List Audit Trail

Returns a list of actions performed by a privileged account acting as privileged user, given a period of time.

Available on Agent 2.55.0 and above.

Get a list of actions performed by a privileged account acting as privileged user given a period of time.

get

Get a list of actions performed by a privileged account acting as privileged user given a period of time.

Query parameters

startTimestampinteger · int64Required

Start timestamp in unix timestamp in millseconds.

endTimestampinteger · int64Optional

End timestamp in unix timestamp in millseconds. If not specified, it assumes to be current time.

beforestringOptional

Return results from an opaque “before” cursor value as presented via a response cursor.

afterstringOptional

Return results from an opaque “after” cursor value as presented via a response cursor.

limitintegerOptional

Max No. of violations to return. If no value is provided, 50 is the default. Some maximums for limit may be enforced for performance reasons. The maximum supported value is 500.

initiatorIdinteger · int64Optional

If present, only the initiator with this initiator will be returned.

rolestringOptional

If present, only the audit trail initiated by s user with privileged role acting as privileged user will be returned. Privileged eliglible roles: User Provisioning (USER_PROVISIONING), Content Management (CONTENT_MANAGEMENT), Expression Filter Policy Management (EF_POLICY_MANAGEMENT), SCO (SUPER_COMPLIANCE_OFFICER), CO (COMPLIANCE_OFFICER), Super admin (SUPER_ADMINISTRATOR), Admin (ADMINISTRATOR), L1 (L1_SUPPORT), L2 (L2_SUPPORT), Scope Manager (SCOPE_MANAGEMENT)

Header parameters

sessionTokenstringRequired

Session authentication token.

keyManagerTokenstringOptional

Key Manager authentication token.

Responses

200

application/json

204

No Messages.

400

Client error, see response body for further details.

application/json

401

Unauthorized: Session tokens invalid.

application/json

403

Forbidden: Caller lacks necessary entitlement.

application/json

500

Server error, see response body for further details.

application/json

get

/v1/audittrail/privilegeduser

GET /agent/v1/audittrail/privilegeduser?startTimestamp=1 HTTP/1.1
Host: youragentURL.symphony.com
sessionToken: text
Accept: */*

{
  "items": [
    {
      "action": "text",
      "actionName": "text",
      "timestamp": "text",
      "initiatorId": "text",
      "initiatorUsername": "text",
      "initiatorEmailAddress": "text"
    }
  ],
  "pagination": {
    "cursors": {
      "before": "MTAxNTExOTQ1MjAwNzI5NDE=",
      "after": "NDMyNzQyODI3OTQw"
    },
    "previous": "https://tenantapi.d.isym.io/v1/tenantinfo?limit=25&before=MTAxNTExOTQ1MjAwNzI5NDE=",
    "next": "https://tenantapi.d.isym.io/v1/tenantinfo?limit=25&after=NDMyNzQyODI3OTQw"
  }
}

Pagination

The pagination field will be returned (displayed) only if the response returns 50 or more items.

Pagination object definition:

• before: This is the opaque url-safe string that points to the start of the page of data that has been returned. • after: This is the opaque url-safe string that points to the end of the page of data that has been returned.

Privileged Eligible Roles

Roles for which audit trail can be exported. It retrieves the audit trail of all writing actions performed by Admin and Compliance users acting as a privileged user, via privileged account audit trail APIs.

User Provisioning (USER_PROVISIONING)
Content Management (CONTENT_MANAGEMENT)
Expression Filter Policy Management (EF_POLICY_MANAGEMENT)
SCO (SUPER_COMPLIANCE_OFFICER)
CO (COMPLIANCE_OFFICER)
Super admin (SUPER_ADMINISTRATOR)
Admin (ADMINISTRATOR)
L1 (L1_SUPPORT)
L2 (L2_SUPPORT)
Scope Manager (SCOPE_MANAGEMENT).

🚧 Required Roles and Permissions
Calling this endpoint requires a Service Account with the Audit Trail Management role. See Permissions for a list of roles and associated privileges.

