Symphony Messaging REST APIs
  • Symphony Messaging API Reference documentation
  • Endpoints Reference
    • Bots Authentication
      • Session Authenticate
      • Key Manager Authenticate
      • Session Authenticate (Cert)
      • Key Manager Authenticate (Cert)
      • Session Logout
      • Key Manager Logout
    • Apps Authentication
      • Authenticate App
      • Pod Certificate
    • Apps On Behalf Of (OBO)
      • API Endpoints for Apps
      • App Authentication
      • User Authentication by User ID
      • User Authentication by User Name
    • Info - Health Check
      • Health Check
      • Health Check Extended
      • Session User
      • Agent Info
      • Echo
    • Messages
      • Get Messages
      • Create Message
      • Blast Message
      • Attachment
      • Import Message
      • Update Message
      • Suppress Message
      • Message Search
      • Message Search
      • Message Status
      • Attachment Types
      • Get Message
      • List Attachments
      • List Message Receipts
      • Message Metadata
    • Datafeed - Real Time Events
      • Create Datafeed
      • Read Datafeed
      • List Datafeed
      • Delete Datafeed
    • Datahose - Pod Real Time Events
      • Datahose - Read Events
    • Streams - Conversations
      • Related to IMs
        • Create IM
        • Create IM non-inclusive
        • Update IM
        • IM Info
      • Related to Rooms
        • Room Attributes
        • Create Room
        • Update Room
        • Room Info
        • De/Re-activate Room
        • Room Members
        • Add Member
        • Remove Member
        • Promote Owner
        • Demote Owner
        • Search Rooms
      • All streams
        • Share Content
        • List User Streams
        • List User Streams (Admin)
        • Stream Info
        • List Streams for Enterprise
        • Stream Members
    • Signals
      • List Signals
      • Get Signal
      • Create Signal
      • Update Signal
      • Delete Signal
      • Subscribe Signal
      • Unsubscribe Signal
      • Suscribers
      • Signal Object
    • Connections
      • Get Connection
      • List Connection
      • Create Connection
      • Accept Connection
      • Reject Connection
      • Remove Connection
    • Presence
      • Get Presence
      • Get All Presence
      • Get User Presence
      • External Presence Interest
      • Set Presence
      • Set Other User's Presence - Admin
    • Users
      • Users Lookup
      • Search Users
      • Follow User
      • Unfollow User
      • List User Followers
      • List Users Followed
    • User Management
      • User Attributes Object
      • Password Object
      • Roles Object
      • UserKeyRequest Object
      • Get User
      • List Users
      • Create User
      • Update User
      • User Avatar
      • Update User Avatar
      • User Status
      • Update User Status
      • List Features
      • User Features
      • Update User Features
      • Find Users
      • List Roles
      • Add Role
      • Remove Role
      • List Audit Trail
      • Suspend User Account
      • Get Bot Manifest
      • Update Bot Manifest
    • User Sessions
      • List Sessions
      • Logout Session
      • Logout All Sessions
    • Groups - Distribution Lists
      • OAuth2 Authenticate
      • Add a new user to an existing group
      • Insert a new group
      • Retrieve a group
      • Update a group
      • List all groups of specified type
      • Update the group avatar
    • URI Protocols
      • Create Protocol
      • List Protocols
      • Delete Protocol
    • Manage Apps
      • Create App
      • Update App
      • Delete App
      • Get App
    • Apps Entitlements
      • List Apps
      • Update App Entitlements
      • List User Apps
      • Update User Apps
      • Update All User Apps
    • Disclaimers
      • Disclaimer
      • List Disclaimers
      • List Disclaimer Users
      • User Disclaimer
      • Update User Disclaimer
      • Unassign User Disclaimer
    • Delegates
      • User Delegates
      • Update User Delegates
    • Information Barrier Groups
      • List IB Groups
      • List IB Group Members
      • Add IB Group Members
      • Remove IB Group Members
      • List Policies
    • Certificates
      • Public (Signing) Certificate
      • List Company Certificates
      • Create Company Certificate
      • Delete Company Certificate
      • Company Certificate Details
      • List Verified Certificates
      • List Trusted Certificates
      • List Certificate Types
      • Update Company Certificate
    • Malware Scanner
      • Malware Scanner APIs
        • File Malware Scanner State
        • Update File Malware Scanner State
      • Customer Malware Scanner APIs
        • Malware Scanner Health
        • File Malware Scanner
    • DLP Dictionary & Policy Management
      • Overview
      • Dictionary Management endpoints
        • Create Dictionary
        • All Dictionaries
        • Specific Dictionary
        • Update Dictionary
        • Upload Dictionary Content
        • Download Dictionary Content
        • Delete Dictionary
      • V3 Policy Management endpoints
        • V3 Policy structure for Create/Update
        • V3 Create Policy
        • V3 All Policies
        • V3 Get Policy
        • V3 Update Policy
        • V3 Enable Policy
        • V3 Disable Policy
        • V3 Delete Policy
      • V3 Violations endpoints
        • V3 Violations - Sample Responses
        • V3 Violations - Special Scenarios of Attachments
        • V3 Message Violations
        • V3 Signal Violations
        • V3 Stream Violations
        • V3 Violation Attachment Download
    • Audit Trail 2
      • OAuth2 Authenticate
      • Get Audit trails
      • Get distinct values of a list of filters
      • Get Audit Trail Stream
      • Get categories permissions
    • Compliance Barrier Groups
      • Compliance Group Types
      • Compliance User Groups
        • List Compliance User Groups
        • Get a Compliance User Group
        • Create a Compliance User Group
        • Update a Compliance User Group
      • Compliance Group Assignments
        • List Assignments
        • List Compliance Group Assignments
        • Update a Compliance Group
      • Compliance Group Memberships
        • List Memberships
        • List Compliance Group Memberships
        • Add Compliance Group Membership
        • Update a User Membership
  • Deprecated Endpoints
    • DLP Dictionary and Policy management
      • V2 Policy Management endpoints
        • V2 Create Policy
        • V2 All Policies
        • V2 Get Policy
        • V2 Update Policy
        • V2 Enable Policy
        • V2 Disable Policy
        • V2 Delete Policy
      • V2 Violations endpoints
        • V2 Signal Violations
        • V2 Message Violations
        • V2 Stream Violations
    • Create Presence Feed
    • Read Presence Feed
    • Delete Presence Feed
    • Get Message IDs by Timestamp
    • Health Check v2
    • Datafeed 1
      • Create Datafeed 1
      • Read Datafeed 1
Powered by GitBook
On this page

