Get Raw Event Data

GET 
/search/event/raw/:id

Returns the audit event data for the specified ID as raw metadata.

Request

Path Parameters

id int64required

Audit Event ID

Responses

200

success

application/json; charset=UTF-8

Schema

Schema

account string
regionId int32
regionApiIdentifier string
eventTs int64
ingestionTs int64
subject string
type string

Possible values: [UNKNOWN, CREATE, READ, UPDATE, DELETE, LOGIN, TEST, AUDITD]

source string
name string
id int64
rawEvent object
object
objects object[]
Array [
account string
Account
region string
Region
vpc string
VCP
resource string
Resource
type string
Resource type
insert_ts int64
Insertion timestamp
cloudType string
Possible values: [ALL, AWS, AZURE, GCP, ALIBABA_CLOUD, OCI, OTHER, IBM]
Cloud type
apiName string
Resource API name
resourceApiId int32
Resource API ID
]
ip string
accessKey string
anomalyId string
accessKeyUsed boolean
subjectType string

Possible values: [AWS_OTHER, AZURE_OTHER, GCP_OTHER, AWS_IAM_USER, AWS_ROOT, AWS_ASSUMED_ROLE, AWS_ROLE, GCP_USER, GCP_SERVICE_ACCOUNT, AZURE_AD_USER, AZURE_APPLICATION, AWS_ACCOUNT, AWS_SERVICE, AWS_FEDERATED_USER, AWS_SAML_USER, AWS_WEB_IDENTITY_USER, AWS_DIRECTORY]

role string
reasonIds int32[]
flaggedFeature string
cityId int32
cityName string
stateId int32
stateName string
countryId int32
countryName string
cityLatitude double
cityLongitude double
timezone string
success boolean
internal boolean
userAgentOs object
id int32
name string
hash int32
userAgentBrowser object
id int32
name string
hash int32
dynamicData object
property name* object
object
location string
os string
notPersisted boolean
browser string
accountName string
regionName string

Example (from schema)

{
  "account": "string",
  "regionId": 0,
  "regionApiIdentifier": "string",
  "eventTs": 0,
  "ingestionTs": 0,
  "subject": "string",
  "type": "UNKNOWN",
  "source": "string",
  "name": "string",
  "id": 0,
  "rawEvent": {},
  "objects": [
    {
      "account": "string",
      "region": "string",
      "vpc": "string",
      "resource": "string",
      "type": "string",
      "insert_ts": 0,
      "cloudType": "ALL",
      "apiName": "string",
      "resourceApiId": 0
    }
  ],
  "ip": "string",
  "accessKey": "string",
  "anomalyId": "string",
  "accessKeyUsed": true,
  "subjectType": "AWS_OTHER",
  "role": "string",
  "reasonIds": [
    0
  ],
  "flaggedFeature": "string",
  "cityId": 0,
  "cityName": "string",
  "stateId": 0,
  "stateName": "string",
  "countryId": 0,
  "countryName": "string",
  "cityLatitude": 0,
  "cityLongitude": 0,
  "timezone": "string",
  "success": true,
  "internal": true,
  "userAgentOs": {
    "id": 0,
    "name": "string",
    "hash": 0
  },
  "userAgentBrowser": {
    "id": 0,
    "name": "string",
    "hash": 0
  },
  "dynamicData": {},
  "location": "string",
  "os": "string",
  "notPersisted": true,
  "browser": "string",
  "accountName": "string",
  "regionName": "string"
}

404

not_found

Loading...