Examples of Usage

before and after

Suppose we have an initial call. It will be returned only after the response because there is no before records. `https://acme.symphony.com/agent/v1/audittrail/privilegeduser?startTimestamp=1553264312000&limit=1

{
    "items": [
        {
            "action": "RSA Key Added",
            "actionName": "rsaKeyAdded",
            "initiatorId": 7215545057307,
            "initiatorUsername": "bob.smith",
            "initiatorEmailAddress": "[email protected]",
            "affectedId": 7215545222851,
            "affectedUsername": "account.test",
            "affectedEmailAddress": "[email protected]",
            "authorizationRoles": [
                "SUPER_ADMINISTRATOR"
            ],
            "timestamp": 1555510357831
        }
    ],
    "pagination": {
        "cursors": {
            "after": "1"
        },
        "next": "/agent/v1/audittrail/privilegeduser?&startTimestamp=1553264312000&limit=1&after=1"
    }
n

after (next) https://acme.symphony.com/agent/v1/audittrail/privilegeduser?startTimestamp=1553264312000&limit=1&after=1

{
    "items": [
        {
            "action": "Service Account Created",
            "actionName": "createServiceAccount",
            "initiatorId": 7215545057307,
            "initiatorUsername": "bob.smith",
            "initiatorEmailAddress": "[email protected]",
            "affectedId": 7215545222851,
            "affectedUsername": "account.test",
            "affectedEmailAddress": "[email protected]",
            "authorizationRoles": [
                "SUPER_ADMINISTRATOR"
            ],
            "timestamp": 1555510357104
        }
    ],
    "pagination": {
        "cursors": {
            "before": "2",
            "after": "2"
        },
        "previous": "/agent/v1/audittrail/privilegeduser?&startTimestamp=1553264312000&limit=1&before=2",
        "next": "/agent/v1/audittrail/privilegeduser?&startTimestamp=1553264312000&limit=1&after=2"
    }
}

after (next again) https://acme.symphony.com/agent/v1/audittrail/privilegeduser?startTimestamp=1553264312000&limit=1&after=2

{
    "items": [
        {
            "action": "Enabled EF Enforcement",
            "actionName": "enabledEfEnforcement",
            "initiatorId": 7215545057307,
            "initiatorUsername": "bob.smith",
            "initiatorEmailAddress": "[email protected]",
            "authorizationRoles": [
                "EF_POLICY_MANAGEMENT"
            ],
            "timestamp": 1555505109178
        }
    ],
    "pagination": {
        "cursors": {
            "before": "3",
            "after": "3"
        },
        "previous": "/agent/v1/audittrail/privilegeduser?&startTimestamp=1553264312000&limit=1&before=3",
        "next": "/agent/v1/audittrail/privilegeduser?&startTimestamp=1553264312000&limit=1&after=3"
    }
}

before (previous) https://acme.symphony.com/agent/v1/audittrail/privilegeduser?startTimestamp=1553264312000&limit=1&before=3

{
    "items": [
        {
            "action": "Service Account Created",
            "actionName": "createServiceAccount",
            "initiatorId": 7215545057307,
            "initiatorUsername": "bob.smith",
            "initiatorEmailAddress": "[email protected]",
            "affectedId": 7215545222851,
            "affectedUsername": "account.test",
            "affectedEmailAddress": "[email protected]",
            "authorizationRoles": [
                "SUPER_ADMINISTRATOR"
            ],
            "timestamp": 1555510357104
        }
    ],
    "pagination": {
        "cursors": {
            "before": "2",
            "after": "2"
        },
        "previous": "/agent/v1/audittrail/privilegeduser?&startTimestamp=1553264312000&limit=1&before=2",
        "next": "/agent/v1/audittrail/privilegeduser?&startTimestamp=1553264312000&limit=1&after=2"
    }
}

Last page (aka no more records to fetch), before the response. Note that we did not set the limit on this example, so it is using the default limit=50 https://acme.symphony.com/agent/v1/audittrail/privilegeduser?startTimestamp=1553264312000&after=127

