Get The Next Event Search Page

POST 
/search/event/page

Returns the next page of search results, using a token provided from the previous page. Used for when there are over 100 search results for a given RQL query.

An initial request to perform an event search will return a data.nextPageToken that you can use as the initial pageToken.

Request

application/json; charset=UTF-8

Body

required

Audit event page parameters model

limit int32

Results per Page

pageToken string

Page Token

Responses

200

success

application/json; charset=UTF-8

Schema

Schema

totalRows int64
items object[]
Array [
account string
regionId int32
regionApiIdentifier string
eventTs int64
ingestionTs int64
subject string
type string
Possible values: [UNKNOWN, CREATE, READ, UPDATE, DELETE, LOGIN, TEST, AUDITD]
source string
name string
id int64
rawEvent object
object
objects object[]
Array [
account string
Account
region string
Region
vpc string
VCP
resource string
Resource
type string
Resource type
insert_ts int64
Insertion timestamp
cloudType string
Possible values: [ALL, AWS, AZURE, GCP, ALIBABA_CLOUD, OCI, OTHER, IBM]
Cloud type
apiName string
Resource API name
resourceApiId int32
Resource API ID
]
ip string
accessKey string
anomalyId string
accessKeyUsed boolean
subjectType string
Possible values: [AWS_OTHER, AZURE_OTHER, GCP_OTHER, AWS_IAM_USER, AWS_ROOT, AWS_ASSUMED_ROLE, AWS_ROLE, GCP_USER, GCP_SERVICE_ACCOUNT, AZURE_AD_USER, AZURE_APPLICATION, AWS_ACCOUNT, AWS_SERVICE, AWS_FEDERATED_USER, AWS_SAML_USER, AWS_WEB_IDENTITY_USER, AWS_DIRECTORY]
role string
reasonIds int32[]
flaggedFeature string
cityId int32
cityName string
stateId int32
stateName string
countryId int32
countryName string
cityLatitude double
cityLongitude double
timezone string
success boolean
internal boolean
userAgentOs object
id int32
name string
hash int32
userAgentBrowser object
id int32
name string
hash int32
dynamicData object
property name* object
object
location string
os string
notPersisted boolean
browser string
accountName string
regionName string
]
dynamicColumns string[]
nextPageToken string
infoMsg string
sortAllowedColumns string[]

Example (from schema)

{
  "totalRows": 0,
  "items": [
    {
      "account": "string",
      "regionId": 0,
      "regionApiIdentifier": "string",
      "eventTs": 0,
      "ingestionTs": 0,
      "subject": "string",
      "type": "UNKNOWN",
      "source": "string",
      "name": "string",
      "id": 0,
      "rawEvent": {},
      "objects": [
        {
          "account": "string",
          "region": "string",
          "vpc": "string",
          "resource": "string",
          "type": "string",
          "insert_ts": 0,
          "cloudType": "ALL",
          "apiName": "string",
          "resourceApiId": 0
        }
      ],
      "ip": "string",
      "accessKey": "string",
      "anomalyId": "string",
      "accessKeyUsed": true,
      "subjectType": "AWS_OTHER",
      "role": "string",
      "reasonIds": [
        0
      ],
      "flaggedFeature": "string",
      "cityId": 0,
      "cityName": "string",
      "stateId": 0,
      "stateName": "string",
      "countryId": 0,
      "countryName": "string",
      "cityLatitude": 0,
      "cityLongitude": 0,
      "timezone": "string",
      "success": true,
      "internal": true,
      "userAgentOs": {
        "id": 0,
        "name": "string",
        "hash": 0
      },
      "userAgentBrowser": {
        "id": 0,
        "name": "string",
        "hash": 0
      },
      "dynamicData": {},
      "location": "string",
      "os": "string",
      "notPersisted": true,
      "browser": "string",
      "accountName": "string",
      "regionName": "string"
    }
  ],
  "dynamicColumns": [
    "string"
  ],
  "nextPageToken": "string",
  "infoMsg": "string",
  "sortAllowedColumns": [
    "string"
  ]
}

Loading...