List Audit Trail
Returns a list of actions performed by a privileged account acting as privileged user, given a period of time.
Last updated
Was this helpful?
Returns a list of actions performed by a privileged account acting as privileged user, given a period of time.
Last updated
Was this helpful?
Available on Agent 2.55.0 and above.
The pagination
field will be returned (displayed) only if the response returns 50 or more items.
Pagination object definition:
• before
: This is the opaque url-safe string that points to the start of the page of data that has been returned.
• after
: This is the opaque url-safe string that points to the end of the page of data that has been returned.
Roles for which audit trail can be exported. It retrieves the audit trail of all writing actions performed by Admin and Compliance users acting as a privileged user, via privileged account audit trail APIs.
User Provisioning (USER_PROVISIONING
)
Content Management (CONTENT_MANAGEMENT
)
Expression Filter Policy Management (EF_POLICY_MANAGEMENT
)
SCO (SUPER_COMPLIANCE_OFFICER
)
CO (COMPLIANCE_OFFICER
)
Super admin (SUPER_ADMINISTRATOR
)
Admin (ADMINISTRATOR
)
L1 (L1_SUPPORT
)
L2 (L2_SUPPORT
)
Scope Manager (SCOPE_MANAGEMENT
).
🚧 Required Roles and PermissionsCalling this endpoint requires a Service Account with the Audit Trail Management role. See Permissions for a list of roles and associated privileges.
Suppose we have an initial call. It will be returned only after the response because there is no before records. `https://acme.symphony.com/agent/v1/audittrail/privilegeduser?startTimestamp=1553264312000&limit=1
after
(next)
https://acme.symphony.com/agent/v1/audittrail/privilegeduser?startTimestamp=1553264312000&limit=1&after=1
after
(next again)
https://acme.symphony.com/agent/v1/audittrail/privilegeduser?startTimestamp=1553264312000&limit=1&after=2
before
(previous)
https://acme.symphony.com/agent/v1/audittrail/privilegeduser?startTimestamp=1553264312000&limit=1&before=3
Last page (aka no more records to fetch), before the response. Note that we did not set the limit on this example, so it is using the default limit=50
https://acme.symphony.com/agent/v1/audittrail/privilegeduser?startTimestamp=1553264312000&after=127
https://acme.symphony.com/agent/v1/audittrail/privilegeduser?startTimestamp=1553264312000&limit=5&initiatorId=7215545057307
The response will return only events generated by this initiatorId
Returns only events generated by a particular role. ´https://acme.symphony.com/agent/v1/audittrail/privilegeduser?startTimestamp=1553264312000&limit=5&role=ADMNISTRATOR
The API returns an error when the period (startTimestamp - endTimstamp) is greater than 30 days.
Get a list of actions performed by a privileged account acting as privileged user given a period of time.
/v1/audittrail/privilegeduser
Start timestamp in unix timestamp in millseconds.
End timestamp in unix timestamp in millseconds. If not specified, it assumes to be current time.
Return results from an opaque “before” cursor value as presented via a response cursor.
Return results from an opaque “after” cursor value as presented via a response cursor.
Max No. of violations to return. If no value is provided, 50 is the default. Some maximums for limit may be enforced for performance reasons. The maximum supported value is 500.
If present, only the initiator with this initiator <user id> will be returned.
If present, only the audit trail initiated by s user with privileged role acting as privileged user will be returned. Privileged eliglible roles: User Provisioning (USER_PROVISIONING), Content Management (CONTENT_MANAGEMENT), Expression Filter Policy Management (EF_POLICY_MANAGEMENT), SCO (SUPER_COMPLIANCE_OFFICER), CO (COMPLIANCE_OFFICER), Super admin (SUPER_ADMINISTRATOR), Admin (ADMINISTRATOR), L1 (L1_SUPPORT), L2 (L2_SUPPORT), Scope Manager (SCOPE_MANAGEMENT)
Session authentication token.
Key Manager authentication token.