The Distributed Cloud AIP Audit Log captures and displays events from both the Distributed Cloud AIP platform and the Distributed Cloud AIP API. For a list of the data that the Distributed Cloud AIP Audit Log captures, see Audit Log.
This method enables you to get audit logs that match selected parameters.
By default, the API will return 30 days of results. This can be changed in one of three ways:
from parameter. The API will return audit logs from the from date to the current date.until parameter. The API will return audit logs from 30 calendar days before the until date.from and until parameters. The API will return audit logs that match the selected timeframe.If there are more than 50 results in the query, then the API automatically paginates the results. The additional pages can be accessed through a token number that Distributed Cloud AIP provides.
NOTE
If you do not append parameters to this query, then Distributed Cloud AIP returns all audit logs. The results are paginated.
Get all audit logs from yyyy-mm-dd to yyyy-mm-dd.
https://api.threatstack.com/v2/auditlogs?from=2018-11-01&until=2018-11-05
NOTE
Results display in descending order, starting with the most recent date.
Get all audit logs for delete operations.
https://api.threatstack.com/v2/auditlogs?operation=delete
400:
from parameter needs to be before the until parameteruserID, must be written in lowercase. For example, useremail will not return the expected results, while userEmail will return the expected results.OK
Invalid
Unauthorized response
Rate limit hit
An internal error has occurred
{- "recs": [
- {
- "id": "string",
- "userEmail": "string",
- "userId": "string",
- "organizationId": "string",
- "result": "success",
- "crud": "create",
- "action": "string",
- "source": "api",
- "description": "string",
- "eventTime": "string",
- "context": { }
}
], - "token": "string"
}