Was this helpful?

  1. Endpoints Reference
  2. User Management

List Audit Trail

Returns a list of actions performed by a privileged account acting as privileged user, given a period of time.

Last updated 1 year ago

Was this helpful?

Available on Agent 2.55.0 and above.

Pagination

The pagination field will be returned (displayed) only if the response returns 50 or more items.

Pagination object definition:

• before: This is the opaque url-safe string that points to the start of the page of data that has been returned. • after: This is the opaque url-safe string that points to the end of the page of data that has been returned.

Privileged Eligible Roles

Roles for which audit trail can be exported. It retrieves the audit trail of all writing actions performed by Admin and Compliance users acting as a privileged user, via privileged account audit trail APIs.

  • User Provisioning (USER_PROVISIONING)

  • Content Management (CONTENT_MANAGEMENT)

  • Expression Filter Policy Management (EF_POLICY_MANAGEMENT)

  • SCO (SUPER_COMPLIANCE_OFFICER)

  • CO (COMPLIANCE_OFFICER)

  • Super admin (SUPER_ADMINISTRATOR)

  • Admin (ADMINISTRATOR)

  • L1 (L1_SUPPORT)

  • L2 (L2_SUPPORT)

  • Scope Manager (SCOPE_MANAGEMENT).

🚧 Required Roles and Permissions

Calling this endpoint requires a Service Account with the Audit Trail Management role. See Permissions for a list of roles and associated privileges.

Examples of Usage

before and after

Suppose we have an initial call. It will be returned only after the response because there is no before records. `https://acme.symphony.com/agent/v1/audittrail/privilegeduser?startTimestamp=1553264312000&limit=1

{
    "items": [
        {
            "action": "RSA Key Added",
            "actionName": "rsaKeyAdded",
            "initiatorId": 7215545057307,
            "initiatorUsername": "bob.smith",
            "initiatorEmailAddress": "bob.smith@symphony.com",
            "affectedId": 7215545222851,
            "affectedUsername": "account.test",
            "affectedEmailAddress": "account.test@symphony.com",
            "authorizationRoles": [
                "SUPER_ADMINISTRATOR"
            ],
            "timestamp": 1555510357831
        }
    ],
    "pagination": {
        "cursors": {
            "after": "1"
        },
        "next": "/agent/v1/audittrail/privilegeduser?&startTimestamp=1553264312000&limit=1&after=1"
    }
n

after (next) https://acme.symphony.com/agent/v1/audittrail/privilegeduser?startTimestamp=1553264312000&limit=1&after=1

