Audit Logs

The Distributed Cloud AIP Audit Log captures and displays events from both the Distributed Cloud AIP platform and the Distributed Cloud AIP API. For a list of the data that the Distributed Cloud AIP Audit Log captures, see Audit Log.

Audit Logs

Overview

This method enables you to get audit logs that match selected parameters.

By default, the API will return 30 days of results. This can be changed in one of three ways:

  • By including only a from parameter. The API will return audit logs from the from date to the current date.
  • By including only an until parameter. The API will return audit logs from 30 calendar days before the until date.
  • By including from and until parameters. The API will return audit logs that match the selected timeframe.

If there are more than 50 results in the query, then the API automatically paginates the results. The additional pages can be accessed through a token number that Distributed Cloud AIP provides.

NOTE

If you do not append parameters to this query, then Distributed Cloud AIP returns all audit logs. The results are paginated.

Sample Queries

Get all audit logs from yyyy-mm-dd to yyyy-mm-dd.

https://api.threatstack.com/v2/auditlogs?from=2018-11-01&until=2018-11-05

NOTE

Results display in descending order, starting with the most recent date.

Get all audit logs for delete operations.

https://api.threatstack.com/v2/auditlogs?operation=delete

Error Handling Tips

400:

  • All queries require a valid date range. The from parameter needs to be before the until parameter
  • Parameters, with the exception of userID, must be written in lowercase. For example, useremail will not return the expected results, while userEmail will return the expected results.
Request
query Parameters
from
string

Limits the response to audit logs created after a given date

Format: ISO-8601 date and time.

until
string

Limits the response to audit logs created up to 30 calendar days before a given date

Format: ISO-8601 date and time.

userId
string

Limits the response to audit logs that match a specific user ID. This value can be found in the Distributed Cloud AIP UI > Settings > Keys.

userEmail
string

Limits the response to audit logs that match a specific email address used with Distributed Cloud AIP credentials. This value can be found in the Distributed Cloud AIP UI > Settings > Users.

result
string

Limits the response to audit logs that match up to two operation results.

Enum: "success" "failure"
operation
string

Limits the response to audit logs that match up to four actions taken on data

Enum: "create" "read" "update" "delete"
token
string

The Page token of the next set of results to retrieve. Responses display paginated results with up to 50 records per page.

If there are more than 50 search results, then you can append &token={token} to the query to access the next 50 results.

Responses
200

OK

400

Invalid

401

Unauthorized response

429

Rate limit hit

500

An internal error has occurred

get/auditlogs
Response samples
application/json
{
  • "recs": [
    ],
  • "token": "string"
}