Security Log

Use this resource to receive security log entries. Security logs include information about events such as login actions and creating, updating, and deleting users, user groups, and roles. To use this resource, you must be logged in with an administrator role

GET Request

To request entries for the last 24 hours with a maximum of 200 entries, use the following URI.

/public/core/v3/securityLog

Alternatively, you can use query parameters to specify which entries to return. For example, the following URI returns entries created on July 26, 2019 between 8:00AM and 5:00PM:

/public/core/v3/securityLog?q=entryTime>="2019-07-26T08:00:00.000Z";entryTime<="2019-07-26T17:00:00.000Z"

You can include the following query parameters in the URI:

Parameter

Type

Description

entryTime

String

Start time or end time of the entry in UTC format.
Use one of the following formats:

  • yyyy-MM-dd'T'HH:mm:ss'Z'
    
  • yyyy-MM-dd'T'HH:mm:ssZ
    
  • yyyy-MM-dd'T'HH:mm:ss.SSS'Z'
    
  • yyyy-MM-dd'T'HH:mm:ss.SSSZ 
    

The maximum date range is 14 days.
You can use the following operators:

  • <=
    
  • =>
    
  • >
    
  • ==
    
  • != 
    

Default is to return entries for the last 24 hours with a maximum of 200.

actionCategory

String

Category of the security log entry.
You can use the following operators:

  • ==
    
  • != 
    

To use this query parameter, you must also include a valid time range using the entryTime query parameter.

actor

String

User name who performed the action.
You can use the following operators:

  • ==
    
  • != 
    

To use this query parameter, you must also include a valid time range using the entryTime query parameter.

objectName

String

Name of the object acted upon.
You can use the following operators:

  • ==
    
  • != 
    

To use this query parameter, you must also include a valid time range using the entryTime query parameter.

skip

Int

Number of records to skip.
To use this query parameter, you must also include a valid time range using the entryTime query parameter.

Default is 0.

limit

Int

Number of entries to include in the response.
You can specify a minimum of 100 and maximum of 1000.
Default is 200.

GET Response

Returns a securityLogEntry object for each security log entry returned. Returns the error object if errors occur.

The securityLogEntry object includes the following attributes:

Field

Type

Description

id

String

Security log entry ID.

orgId

String

Organization ID.

actor

String

User who performed the action.

entryTime

String

Time the action occurred.

objectId

String

ID of the object used.

objectName

String

Name of the object used.

actionCategory

String

Category of security log entry. Returns one of the following codes:

  • Authentication
    
  • Organization
    
  • User
    
  • User group
    
  • Role 
    

actionEvent

String

Type of action performed. Returns one of the following codes:

  • CREATE
    
  • UPDATE
    
  • DELETE
    
  • DISABLE
    
  • AGENT_LOGIN
    
  • USER_LOGIN
    
  • LOGOUT
    
  • PASSWORD_RESET 
    

GET Example

To view entries for the actions that the user "admin" performed on July 26, 2019 between 8:00AM and 5:00PM, you might use the following URI:

GET <baseApiUrl>/public/core/v3/securityLog?q=entryTime>="2019-07-26T08:00:00.000Z";entryTime<="2019-07-26T17:00:00.000Z";actor=='admin'
Content-Type: application/json
Accept: application/json
INFA-SESSION-ID: <sessionId>

The response might look similar to the following example:

{
    "entries": [
        {
        "id": "1AoqT9lYsrUhu7kl49kGsx",
        "orgId": "9l10ywsSnqadMx1NtEEbKT",
        "actor": "admin",
        "entryTime": "2019-07-23T22:28:07.000Z",
        "objectId": "9l10ywsSnqadMx1NtEEbKT",
        "objectName": "idsv3_org_1563920884151",
        "actionCategory": "Organization",
        "actionEvent": "CREATE"
        },
        {
        "id": "595EZai5YqFi6X8GIpVVu0",
        "orgId": "9l10ywsSnqadMx1NtEEbKT",
        "actor": "admin",
        "entryTime": "2019-07-23T22:28:13.000Z",
        "objectId": "9pieratUfEWkhFHnzY1r49",
        "objectName": "idsv3_user_1563920884151",
        "actionCategory": "User",
        "actionEvent": "CREATE"
         }
    ]
}