List audit logs

GET /v1/audit-logs

Get a paginated list of audit logs.

Token scope required: audit-logs:list

Request

Query Parameters

• includeCounts boolean

  If true, return count of total records and current page start and count in metadata

• cursor string

  Cursor value at which to start the results, provided in nextCursor or prevCursor of a prior request

  Example: bmV4dA.eyJsb2dzLmNyZQ5iIiwiX3ZhbHVlIjo9In19
• pageSize integer

  Possible values: <= 500

  Default value: 25

  Number of records to return in each page

• filter.targetID string

  Return only audit logs for the specified target

• filter.targetType string

  Possible values: [apiKey, host, network, role, user, ca, oidcProvider]

  Return only audit logs matching the specified target type

Responses

• 200

---

Successful operation

application/json

Schema

Schema

• data object[]

  Array [

  id string

  organizationID string

  timestamp date-time

  actor object

  The entity performing the action which caused a change.

  oneOf

  apiKey

  type string

  Possible values: [apiKey]

  An API key which used to perform the action.

  id string

  name string nullable

  type string

  Possible values: [host]

  A host. Used for example when hosts are enrolled.

  id string

  name string nullable

  type string

  Possible values: [oidcUser]

  A user who logged in using SSO.

  email email

  issuer string

  subject string

  type string

  Possible values: [support]

  A member of Defined Networking support staff.

  type string

  Possible values: [system]

  System actor, used for events such as creation or rotation of Certificate Authorities.

  type string

  Possible values: [user]

  A logged-in user.

  id string

  email email
• target object

  The entity being acted upon.

  id string

  type string

  Possible values: [apiKey, ca, host, network, oidcProvider, role, user]

• event object

  Information about what happened, including relevant values before & after the change.

  type string

  Possible values: [CREATED, UPDATED, DELETED, DELETED_TOTP, CREATED_TOTP, SUCCEEDED_AUTH, FAILED_AUTH, ENROLLED, RENEWED, CREATED_ENROLL_CODE, SET_NETWORK_CA, BLOCKED_HOST, UNBLOCKED_HOST, SET_OVERRIDES]

  The type of event that occurred.

  before object nullable

  The state of the target before the change was made. The shape depends on the target and event type. Can also be a string or null (e.g. target was created).

  after object nullable

  The state of the target before the change was made. The shape depends on the target and event type. Can also be a string or null (e.g. target was deleted).

• ]

metadata object

totalCount integer

The total number of resources existing in the account

hasNextPage boolean

Is there a page of data that can be fetched using the nextCursor?

hasPrevPage boolean

Is there a page of data that can be fetched using the prevCursor?

nextCursor string

An opaque string that can be used to fetch the next page of results. Not provided if result set is empty.

prevCursor string

An opaque string that can be used to fetch the next page of results. Not provided if result set is empty.

page object

count integer required

The number of results returned in the response.

start integer required

The zero-based index of the first result within the overall list. For example, the first page will have a start of 0. If 25 results are fetched, and the nextCursor used to fetch a new page of results, the second request's start will be 25.

{
  "data": [
    {
      "id": "string",
      "organizationID": "string",
      "timestamp": "2023-05-25T18:45:02.259Z",
      "actor": {
        "type": "apiKey",
        "id": "string",
        "name": "string"
      },
      "target": {
        "id": "string",
        "type": "apiKey"
      },
      "event": {
        "type": "CREATED",
        "before": {},
        "after": {}
      }
    }
  ],
  "metadata": {
    "totalCount": 0,
    "hasNextPage": true,
    "hasPrevPage": true,
    "nextCursor": "string",
    "prevCursor": "string",
    "page": {
      "count": 0,
      "start": 0
    }
  }
}

When includeCounts parameter is not set to true

{
  "data": [
    {
      "id": "log-F3TTIDMKZH5XFH37RTRLIP3TOA",
      "organizationID": "org-F63A24JGCLJV3ZEUTLCBISGETA",
      "timestamp": "2023-02-15T13:59:09.828868Z",
      "actor": {
        "id": "dnkey-DXALSPQONG7H45QZAVTPRDMAPU",
        "name": "example api key",
        "type": "apiKey"
      },
      "target": {
        "id": "role-LO4SPDSWTZNJC676WFCZKUB3ZQ",
        "type": "role"
      },
      "event": {
        "type": "CREATED",
        "before": null,
        "after": {
          "name": "My New Role",
          "description": "",
          "firewallRules": null
        }
      }
    }
  ],
  "metadata": {
    "hasNextPage": true,
    "hasPrevPage": true,
    "nextCursor": "bmV4dA.bHVlIjoieGJVS0UvYkRjQmZsY1pUbGJCc",
    "prevCursor": "cHJldg.SI6ImIiLCJfdmFsdWUiOiI0dDVuREQreU"
  }
}

Metadata returned when including request params for includeCounts=true, pageSize=1, and cursor="somevalue".

{
  "data": [
    {
      "id": "log-F3TTIDMKZH5XFH37RTRLIP3TOA",
      "organizationID": "org-F63A24JGCLJV3ZEUTLCBISGETA",
      "timestamp": "2023-02-15T13:59:09.828868Z",
      "actor": {
        "id": "dnkey-DXALSPQONG7H45QZAVTPRDMAPU",
        "name": "example api key",
        "type": "apiKey"
      },
      "target": {
        "id": "role-LO4SPDSWTZNJC676WFCZKUB3ZQ",
        "type": "role"
      },
      "event": {
        "type": "CREATED",
        "before": null,
        "after": {
          "name": "My New Role",
          "description": "",
          "firewallRules": null
        }
      }
    }
  ],
  "metadata": {
    "totalCount": 500,
    "hasNextPage": true,
    "hasPrevPage": true,
    "prevCursor": "cHJldg.SI6ImIiLCJfdmFsdWUiOiI0dDVuREQreU",
    "nextCursor": "bmV4dA.bHVlIjoieGJVS0UvYkRjQmZsY1pUbGJCc",
    "page": {
      "count": 1,
      "start": 5
    }
  }
}