Get Management Audit Events

x-prisma-cloud-target-env: {"permission":"systemLogs","saas":true,"self-hosted":true}
x-public: true

Retrieves a list of all management audit events.

Management audit events are:

• Changes to any settings (including previous and new values)
• Changes to any rules (create, modify, or delete)
• Logon activities (success and failure)

cURL Request

Refer to the following example cURL command:

$ curl -k \
  -u <USER> \
  -H 'Content-Type: application/json' \
  -X GET \
  "https://<CONSOLE>/api/v<VERSION>/audits/mgmt"

cURL Response

{
   "username": "user",
   "sourceIP": "10.47.99.218",
   "time": "2022-11-22T03:11:15.39Z",
   "type": "login",
   "diff": "",
   "status": "successful login attempt",
   "failure": false,
   "api": "/api/v1/authenticate"
 }

Query Parameters

• offset integer

  Offsets the result to a specific report count. Offset starts from 0.

• limit integer

  Number of reports to retrieve in a page. For PCCE, the maximum limit is 250. For PCEE, the maximum limit is 50. The default value is 50.

• search string

  Retrieves the result for a search term.

• sort string

  Sorts the result using a key. Refer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.

• reverse boolean

  Sorts the result in reverse order.

• collections string[]

  Filters the result based on collection names that you have defined in Prisma Cloud Compute.

• provider string[]

  Scopes the query by cloud provider.

• accountIDs string[]

  Filters the result based on cloud account IDs.

• resourceIDs string[]

  Scopes the query by resource ID.

• region string[]

  Scopes the query by cloud region.

• fields string[]

  Retrieves the fields that you need in a report. Use the list of fields you want to retrieve. By default, the result shows all fields of data.

• from date-time

  From is an optional minimum time constraints for the audit.

• to date-time

  To is an optional maximum time constraints for the audit.

• type string[]

  Types is the audit type filter.

• username string[]

  Usernames is the username filter.

Responses

• 200
• default

---

application/json

• Schema
• Example (from schema)

---

Schema

• Array [
• api string

  API is the api used in the audit process.

• diff string

  Diff is the diff between old and new values.

• failure boolean

  Failure states whether the request failed or not.

• sourceIP string

  SourceIP is the request's source IP.

• status string

  Status is the request's response status.

• time date-time

  Time is the time of the request.

• type shared.MgmtType

  Possible values: [login,profile,settings,rule,user,group,credential,tag,role]

  MgmtType represents management audit types

• username string

  Username is the username of the user who performed the action.

• ]

[
  {
    "api": "string",
    "diff": "string",
    "failure": true,
    "sourceIP": "string",
    "status": "string",
    "time": "2023-06-07T22:06:28.946Z",
    "type": [
      "login",
      "profile",
      "settings",
      "rule",
      "user",
      "group",
      "credential",
      "tag",
      "role"
    ],
    "username": "string"
  }
]

Loading...