Get Trust Audit Events
GET/api/v33.01/audits/trust
x-prisma-cloud-target-env: {"permission":"monitorImages"}
Retrieves all the trust audit events.
cURL Request
Refer to the following example cURL command:
$ curl -k \
-u <USER> \
-H 'Content-Type: application/json' \
-X GET \
"https://<CONSOLE>/api/v<VERSION>/audits/trust"
cURL Response
{
"_id": "quay.io/openshift-release-dev/ocp-v4.0-art-dev",
"time": "2022-11-22T18:15:06.793Z",
"total": 7,
"resource": {
"images": [
"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:9dd1b7719d2a52910d7860f22d038ab57e1d3aa5274a3d0850112394fdf4aec0"
],
"accountIDs": [
"twistlock-test-247119"
],
"clusters": [
"openshift-v1-22-89e95cb9-cri-o-1-22-5-14-rhaos4-9-git80a8e67-el8-u-openshift-370392"
]
},
"collections": [
"All"
],
"cluster": "openshift-v1-22-89e95cb9-cri-o-1-22-5-14-rhaos4-9-git80a8e67-el8-u-openshift-370392",
"audits": {
"untrusted": {
"count": 7,
"audits": [
{
"_id": "quay.io/openshift-release-dev/ocp-v4.0-art-dev",
"time": "2022-11-22T18:15:06.793Z",
"imageName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c3f8fe342716c0d9ba925a65f6f234e5c4d9670e7ea84bd227cf2af454dd4f0d",
"imageID": "0fad6b33183ae7dbd050b095bdd1d004911ba8f49d08104d513f4e0e1ee460b1",
"effect": "alert",
"ruleName": "TV 1",
"msg": "Untrusted by rule TV 1",
"count": 1,
"accountID": "twistlock-test-247119",
"cluster": "openshift-v1-22-89e95cb9-cri-o-1-22-5-14-rhaos4-9-git80a8e67-el8-u-openshift-370392"
},
{
"_id": "quay.io/openshift-release-dev/ocp-v4.0-art-dev",
"time": "2022-11-22T18:15:04.922Z",
"imageName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:9dd1b7719d2a52910d7860f22d038ab57e1d3aa5274a3d0850112394fdf4aec0",
"imageID": "90e290196294063f8638cbc4e4c8f1db669a0b2ff67ac2c3d6612e6f783ffbd3",
"effect": "alert",
"ruleName": "TV 1",
"msg": "Untrusted by rule TV 1",
"count": 1,
"accountID": "twistlock-test-247119",
"cluster": "openshift-v1-22-89e95cb9-cri-o-1-22-5-14-rhaos4-9-git80a8e67-el8-u-openshift-370392"
},
{
"_id": "quay.io/openshift-release-dev/ocp-v4.0-art-dev",
"time": "2022-11-22T18:00:02.682Z",
"imageName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c3f8fe342716c0d9ba925a65f6f234e5c4d9670e7ea84bd227cf2af454dd4f0d",
"imageID": "0fad6b33183ae7dbd050b095bdd1d004911ba8f49d08104d513f4e0e1ee460b1",
"effect": "alert",
"ruleName": "TV 1",
"msg": "Untrusted by rule TV 1",
"count": 1,
"accountID": "twistlock-test-247119",
"cluster": "openshift-v1-22-89e95cb9-cri-o-1-22-5-14-rhaos4-9-git80a8e67-el8-u-openshift-370392"
},
{
"_id": "quay.io/openshift-release-dev/ocp-v4.0-art-dev",
"time": "2022-11-22T18:00:00.733Z",
"imageName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:9dd1b7719d2a52910d7860f22d038ab57e1d3aa5274a3d0850112394fdf4aec0",
"imageID": "90e290196294063f8638cbc4e4c8f1db669a0b2ff67ac2c3d6612e6f783ffbd3",
"effect": "alert",
"ruleName": "TV 1",
"msg": "Untrusted by rule TV 1",
"count": 1,
"accountID": "twistlock-test-247119",
"cluster": "openshift-v1-22-89e95cb9-cri-o-1-22-5-14-rhaos4-9-git80a8e67-el8-u-openshift-370392"
},
{
"_id": "quay.io/openshift-release-dev/ocp-v4.0-art-dev",
"time": "2022-11-22T17:45:14.196Z",
"imageName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c3f8fe342716c0d9ba925a65f6f234e5c4d9670e7ea84bd227cf2af454dd4f0d",
"imageID": "0fad6b33183ae7dbd050b095bdd1d004911ba8f49d08104d513f4e0e1ee460b1",
"effect": "alert",
"ruleName": "TV 1",
"msg": "Untrusted by rule TV 1",
"count": 1,
"accountID": "twistlock-test-247119",
"cluster": "openshift-v1-22-89e95cb9-cri-o-1-22-5-14-rhaos4-9-git80a8e67-el8-u-openshift-370392"
}
]
}
}
}
Request
Query Parameters
Offsets the result to a specific report count. Offset starts from 0.
Limit is the amount to fix.
Sorts the result using a key.
Sorts the result in reverse order.
From is an optional minimum time constraints for the audit.
To is an optional maximum time constraints for the audit.
RuleNames is used to filter by rulename.
Effect is used to filter by runtime audit effect (block/alert).
IDs is used to filter by registry/repo.
Responses
- 200
- default
- application/json
- Schema
- Example (from schema)
Schema
- Array [
- Array [
- ]
- ]
ProfileID is the runtime profile ID.
audits object
Audits is a map from trust status (audits are only for untrusted type) to the audit events list.
property name* shared.TrustRegistryRepoAudits
TrustRegistryRepoAudits represents the trust registry/repo audits per profile
audits object[]
Audits are the trust audits associated with the registry/repo, limited to the determined capacity.
ID is the registry-repo of the created container.
AccountID is the cloud account ID where the audit was generated.
Cluster is the cluster where the audit was generated.
Count is the number of times this audit occurred.
Possible values: [ignore,alert,block
]
Effect specifies relevant action for a vulnerability
ImageID is the container image id.
ImageName is the container image name.
Message is the blocking message text.
If blocked, contains the name of the rule that was applied.
Time is the UTC time of the audit event.
Count is the total count of the sub-type audits.
Cluster is the cluster from which the audit originated.
Collections are collections to which this audit applies.
ImageName is the container image name.
Label represents the container deployment label.
OS is the operating system distribution.
resource object
RuntimeResource represents on which resource in the system a rule applies (e.g., specific host or image) Empty resource or wildcard (*) represents all resources of a given type
List of account IDs.
List of application IDs.
List of Kubernetes cluster names.
List of containers.
List of functions.
List of hosts.
List of images.
List of labels.
List of Kubernetes namespaces.
Time is the UTC time of the last audit event.
Total is the total count of audits per runtime profile.
[
{
"_id": "string",
"audits": {},
"cluster": "string",
"collections": [
"string"
],
"imageName": "string",
"label": "string",
"os": "string",
"resource": {
"accountIDs": [
"string"
],
"appIDs": [
"string"
],
"clusters": [
"string"
],
"containers": [
"string"
],
"functions": [
"string"
],
"hosts": [
"string"
],
"images": [
"string"
],
"labels": [
"string"
],
"namespaces": [
"string"
]
},
"time": "2024-07-29T15:51:28.071Z",
"total": 0
}
]