{
    "items": [
        {
            "action": "Service Account Created",
            "actionName": "createServiceAccount",
            "initiatorId": 7215545057307,
            "initiatorUsername": "bob.smith",
            "initiatorEmailAddress": "bob.smith@symphony.com",
            "affectedId": 7215545222851,
            "affectedUsername": "account.test",
            "affectedEmailAddress": "account.test@symphony.com",
            "authorizationRoles": [
                "SUPER_ADMINISTRATOR"
            ],
            "timestamp": 1555510357104
        }
    ],
    "pagination": {
        "cursors": {
            "before": "2",
            "after": "2"
        },
        "previous": "/agent/v1/audittrail/privilegeduser?&startTimestamp=1553264312000&limit=1&before=2",
        "next": "/agent/v1/audittrail/privilegeduser?&startTimestamp=1553264312000&limit=1&after=2"
    }
}

after (next again) https://acme.symphony.com/agent/v1/audittrail/privilegeduser?startTimestamp=1553264312000&limit=1&after=2

{
    "items": [
        {
            "action": "Enabled EF Enforcement",
            "actionName": "enabledEfEnforcement",
            "initiatorId": 7215545057307,
            "initiatorUsername": "bob.smith",
            "initiatorEmailAddress": "bob.smith@symphony.com",
            "authorizationRoles": [
                "EF_POLICY_MANAGEMENT"
            ],
            "timestamp": 1555505109178
        }
    ],
    "pagination": {
        "cursors": {
            "before": "3",
            "after": "3"
        },
        "previous": "/agent/v1/audittrail/privilegeduser?&startTimestamp=1553264312000&limit=1&before=3",
        "next": "/agent/v1/audittrail/privilegeduser?&startTimestamp=1553264312000&limit=1&after=3"
    }
}

before (previous) https://acme.symphony.com/agent/v1/audittrail/privilegeduser?startTimestamp=1553264312000&limit=1&before=3

{
    "items": [
        {
            "action": "Service Account Created",
            "actionName": "createServiceAccount",
            "initiatorId": 7215545057307,
            "initiatorUsername": "bob.smith",
            "initiatorEmailAddress": "bob.smith@symphony.com",
            "affectedId": 7215545222851,
            "affectedUsername": "account.test",
            "affectedEmailAddress": "account.test@symphony.com",
            "authorizationRoles": [
                "SUPER_ADMINISTRATOR"
            ],
            "timestamp": 1555510357104
        }
    ],
    "pagination": {
        "cursors": {
            "before": "2",
            "after": "2"
        },
        "previous": "/agent/v1/audittrail/privilegeduser?&startTimestamp=1553264312000&limit=1&before=2",
        "next": "/agent/v1/audittrail/privilegeduser?&startTimestamp=1553264312000&limit=1&after=2"
    }
}

Last page (aka no more records to fetch), before the response. Note that we did not set the limit on this example, so it is using the default limit=50 https://acme.symphony.com/agent/v1/audittrail/privilegeduser?startTimestamp=1553264312000&after=127

{
    "items": [
        {
            "action": "End-user account created",
            "actionName": "createUser",
            "initiatorId": 7215545069230,
            "initiatorUsername": "bob.smith",
            "initiatorEmailAddress": "bob.smith@symphony.com",
            "affectedId": 7215545221479,
            "affectedUsername": "account.test",
            "affectedEmailAddress": "account.test@symphony.com",
            "authorizationRoles": [
                "SUPER_ADMINISTRATOR"
            ],
            "timestamp": 1553277265644
        },
        {
            "action": "Added Member",
            "actionName": "addedMember",
            "attribute": "admin@symphony.com",
            "initiatorId": 7215545069230,
            "initiatorUsername": "bob.smith",
            "initiatorEmailAddress": "bob.smith@qa5.com",
            "affectedId": 7215545057281,
            "affectedUsername": "test@symphony.com",
            "affectedEmailAddress": "test@symphony.com",
            "threadId": "UX2HkxQ2B4vs5qFkqs8jFX%2F%2F%2FpZryRyXdA%3D%3D",
            "scope": "Internal",
            "authorizationRoles": [
                "SUPER_COMPLIANCE_OFFICER"
            ],
            "conversationType": "Room",
            "timestamp": 1553273839863
        }
    ],
    "pagination": {
        "cursors": {
            "before": "128"
        },
        "previous": "/agent/v1/audittrail/privilegeduser?&startTimestamp=1553264312000&before=128"
    }
}

initiatorId

https://acme.symphony.com/agent/v1/audittrail/privilegeduser?startTimestamp=1553264312000&limit=5&initiatorId=7215545057307

The response will return only events generated by this initiatorId

role

Returns only events generated by a particular role. ´https://acme.symphony.com/agent/v1/audittrail/privilegeduser?startTimestamp=1553264312000&limit=5&role=ADMNISTRATOR

