post
/public_api/v1/audits/management_logs
Get audit management logs. - Response is concatenated using AND condition (OR is not supported). - Maximum result set size is 100. - Offset is the zero-based number of incidents from the start of the result set.
CURL
curl -X POST \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
"https://api-yourfqdn/public_api/v1/audits/management_logs" \
-d '{
"request_data" : {
"search_from" : 0,
"filters" : [ {
"field" : "email",
"value" : [ "value", "value" ],
"operator" : "in"
}, {
"field" : "email",
"value" : [ "value", "value" ],
"operator" : "in"
} ],
"sort" : {
"field" : "type",
"keyword" : "desc"
},
"search_to" : 6
}
}'
Response
{
"reply": {
"total_count": 1,
"result_count": 1,
"data": [
{
"AUDIT_ID": 1,
"AUDIT_OWNER_NAME": "User Name",
"AUDIT_OWNER_EMAIL": "username@paloaltonetworks.com",
"AUDIT_ASSET_JSON": "{}",
"AUDIT_ASSET_NAMES": "",
"AUDIT_HOSTNAME": "",
"AUDIT_RESULT": "SUCCESS",
"AUDIT_REASON": "",
"AUDIT_DESCRIPTION": "",
"AUDIT_ENTITY": "AUTH",
"AUDIT_ENTITY_SUBTYPE": "Login",
"AUDIT_SESSION_ID": 382303947890,
"AUDIT_CASE_ID": 473829372,
"AUDIT_INSERT_TIME": 1565074114053,
"AUDIT_SEVERITY": "SEV_020_LOW",
"AUDIT_LINK": null,
"AUDIT_SOURCE_IP": "31.174.156.148",
"AUDIT_USER_AGENT": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36",
"AUDIT_USER_ROLES": [
"Account Admin"
],
"AUDIT_ADDITIONAL_INFORMATION": {
"endpoint_names": [
"WIN-fgo6762G"
],
"endpoint_count": 1
}
}
]
}
}
Request
Body
optional
Note: You can send a request to retrieve either all or filtered results.
Example:
{"request_data":{"search_from":0,"search_to":19,"sort":{"field":"type","keyword":"asc"},"filters":[{"field":"type","operator":"in","value":["AUTH"]},{"field":"sub_type","operator":"in","value":["login"]},{"field":"result","operator":"in","value":["SUCCESS"]},{"field":"timestamp","operator":"lte","value":1565074114053}]}}
request_data
optional
A dictionary containing the API request fields.
An empty dictionary returns all results.
filters
optional
Array
Array of filter fields.
field
required
String
(Enum)
Filter is based on the following keywords:
email
: User's email address.type
: Type of audit log.sub_type
: Subtype of audit log.result
: Result type.timestamp
: Log timestamp.
Allowed values:
email
type
sub_type
result
timestamp
operator
required
String
(Enum)
Identifies the comparison operator you want to use for this filter. Valid keywords and values are:
in
email
,type
,sub_type
,result
: List of stringsgte
/lte
timestamp
: Integer in timestamp epoch milliseconds
Allowed values:
in
gte
lte
value
required
Array
of strings
Value that this filter must match.
timestamp
: Integer representing the number of milliseconds after the Unix epoch, UTC timezone.- All other fields require a string value. In the case of
in
operator, the value is an array.
search_from
optional
Integer
An integer representing the starting offset within the query result set from which you want management logs returned.
Management logs are returned as a zero-based list. Any log indexed less than this value is not returned in the final result set and defaults to zero.
search_to
optional
Integer
An integer representing the end offset within the result set after which you do not want management logs returned.
Logs in the management log list that are indexed higher than this value are not returned in the final results set. Defaults to 100, which returns all logs to the end of the list.
sort
optional
Identifies the sort order for the result set. By default the sort is defined as creation-time and desc.
field
required
String
(Enum)
The field you want to sort by.
Allowed values:
type
sub-type
result
keyword
required
String
(Enum)
Whether to sort in ascending or descending order.
Allowed values:
asc
desc
Responses