-H 'Content-Type: application/json' \
-X GET \
"https://<CONSOLE>/api/v<VERSION>/audits/mgmt"
cURL Response
{
"username": "user",
"sourceIP": "10.47.99.218",
"time": "2022-11-22T03:11:15.39Z",
"type": "login",
"diff": "",
"status": "successful login attempt",
"failure": false,
"api": "/api/v1/authenticate"
}
Query Parameters
- offset integer
Offsets the result to a specific report count. Offset starts from 0.
- limit integer
Number of reports to retrieve in a page. For PCCE, the maximum limit is 250. For PCEE, the maximum limit is 50. The default value is 50.
- search string
Retrieves the result for a search term.
- sort string
Sorts the result using a key. Refer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.
- reverse boolean
Sorts the result in reverse order.
- collections string[]
Filters the result based on collection names that you have defined in Prisma Cloud Compute.
- provider string[]
Scopes the query by cloud provider.
- accountIDs string[]
Filters the result based on cloud account IDs.
- resourceIDs string[]
Scopes the query by resource ID.
- region string[]
Scopes the query by cloud region.
- fields string[]
Retrieves the fields that you need in a report. Use the list of fields you want to retrieve. By default, the result shows all fields of data.
- from date-time
From is an optional minimum time constraints for the audit.
- to date-time
To is an optional maximum time constraints for the audit.
- type string[]
Types is the audit type filter.
- username string[]
Usernames is the username filter.
- 200
- default
- application/json
- Schema
- Example (from schema)
Schema
- Array [
- api string
API is the api used in the audit process.
- diff string
Diff is the diff between old and new values.
- failure boolean
Failure states whether the request failed or not.
- sourceIP string
SourceIP is the request's source IP.
- status string
Status is the request's response status.
- time date-time
Time is the time of the request.
- type shared.MgmtType
Possible values: [
login,profile,settings,rule,user,group,credential,tag,role
]MgmtType represents management audit types
- username string
Username is the username of the user who performed the action.
- ]
[
{
"api": "string",
"diff": "string",
"failure": true,
"sourceIP": "string",
"status": "string",
"time": "2023-06-07T22:06:28.946Z",
"type": [
"login",
"profile",
"settings",
"rule",
"user",
"group",
"credential",
"tag",
"role"
],
"username": "string"
}
]