Skip to main content

Get Trust Audit Events

GET 

/api/v33.01/audits/trust

x-prisma-cloud-target-env: {"permission":"monitorImages"}

Retrieves all the trust audit events.

cURL Request

Refer to the following example cURL command:

$ curl -k \
-u <USER> \
-H 'Content-Type: application/json' \
-X GET \
"https://<CONSOLE>/api/v<VERSION>/audits/trust"

cURL Response

{
"_id": "quay.io/openshift-release-dev/ocp-v4.0-art-dev",
"time": "2022-11-22T18:15:06.793Z",
"total": 7,
"resource": {
"images": [
"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:9dd1b7719d2a52910d7860f22d038ab57e1d3aa5274a3d0850112394fdf4aec0"
],
"accountIDs": [
"twistlock-test-247119"
],
"clusters": [
"openshift-v1-22-89e95cb9-cri-o-1-22-5-14-rhaos4-9-git80a8e67-el8-u-openshift-370392"
]
},
"collections": [
"All"
],
"cluster": "openshift-v1-22-89e95cb9-cri-o-1-22-5-14-rhaos4-9-git80a8e67-el8-u-openshift-370392",
"audits": {
"untrusted": {
"count": 7,
"audits": [
{
"_id": "quay.io/openshift-release-dev/ocp-v4.0-art-dev",
"time": "2022-11-22T18:15:06.793Z",
"imageName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c3f8fe342716c0d9ba925a65f6f234e5c4d9670e7ea84bd227cf2af454dd4f0d",
"imageID": "0fad6b33183ae7dbd050b095bdd1d004911ba8f49d08104d513f4e0e1ee460b1",
"effect": "alert",
"ruleName": "TV 1",
"msg": "Untrusted by rule TV 1",
"count": 1,
"accountID": "twistlock-test-247119",
"cluster": "openshift-v1-22-89e95cb9-cri-o-1-22-5-14-rhaos4-9-git80a8e67-el8-u-openshift-370392"
},
{
"_id": "quay.io/openshift-release-dev/ocp-v4.0-art-dev",
"time": "2022-11-22T18:15:04.922Z",
"imageName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:9dd1b7719d2a52910d7860f22d038ab57e1d3aa5274a3d0850112394fdf4aec0",
"imageID": "90e290196294063f8638cbc4e4c8f1db669a0b2ff67ac2c3d6612e6f783ffbd3",
"effect": "alert",
"ruleName": "TV 1",
"msg": "Untrusted by rule TV 1",
"count": 1,
"accountID": "twistlock-test-247119",
"cluster": "openshift-v1-22-89e95cb9-cri-o-1-22-5-14-rhaos4-9-git80a8e67-el8-u-openshift-370392"
},
{
"_id": "quay.io/openshift-release-dev/ocp-v4.0-art-dev",
"time": "2022-11-22T18:00:02.682Z",
"imageName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c3f8fe342716c0d9ba925a65f6f234e5c4d9670e7ea84bd227cf2af454dd4f0d",
"imageID": "0fad6b33183ae7dbd050b095bdd1d004911ba8f49d08104d513f4e0e1ee460b1",
"effect": "alert",
"ruleName": "TV 1",
"msg": "Untrusted by rule TV 1",
"count": 1,
"accountID": "twistlock-test-247119",
"cluster": "openshift-v1-22-89e95cb9-cri-o-1-22-5-14-rhaos4-9-git80a8e67-el8-u-openshift-370392"
},
{
"_id": "quay.io/openshift-release-dev/ocp-v4.0-art-dev",
"time": "2022-11-22T18:00:00.733Z",
"imageName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:9dd1b7719d2a52910d7860f22d038ab57e1d3aa5274a3d0850112394fdf4aec0",
"imageID": "90e290196294063f8638cbc4e4c8f1db669a0b2ff67ac2c3d6612e6f783ffbd3",
"effect": "alert",
"ruleName": "TV 1",
"msg": "Untrusted by rule TV 1",
"count": 1,
"accountID": "twistlock-test-247119",
"cluster": "openshift-v1-22-89e95cb9-cri-o-1-22-5-14-rhaos4-9-git80a8e67-el8-u-openshift-370392"
},
{
"_id": "quay.io/openshift-release-dev/ocp-v4.0-art-dev",
"time": "2022-11-22T17:45:14.196Z",
"imageName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c3f8fe342716c0d9ba925a65f6f234e5c4d9670e7ea84bd227cf2af454dd4f0d",
"imageID": "0fad6b33183ae7dbd050b095bdd1d004911ba8f49d08104d513f4e0e1ee460b1",
"effect": "alert",
"ruleName": "TV 1",
"msg": "Untrusted by rule TV 1",
"count": 1,
"accountID": "twistlock-test-247119",
"cluster": "openshift-v1-22-89e95cb9-cri-o-1-22-5-14-rhaos4-9-git80a8e67-el8-u-openshift-370392"
}
]
}
}
}

Request

Query Parameters

    offset integer

    Offsets the result to a specific report count. Offset starts from 0.

    limit integer

    Limit is the amount to fix.

    sort string

    Sorts the result using a key.

    reverse boolean

    Sorts the result in reverse order.

    from date-time

    From is an optional minimum time constraints for the audit.

    to date-time

    To is an optional maximum time constraints for the audit.

    ruleName string[]

    RuleNames is used to filter by rulename.

    effect string[]

    Effect is used to filter by runtime audit effect (block/alert).

    _id string[]

    IDs is used to filter by registry/repo.

Responses

Schema
  • Array [
  • _id string

    ProfileID is the runtime profile ID.

    audits object

    Audits is a map from trust status (audits are only for untrusted type) to the audit events list.

    property name* shared.TrustRegistryRepoAudits

    TrustRegistryRepoAudits represents the trust registry/repo audits per profile

    audits object[]

    Audits are the trust audits associated with the registry/repo, limited to the determined capacity.

  • Array [
  • _id string

    ID is the registry-repo of the created container.

    accountID string

    AccountID is the cloud account ID where the audit was generated.

    cluster string

    Cluster is the cluster where the audit was generated.

    count integer

    Count is the number of times this audit occurred.

    effect vuln.Effect (string)

    Possible values: [ignore,alert,block]

    Effect specifies relevant action for a vulnerability

    imageID string

    ImageID is the container image id.

    imageName string

    ImageName is the container image name.

    msg string

    Message is the blocking message text.

    ruleName string

    If blocked, contains the name of the rule that was applied.

    time date-time

    Time is the UTC time of the audit event.

  • ]
  • count integer

    Count is the total count of the sub-type audits.

    cluster string

    Cluster is the cluster from which the audit originated.

    collections string (string)[]

    Collections are collections to which this audit applies.

    imageName string

    ImageName is the container image name.

    label string

    Label represents the container deployment label.

    os string

    OS is the operating system distribution.

    resource object

    RuntimeResource represents on which resource in the system a rule applies (e.g., specific host or image) Empty resource or wildcard (*) represents all resources of a given type

    accountIDs string (string)[]

    List of account IDs.

    appIDs string (string)[]

    List of application IDs.

    clusters string (string)[]

    List of Kubernetes cluster names.

    containers string (string)[]

    List of containers.

    functions string (string)[]

    List of functions.

    hosts string (string)[]

    List of hosts.

    images string (string)[]

    List of images.

    labels string (string)[]

    List of labels.

    namespaces string (string)[]

    List of Kubernetes namespaces.

    time date-time

    Time is the UTC time of the last audit event.

    total integer

    Total is the total count of audits per runtime profile.

  • ]
Loading...