{
    "items": [
        {
            "action": "End-user account created",
            "actionName": "createUser",
            "initiatorId": 7215545069230,
            "initiatorUsername": "bob.smith",
            "initiatorEmailAddress": "[email protected]",
            "affectedId": 7215545221479,
            "affectedUsername": "account.test",
            "affectedEmailAddress": "[email protected]",
            "authorizationRoles": [
                "SUPER_ADMINISTRATOR"
            ],
            "timestamp": 1553277265644
        },
        {
            "action": "Added Member",
            "actionName": "addedMember",
            "attribute": "[email protected]",
            "initiatorId": 7215545069230,
            "initiatorUsername": "bob.smith",
            "initiatorEmailAddress": "[email protected]",
            "affectedId": 7215545057281,
            "affectedUsername": "[email protected]",
            "affectedEmailAddress": "[email protected]",
            "threadId": "UX2HkxQ2B4vs5qFkqs8jFX%2F%2F%2FpZryRyXdA%3D%3D",
            "scope": "Internal",
            "authorizationRoles": [
                "SUPER_COMPLIANCE_OFFICER"
            ],
            "conversationType": "Room",
            "timestamp": 1553273839863
        }
    ],
    "pagination": {
        "cursors": {
            "before": "128"
        },
        "previous": "/agent/v1/audittrail/privilegeduser?&startTimestamp=1553264312000&before=128"
    }
}

initiatorId

https://acme.symphony.com/agent/v1/audittrail/privilegeduser?startTimestamp=1553264312000&limit=5&initiatorId=7215545057307

The response will return only events generated by this initiatorId

role

Returns only events generated by a particular role. ´https://acme.symphony.com/agent/v1/audittrail/privilegeduser?startTimestamp=1553264312000&limit=5&role=ADMNISTRATOR

{
    "items": [
        {
            "action": "Profile info update",
            "actionName": "profileInfoUpdate",
            "attribute": "roles",
            "newValue": "[Individual,Administrator]",
            "oldValue": "[Individual]",
            "initiatorId": 7215545222842,
            "initiatorUsername": "bob.smith",
            "initiatorEmailAddress": "[email protected]",
            "affectedId": 7215545222843,
            "affectedUsername": "account.test",
            "affectedEmailAddress": "[email protected]",
            "authorizationRoles": [
                "ADMINISTRATOR"
            ],
            "timestamp": 1555437274937
        },
        {
            "action": "Profile info update",
            "actionName": "profileInfoUpdate",
            "attribute": "roles",
            "newValue": "[Individual,Administrator]",
            "oldValue": "[Individual]",
            "initiatorId": 7215545222800,
            "initiatorUsername": "bob.smith_3",
            "initiatorEmailAddress": "[email protected]",
            "affectedId": 7215545222801,
            "affectedUsername": "account.test_3",
            "affectedEmailAddress": "[email protected]",
            "authorizationRoles": [
                "ADMINISTRATOR"
            ],
            "timestamp": 1555264469483
        }
    ],
    "pagination": {
        "cursors": {
            "after": "1"
        },
        "next": "/agent/v1/audittrail/privilegeduser?&startTimestamp=1553264312000&limit=3&role=ADMINISTRATOR&after=1"
    }
}

startTimestamp

The API returns an error when the period (startTimestamp - endTimstamp) is greater than 30 days.

{
  "code": 400,
  "message": "\"Max of 30 days is allowed per request.\"",
  "details": "Max of 30 days is allowed per request."
}

Last updated 3 months ago

Was this helpful?

hashtagGet a list of actions performed by a privileged account acting as privileged user given a period of time.

hashtagPagination

hashtagPrivileged Eligible Roles

hashtag🚧 Required Roles and Permissions

hashtagExamples of Usage

hashtagbefore and after

hashtaginitiatorId

hashtagrole

hashtagstartTimestamp

Get a list of actions performed by a privileged account acting as privileged user given a period of time.

Pagination

Privileged Eligible Roles

🚧 Required Roles and Permissions

Examples of Usage

before and after

initiatorId

role

startTimestamp