Use this resource to receive security log entries. Security logs include information about events such as login actions and creating, updating, and deleting users, user groups, and roles. To use this resource, you must be logged in with an administrator role
GET Request
To request entries for the last 24 hours with a maximum of 200 entries, use the following URI.
/public/core/v3/securityLog
Alternatively, you can use query parameters to specify which entries to return. For example, the following URI returns entries created on July 26, 2019 between 8:00AM and 5:00PM:
/public/core/v3/securityLog?q=entryTime>="2019-07-26T08:00:00.000Z";entryTime<="2019-07-26T17:00:00.000Z"
You can include the following query parameters in the URI:
| Parameter | Type | Description |
|---|---|---|
| entryTime | String | Start time or end time of the entry in UTC format. Use one of the following formats: yyyy-MM-dd'T'HH:mm:ss'Z' yyyy-MM-dd'T'HH:mm:ssZ yyyy-MM-dd'T'HH:mm:ss.SSS'Z' yyyy-MM-dd'T'HH:mm:ss.SSSZ The maximum date range is 14 days. You can use the following operators: * <= => > == * != Default is to return entries for the last 24 hours with a maximum of 200. |
| actionCategory | String | Category of the security log entry. You can use the following operators: == != To use this query parameter, you must also include a valid time range using the entryTime query parameter. |
| actor | String | User name who performed the action. You can use the following operators: == != To use this query parameter, you must also include a valid time range using the entryTime query parameter. |
| objectName | String | Name of the object acted upon. You can use the following operators: == != To use this query parameter, you must also include a valid time range using the entryTime query parameter. |
| skip | Int | Number of records to skip. To use this query parameter, you must also include a valid time range using the entryTime query parameter. Default is 0. |
| limit | Int | Number of entries to include in the response. You can specify a minimum of 100 and maximum of 1000. Default is 200. |
GET Response
Returns a securityLogEntry object for each security log entry returned. Returns the error object if errors occur.
The securityLogEntry object includes the following attributes:
| Field | Type | Description |
|---|---|---|
| id | String | Security log entry ID. |
| orgId | String | Organization ID. |
| actor | String | User who performed the action. |
| entryTime | String | Time the action occurred. |
| objectId | String | ID of the object used. |
| objectName | String | Name of the object used. |
| actionCategory | String | Category of security log entry. Returns one of the following codes: Authentication Organization User User group * Role |
| actionEvent | String | Type of action performed. Returns one of the following codes: CREATE UPDATE DELETE DISABLE AGENT_LOGIN USER_LOGIN LOGOUT PASSWORD_RESET |
GET Example
To view entries for the actions that the user "admin" performed on July 26, 2019 between 8:00AM and 5:00PM, you might use the following URI:
GET <baseApiUrl>/public/core/v3/securityLog?q=entryTime>="2019-07-26T08:00:00.000Z";entryTime<="2019-07-26T17:00:00.000Z";actor=='admin'
Content-Type: application/json
Accept: application/json
INFA-SESSION-ID: <sessionId>
The response might look similar to the following example:
{
"entries": [
{
"id": "1AoqT9lYsrUhu7kl49kGsx",
"orgId": "9l10ywsSnqadMx1NtEEbKT",
"actor": "admin",
"entryTime": "2019-07-23T22:28:07.000Z",
"objectId": "9l10ywsSnqadMx1NtEEbKT",
"objectName": "idsv3_org_1563920884151",
"actionCategory": "Organization",
"actionEvent": "CREATE"
},
{
"id": "595EZai5YqFi6X8GIpVVu0",
"orgId": "9l10ywsSnqadMx1NtEEbKT",
"actor": "admin",
"entryTime": "2019-07-23T22:28:13.000Z",
"objectId": "9pieratUfEWkhFHnzY1r49",
"objectName": "idsv3_user_1563920884151",
"actionCategory": "User",
"actionEvent": "CREATE"
}
]
}