Get Audit Trail Stream

The endpoint returns streamed list of audit trail events of the pod depending on input parameters such as the categories of audits, time interval etc. Pages can contain an unlimited number of records.

Last updated 1 year ago

Was this helpful?

Get Audit Trail Stream

This operation returns streamed list of audit trail events. You can narrow down search results by specifying categories, action, originating userId, attribute, groupId, authorization role, streamId, affected userId, temporary authId, disclaimerId or policyId parameter. Pages can contain an unlimited number of records. This operation returns only audits for the categories the requester is entitled to.

get

/v1/audits/stream

Query parameters

startDatestring

start range date restriction. Date must be formatted the following way: yyyy-MM-dd'T'HH:mm:ss.SSS'Z'

endDatestring

end range date restriction. Date must be formatted the following way: yyyy-MM-dd'T'HH:mm:ss.SSS'Z'

categoriesstringrequired

List of Audit Trail categories restriction

Example: login,malwarescan

affectedUserIdstring

"Affected User Id" filter single value restriction

originatingUserIdstring

"Originating User Id" filter single value restriction (a.k.a. "Performed by)"

actionIdstring

"Action Id" filter single value restriction

attributestring

"Attribute" filter single value restriction

groupIdstring

"Group Id" filter single value restriction (used by Info barrier, Role Scope...)

authorizationRolestring

"Authorization Role" filter single value restriction

streamIdstring

"Stream Id" filter single value restriction (using either Base64 or Base64URL encoding)

policyIdstring

"Policy Id" filter single value restriction

applicationIdstring

"Application Id" filter single value restriction

tempAuthIdstring

"Temporary Authorization Id" filter single value restriction

disclaimerIdstring

"Disclaimer Id" filter single value restriction

dateFormatstring · default: STANDARD_AT_ACP_DATE

Used format for output date values.<br/> Possible values:<br/> <ul> <li>STANDARD_AT_ACP_DATE - MM-dd-YYYY - as historically used in Symphony Audit Trails</li> </ul> or anything supported by java11 DateTimeFormatter (https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/time/format/DateTimeFormatter.html)<br/> <ul> <li>BASIC_ISO_DATE</li> <li>ISO_DATE</li> <li>ISO_DATE_TIME</li> <li>ISO_INSTANT</li> <li>ISO_LOCAL_DATE</li> <li>ISO_LOCAL_DATE_TIME</li> <li>ISO_LOCAL_TIME</li> <li>ISO_OFFSET_DATE</li> <li>ISO_OFFSET_DATE_TIME</li> <li>ISO_OFFSET_TIME</li> <li>ISO_ORDINAL_DATE</li> <li>ISO_TIME</li> <li>ISO_WEEK_DATE</li> <li>ISO_ZONED_DATE_TIME</li> <li>RFC_1123_DATE_TIME</li> <li>any supported date/time pattern - YYYYMMddHHmmss, ....</li> </ul>

limitinteger · int32 · min: 1

Specifies the maximum number of objects to return. It is possible that fewer than the specified number is returned, either due to reaching the end of the record set or due to data access rules that filter results of the back end query. The number of returned objects should not be used to determine if there are more objects to retrieve. Instead, the presence of the "next" and "previous" (see below) fields should be used.

Header parameters

Content-Typestring · enum

Content-type expected in return

Options: text/csv

Responses

text/csv

application/json

cURL

JavaScript

Python

HTTP

curl -L \
  --url 'youraudittrailURL.symphony.com/at2/v1/audits/stream?categories=login%2Cmalwarescan'

200

400

401

403

404

No body

Success