This method enables you to get audit logs that match selected parameters.
By default, the API will return 30 days of results. This can be changed in one of three ways:
from
parameter. The API will return audit logs from the from
date to the current date.until
parameter. The API will return audit logs from 30 calendar days before the until
date.from
and until
parameters. The API will return audit logs that match the selected timeframe.If there are more than 50 results in the query, then the API automatically paginates the results.
The additional pages can be accessed through a token
number that Threat Stack provides.
Note:
If you do not append parameters to this query, then Threat Stack returns all audit logs. The results are paginated.
Get all audit logs from November 1 to November 5.
https://api.threatstack.com/v2/auditlogs?from=2018-11-01&until=2018-11-05
Note:
Results display in descending order, starting with the most recent date.
Get all audit logs for delete operations.
https://api.threatstack.com/v2/auditlogs?operation=delete
400:
from
parameter needs to be before the until
parameteruserID
, must be written in lower case or they donot return the expected results. For example, useremail
will not return the expected results, while userEmail
will return the expected results.{- "recs": [
- {
- "id": "string",
- "userEmail": "string",
- "userId": "string",
- "organizationId": "string",
- "result": "success",
- "crud": "create",
- "action": "string",
- "source": "api",
- "description": "string",
- "eventTime": "string",
- "context": { }
}
], - "token": "string"
}