Get Audit trails
The endpoint returns a paginated list of audits of the pod depending on input parameters such as the categories of audits, time interval etc. Each page can contain up to 100 audits.
This operation returns paginated list of audit trail events. You can narrow down search results by specifying categories, action, originating userId, attribute, groupId, authorization role, streamId, affected userId, temporary authId, disclaimerId or policyId parameter. Pages can contain up to 100 records. This operation returns only audits for the categories the requester is entitled to.
start range date restriction. Date must be formatted the following way: yyyy-MM-dd'T'HH:mm:ss.SSS'Z'
end range date restriction. Date must be formatted the following way: yyyy-MM-dd'T'HH:mm:ss.SSS'Z'
List of Audit Trail categories restriction
login,malwarescan"Affected User Id" filter single value restriction
"Originating User Id" filter single value restriction (a.k.a. "Performed by)"
"Action Id" filter single value restriction
"Attribute" filter single value restriction
"Group Id" filter single value restriction (used by Info barrier, Role Scope...)
"Authorization Role" filter single value restriction
"Stream Id" filter single value restriction (using either Base64 or Base64URL encoding)
"Policy Id" filter single value restriction
"Application Id" filter single value restriction
"Temporary Authorization Id" filter single value restriction
"Disclaimer Id" filter single value restriction
Used format for output date values. Possible values: STANDARD_AT_ACP_DATE - MM-dd-YYYY - as historically used in Symphony Audit Trails or anything supported by java11 DateTimeFormatter (https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/time/format/DateTimeFormatter.html) BASIC_ISO_DATE ISO_DATE ISO_DATE_TIME ISO_INSTANT ISO_LOCAL_DATE ISO_LOCAL_DATE_TIME ISO_LOCAL_TIME ISO_OFFSET_DATE ISO_OFFSET_DATE_TIME ISO_OFFSET_TIME ISO_ORDINAL_DATE ISO_TIME ISO_WEEK_DATE ISO_ZONED_DATE_TIME RFC_1123_DATE_TIME any supported date/time pattern - YYYYMMddHHmmss, ....
STANDARD_AT_ACP_DATESpecifies the maximum number of objects to return. It is possible that fewer than the specified number is returned, either due to reaching the end of the record set or due to data access rules that filter results of the back end query. The number of returned objects should not be used to determine if there are more objects to retrieve. Instead, the presence of the "next" and "previous" (see below) fields should be used.
100Cursor value that specifies that the returned page of data should consist of records that come before this cursor value (essentially the "previous" page).
Cursor value that specifies that the returned page of data should consist of records that come after this cursor value (essentially the "next" page).
GET /at2/v1/audits?categories=login%2Cmalwarescan HTTP/1.1
Host: youraudittrailURL.symphony.com
Accept: */*
{
"pagination": {
"next": "next",
"cursors": {
"before": "before",
"after": "after"
},
"previous": "previous"
},
"data": [
{
"createdDate": "2000-01-23T04:56:07.000+00:00",
"details": [
{
"complexValue": [
{
"value": "value",
"key": "key"
},
{
"value": "value",
"key": "key"
}
],
"value": "value",
"key": "key"
},
{
"complexValue": [
{
"value": "value",
"key": "key"
},
{
"value": "value",
"key": "key"
}
],
"value": "value",
"key": "key"
}
],
"id": "id",
"category": "category"
},
{
"createdDate": "2000-01-23T04:56:07.000+00:00",
"details": [
{
"complexValue": [
{
"value": "value",
"key": "key"
},
{
"value": "value",
"key": "key"
}
],
"value": "value",
"key": "key"
},
{
"complexValue": [
{
"value": "value",
"key": "key"
},
{
"value": "value",
"key": "key"
}
],
"value": "value",
"key": "key"
}
],
"id": "id",
"category": "category"
}
],
"warnings": [
{
"code": "code",
"message": "message"
},
{
"code": "code",
"message": "message"
}
]
}Last updated
Was this helpful?