{
    "items": [
        {
            "action": "Profile info update",
            "actionName": "profileInfoUpdate",
            "attribute": "roles",
            "newValue": "[Individual,Administrator]",
            "oldValue": "[Individual]",
            "initiatorId": 7215545222842,
            "initiatorUsername": "bob.smith",
            "initiatorEmailAddress": "bob.smith@symphony.com",
            "affectedId": 7215545222843,
            "affectedUsername": "account.test",
            "affectedEmailAddress": "account.test@symphony.com",
            "authorizationRoles": [
                "ADMINISTRATOR"
            ],
            "timestamp": 1555437274937
        },
        {
            "action": "Profile info update",
            "actionName": "profileInfoUpdate",
            "attribute": "roles",
            "newValue": "[Individual,Administrator]",
            "oldValue": "[Individual]",
            "initiatorId": 7215545222800,
            "initiatorUsername": "bob.smith_3",
            "initiatorEmailAddress": "bob.smith_3@symphony.com",
            "affectedId": 7215545222801,
            "affectedUsername": "account.test_3",
            "affectedEmailAddress": "account.test_3@symphony.com",
            "authorizationRoles": [
                "ADMINISTRATOR"
            ],
            "timestamp": 1555264469483
        }
    ],
    "pagination": {
        "cursors": {
            "after": "1"
        },
        "next": "/agent/v1/audittrail/privilegeduser?&startTimestamp=1553264312000&limit=3&role=ADMINISTRATOR&after=1"
    }
}

startTimestamp

The API returns an error when the period (startTimestamp - endTimstamp) is greater than 30 days.

{
  "code": 400,
  "message": "\"Max of 30 days is allowed per request.\"",
  "details": "Max of 30 days is allowed per request."
}

Get a list of actions performed by a privileged account acting as privileged user given a period of time.

get

Get a list of actions performed by a privileged account acting as privileged user given a period of time.

Query parameters
startTimestampinteger · int64required

Start timestamp in unix timestamp in millseconds.

endTimestampinteger · int64optional

End timestamp in unix timestamp in millseconds. If not specified, it assumes to be current time.

beforestringoptional

Return results from an opaque “before” cursor value as presented via a response cursor.

afterstringoptional

Return results from an opaque “after” cursor value as presented via a response cursor.

limitintegeroptional

Max No. of violations to return. If no value is provided, 50 is the default. Some maximums for limit may be enforced for performance reasons. The maximum supported value is 500.

initiatorIdinteger · int64optional

If present, only the initiator with this initiator will be returned.

rolestringoptional

If present, only the audit trail initiated by s user with privileged role acting as privileged user will be returned. Privileged eliglible roles: User Provisioning (USER_PROVISIONING), Content Management (CONTENT_MANAGEMENT), Expression Filter Policy Management (EF_POLICY_MANAGEMENT), SCO (SUPER_COMPLIANCE_OFFICER), CO (COMPLIANCE_OFFICER), Super admin (SUPER_ADMINISTRATOR), Admin (ADMINISTRATOR), L1 (L1_SUPPORT), L2 (L2_SUPPORT), Scope Manager (SCOPE_MANAGEMENT)

Header parameters
sessionTokenstringrequired

Session authentication token.

keyManagerTokenstringrequired

Key Manager authentication token.

Responses
application/json
application/json
application/json
application/json
application/json
cURL
JavaScript
Python
HTTP
curl -L \
  --url 'youragentURL.symphony.com/agent/v1/audittrail/privilegeduser?startTimestamp=1' \
  --header 'sessionToken: text' \
  --header 'keyManagerToken: text'
200
204
400
401
403
500
{
  "items": [
    {
      "action": "text",
      "actionName": "text",
      "timestamp": "text",
      "initiatorId": "text",
      "initiatorUsername": "text",
      "initiatorEmailAddress": "text"
    }
  ],
  "pagination": {
    "cursors": {
      "before": "MTAxNTExOTQ1MjAwNzI5NDE=",
      "after": "NDMyNzQyODI3OTQw"
    },
    "previous": "https://tenantapi.d.isym.io/v1/tenantinfo?limit=25&before=MTAxNTExOTQ1MjAwNzI5NDE=",
    "next": "https://tenantapi.d.isym.io/v1/tenantinfo?limit=25&after=NDMyNzQyODI3OTQw"
  }
}

OK

  • GETGet a list of actions performed by a privileged account acting as privileged user given a period of time.
  • Pagination
  • Privileged Eligible Roles
  • Examples of Usage
  • before and after
  • initiatorId
  • role
  • startTimestamp