Skip to main content

Get Management Audit Events

x-prisma-cloud-target-env: {"permission":"systemLogs","saas":true,"self-hosted":true}
x-public: true

Retrieves a list of all management audit events.

Management audit events are:

  • Changes to any settings (including previous and new values)
  • Changes to any rules (create, modify, or delete)
  • Logon activities (success and failure)

cURL Request

Refer to the following example cURL command:

$ curl -k \
-u <USER> \
-H 'Content-Type: application/json' \
-X GET \

cURL Response

"username": "user",
"sourceIP": "",
"time": "2022-11-22T03:11:15.39Z",
"type": "login",
"diff": "",
"status": "successful login attempt",
"failure": false,
"api": "/api/v1/authenticate"

Query Parameters
  • offset integer

    Offsets the result to a specific report count. Offset starts from 0.

  • limit integer

    Number of reports to retrieve in a page. For PCCE, the maximum limit is 250. For PCEE, the maximum limit is 50. The default value is 50.

  • search string

    Retrieves the result for a search term.

  • sort string

    Sorts the result using a key. Refer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.

  • reverse boolean

    Sorts the result in reverse order.

  • collections string[]

    Filters the result based on collection names that you have defined in Prisma Cloud Compute.

  • provider string[]

    Scopes the query by cloud provider.

  • accountIDs string[]

    Filters the result based on cloud account IDs.

  • resourceIDs string[]

    Scopes the query by resource ID.

  • region string[]

    Scopes the query by cloud region.

  • fields string[]

    Retrieves the fields that you need in a report. Use the list of fields you want to retrieve. By default, the result shows all fields of data.

  • from date-time

    From is an optional minimum time constraints for the audit.

  • to date-time

    To is an optional maximum time constraints for the audit.

  • type string[]

    Types is the audit type filter.

  • username string[]

    Usernames is the username filter.


  • Array [
  • api string

    API is the api used in the audit process.

  • diff string

    Diff is the diff between old and new values.

  • failure boolean

    Failure states whether the request failed or not.

  • sourceIP string

    SourceIP is the request's source IP.

  • status string

    Status is the request's response status.

  • time date-time

    Time is the time of the request.

  • type shared.MgmtType

    Possible values: [login,profile,settings,rule,user,group,credential,tag,role]

    MgmtType represents management audit types

  • username string

    Username is the username of the user who performed the action.

  • ]