List audit trails
Returns a list of audit trails.
Query Parameters
- limit int64
Limits the size of the response on each page to the specified number of items.
- start string
Sets the page number used to browse the collection. Pages are indexed starting from 1 (i.e.,
?start=1
). - filter string
Narrows down the results to only the items that satisfy the filter criteria. The following table lists the supported filter fields for this resource and the filter conditions that can be applied on those fields:
For more information about filtering, refer to the Filtering section of this guide.Field Filter Condition Description start_timestamp $gte, $lt, $eq The start timestamp denotes the time filter for audit events (when the server received the request) $gte and $lt accept RFC-3999 timestamps and $eq accepts a unix timestamp denoting the offset from the current time. $eq takes precedence over both $gte and $lt so if $eq is used, the backend will use the relative time filter instead of absolute time filters.For example, ?filter={"start_timestamp":{"$eq":86400}}
category $in The category of the resource affected by an audit event. Possible values include authentication
,data_source
,policy
,protection
,restore
,tasks
,backup
,users
,api_tokens
,kms_config
,sso
,mfa
,reports
,alerts
,cloud_connector
,cloudformation_template
,bandwidth_config
,partner_ecosystem
, andecosystem_changes
. For example,?filter={"category":{"$in":["policy"]}}
action $in The action performed by the audit event. Possible values include create
,update
,delete
,enable
,disable
,browse
,search
,login
,logout
,register
,unregister
,refresh
,apply
,deploy
,remove
,invite
,suspend
,full_restore
, andgranular_restore
. For example,?filter={"action":{"$in":["login"]}}
status $in Whether or not the action succeeded. Possible values include success
,failure
, andpartial_success
. For example,?filter={"status":{"$in":["success"]}}
user_email $in The email address of the user performing the action For example, ?filter={"user_email":{"$in":["xyz@example.com"]}}
ip_address $eq The IP Address of the client making the request. For example, ?filter={"ip_address":{"$eq":"127.0.0.1"}}
primary_entity.id $in The system-generated IDs of the primary entities affected by the activity. For example, ?filter={"primary_entity.id":{"$in":["9c2934fc-ff4d-11e9-8e11-76706df7fe01"]}}
primary_entity.type $eq The type(s) of primary entities to filter on. For example, ?filter={"primary_entity.type":{"$in":["aws_ebs_volume"]}}
primary_entity.value $in The value(s) or name(s) to filter on. For example, the primary entity value associated with primary entity type "aws_ebs_volume" is "vol-0a5f2e52d6decd664" representing the name of the EBS volume. The filter supports substring search for all elements in the array For example, ?filter={"primary_entity.value":{"$in":["vol-0a"]}}
parent_entity.type $in The type(s) of the parent entities to filter on. For example, ?filter={"parent_entity.type":{"$in":["aws_environment"]}}
parent_entity.value $in The value(s) or name(s) associated with the parent entities affected by the compliance event. For example, the parent entity value associated with primary entity type "aws_ebs_volume" is "891106093485/us-west-2" representing the name of the AWS Account Region. For example, ?filter={"parent_entity.value":{"$in":["891106093485/us-west-2"]}}
parent_entity.id $in The system-generated IDs of the parent entities which are associated with the primary entity affected by the compliance event. For example, ?filter={"parent_entity.id":{"$in":["9c2934fc-ff4d-11e9-8e11-76706df7fe01"]}}
organizational_unit_id $eq The system-generated ID of the organizational unit whose audit trails are desired. For example, ?filter={"organizational_unit_id":{"$eq":"9c2934fc-ff4d-11e9-8e11-76706df7fe01"}}
- 200
- default
Success
- application/api.clumio.audit-trails=v1+json
- Schema
- Example (from schema)
Schema
_embedded object
_links object
- current_count int64
The number of items listed on the current page.
- filter_applied string
The filter used in the request. The filter includes both manually-specified and system-generated filters.
- limit int64
The maximum number of items displayed per page in the response.
- start string
The page number used to get this response. Pages are indexed starting from 1 (i.e.,
"start": "1"
). - total_count int64
The total number of items, summed across all pages.
- total_pages_count int64
The total number of pages of results.
{
"_embedded": {
"items": [
{
"action": "string",
"category": "string",
"details": "string",
"id": "string",
"interface": "string",
"ip_address": "string",
"parent_entity": {
"id": "string",
"type": "string",
"value": "string"
},
"primary_entity": {
"id": "string",
"type": "string",
"value": "string"
},
"status": "string",
"timestamp": "string",
"user_email": "string"
}
]
},
"_links": {
"_first": {
"href": "string",
"templated": true,
"type": "string"
},
"_last": {
"href": "string",
"templated": true,
"type": "string"
},
"_next": {
"href": "string",
"templated": true,
"type": "string"
},
"_prev": {
"href": "string",
"templated": true,
"type": "string"
},
"_self": {
"href": "string",
"templated": true,
"type": "string"
}
},
"current_count": 0,
"filter_applied": "string",
"limit": 0,
"start": "string",
"total_count": 0,
"total_pages_count": 0
}
Error
- application/json
- Schema
- Example (from schema)
Schema
errors object[]
{
"errors": [
{
"error_code": 0,
"error_message": "string"
}
]
}
GET /audit-trails
Authorization
Request
Request
curl -L -X GET 'https://us-west-2.api.clumio.com/audit-trails' \
-H 'Accept: application/api.clumio.audit-trails=v1+json' \
-H 'Authorization: Bearer <TOKEN>'
curl -L -X GET 'https://us-west-2.api.clumio.com/audit-trails' \
-H 'Accept: application/api.clumio.audit-trails=v1+json' \
-H 'Authorization: Bearer <TOKEN>'
curl -L -X GET 'https://us-west-2.api.clumio.com/audit-trails' \
-H 'Accept: application/api.clumio.audit-trails=v1+json' \
-H 'Authorization: Bearer <TOKEN>'
curl -L -X GET 'https://us-west-2.api.clumio.com/audit-trails' \
-H 'Accept: application/api.clumio.audit-trails=v1+json' \
-H 'Authorization: Bearer <TOKEN>'
curl -L -X GET 'https://us-west-2.api.clumio.com/audit-trails' \
-H 'Accept: application/api.clumio.audit-trails=v1+json' \
-H 'Authorization: Bearer <TOKEN>'
curl -L -X GET 'https://us-west-2.api.clumio.com/audit-trails' \
-H 'Accept: application/api.clumio.audit-trails=v1+json' \
-H 'Authorization: Bearer <TOKEN>'
curl -L -X GET 'https://us-west-2.api.clumio.com/audit-trails' \
-H 'Accept: application/api.clumio.audit-trails=v1+json' \
-H 'Authorization: Bearer <TOKEN>'