Skip to main content

Get Runtime Log Inspection Audit Events



x-prisma-cloud-target-env: {"permission":"monitorRuntimeHosts","saas":true,"self-hosted":true}
x-public: true

Retrieves all audit events for log inspection checks that are configured under host runtime rules.

cURL Request

Refer to the following example cURL command:

$ curl -k \
-u <USER> \
-H 'Content-Type: application/json' \
-X GET \

cURL Response

"_id": "637639e2b962a7ae744851bf",
"logfile": "/var/lib/twistlock/log/console.log",
"line": "DEBU 2022-11-17T13:40:50.066 route_handler_middleware.go:507 GET /api/v1/audits/runtime/log-inspection?limit=20&offset=0&project=Central+Console&reverse=false&search=panic ssugandh admin 0.10s",
"time": "2022-11-17T13:40:50.067Z",
"hostname": "jen-cen8-cons-dock-0811t160649-cons-ssugandh-lngcon230.c.twistlock-test-247119.internal",
"ruleName": "panic_error_log",
"accountID": "twistlock-test-247119",
"collections": [
"cluster": ""


Query Parameters

    offset integer

    Offsets the result to a specific report count. Offset starts from 0.

    limit integer

    Limit is the amount to fix.

    sort string

    Sorts the result using a key.

    reverse boolean

    Sorts the result in reverse order.

    id string[]

    IDs is the list of IDs to use for filtering.

    from date-time

    From is an optional minimum time constraints for the event.

    to date-time

    To is an optional maximum time constraints for the event.

    hostname string[]

    Hosts is the list of hosts to use for filtering.

    logfile string[]

    Logfiles is the list of log files to use for filtering.

    cluster string[]

    Clusters is the cluster filter.


  • Array [
  • _id string

    ID is event's unique identifier.

    accountID string

    AccountID is the cloud account ID.

    cluster string

    Cluster is the cluster on which the event was found.

    collections string (string)[]

    Collections are collections to which this event applies.

    hostname string

    Hostname is the hostname on which the event was found.

    line string

    Line is the matching log line.

    logfile string

    Logfile is the log file which triggered the event.

    ruleName string

    RuleName is the name of the applied rule for auditing log inspection events.

    time date-time

    Time is the time of the event.

  • ]