Enterprise 11 Audit API

Requests audit data for a given input combination of date filter, sorting mechanism, and pagination.

Prerequisites

JSON Web Token (JWT)
All Control Room APIs require a JSON Web Token (JWT) to access the APIs. Generate an authentication token using the Authentication API. A JWT is required to run all Control Room APIs.
Roles and license
Users with the AAE_Admin role or users with the View everyone's audit log actions permission are able to view audit logs for the Control Room.
  • URL: http://<your_control_room_url>/v1/audit/messages/list
  • Method: POST
Note:
  • Use the Swagger definition files installed with your Control Room to test the APIs. View the available Swagger APIs at http://<your_control_room_url>/swagger/
  • You can also use a REST client to complete this task.

Procedure

  1. Add an authentication token to the request header.
    Note: Use the Authentication API to generate a JSON Web Token.
  2. Select POST as the method.
    Note: Apply filters to perform basic conditional queries and pagination control for processing web pages. There are three basic features related to filtering: filtering conditions, sorting columns, and pagination parameters. Refer to the Filters in an API request body.

    The following example requests unsuccessful login attempts for the month of December.

    Request body:

    
{
  "sort": [
    {
      "field": "createdOn",
      "direction": "desc"
    }
  ],
  "filter": {
    "operator": "and",
    "operands": [
      {
        "operator": "gt",
        "field": "createdOn",
        "value": "2019-12-01T00:00:00.001Z"
      },
      {
        "operator": "lt",
        "field": "createdOn",
        "value": "2019-12-31T23:59:59.999Z"
      },
      {
        "operator": "eq",
        "field": "status",
        "value": "Unsuccessful"
      },
      {
        "operator": "substring",
        "field": "activityType",
        "value": "LOGIN"
      }
    ]
  },
  "fields": [],
  "page": {
    "length": "1000",
    "offset": "0"
  }
}
  3. Send the request.
    • In Swagger, click Execute.
    • In a REST Client, click SEND.

    The response for this example returned data for date filter, sorting, and pagination. When there is no filtering used in the request, a successful response returns all pages for the specified Control Room.

    Response body:
    {
  "page": {
    "offset": 0,
    "total": 847,
    "totalFilter": 4
  },
  "list": [
    {
      "id": "aOhx024BVd_jtov73ujy",
      "eventDescription": "User does not exist in Control Room.",
      "activityType": "LOGIN",
      "environmentName": "",
      "hostName": "50.xxx.xxx.66",
      "userName": "string",
      "status": "Unsuccessful",
      "source": "Control Room",
      "objectName": "N/A",
      "detail": "",
      "createdOn": "2019-12-05T00:24:45Z",
      "requestId": "a5f69abd-766c-4eed-8d2f-79aff572538c",
      "createdBy": "0"
    },
    {
      "id": "Y-ht024BVd_jtov7Nej4",
      "eventDescription": "User provided incorrect password.",
      "activityType": "LOGIN",
      "environmentName": "",
      "hostName": "50.xxx.xxx.66",
      "userName": "docs-2fa",
      "status": "Unsuccessful",
      "source": "Control Room",
      "objectName": "N/A",
      "detail": "",
      "createdOn": "2019-12-05T00:19:40Z",
      "requestId": "8995877f-a9ba-41cf-8d6a-a3cfe5a5d63a",
      "createdBy": "0"
    },
    {
      "id": "m46_yG4BGE7puvDMHe_6",
      "eventDescription": "User does not exist in Control Room.",
      "activityType": "LOGIN",
      "environmentName": "",
      "hostName": "50.xxx.xxx.66",
      "userName": "string",
      "status": "Unsuccessful",
      "source": "Control Room",
      "objectName": "N/A",
      "detail": "",
      "createdOn": "2019-12-02T22:33:18Z",
      "requestId": "e3e6387e-9cd9-45af-ac5c-9279c1a63f95",
      "createdBy": "0"
    },
    {
      "id": "mI6qyG4BGE7puvDMle-y",
      "eventDescription": "User does not exist in Control Room.",
      "activityType": "LOGIN",
      "environmentName": "",
      "hostName": "50.xxx.xxx.66",
      "userName": "System",
      "status": "Unsuccessful",
      "source": "Control Room",
      "objectName": "N/A",
      "detail": "",
      "createdOn": "2019-12-02T22:10:52Z",
      "requestId": "a1d5944e-f14e-4981-a65d-7d2a59ed0c44",
      "createdBy": "0"
    }
  ]
}
    Response headers:
     cache-control: no-cache, no-store, max-age=0, must-revalidate 
 content-length: 1854 
 content-security-policy: default-src 'self' 
 content-type: application/json 
 date: Sun, 08 Dec 2019 04:58:53 GMT 
 expires: 0 
 pragma: no-cache 
 x-content-type-options: nosniff 
 x-frame-options: SAMEORIGIN 
 x-xss-protection: 1; mode=block
Note: You can also run REST requests from a command terminal. The following is a curl request example. This example is formatted for readability.
curl -X POST "http://ec2-34-210-185-177.us-west-2.compute.amazonaws.com/v1/audit/messages/list" -H "accept: application/json" -H "X-Authorization: eyJhbGciOiJSUzUxMiJ9.eyJzdWIiOiI0IiwiY2xpZW50VHlwZSI6IldFQiIsImxpY2Vuc2VzIjpbXSwiYW5hbHl0aWNzTGljZW5zZXNQdXJjaGFzZWQiOnsiQW5hbHl0aWNzQ2xpZW50Ijp0cnVlLCJBbmFseXRpY3NBUEkiOnRydWV9LCJpYXQiOjE1NzU3ODExMTUsImV4cCI6MTU3NTc4MjMxNSwiaXNzIjoiQXV0b21hdGlvbkFueXdoZXJlIiwibmFub1RpbWUiOjU2MzI3OTk4MTE5ODEzMDAsImNzcmZUb2tlbiI6IjRmYWM1ODg1ZjM0ZThkYmJhZGQ1ZTMwZDIxNGY3MDA3In0.sqyQ5DiAMqSqu4qpiALFxW0cJGZCJCT8u-oJ9AoUBSvQ7gS5Ss0hszFR4zYIMG_8qQBcENnySnfeDpTysyclRKRx2TCjb2OVpPI8Y76g-6vlaZgJP-_iOloOBzso1I0Q7EHkFE7UOaeWurLcltUXCnjZfYaPC4UJqQTNto0LqavlxsBC3HdxYLg4FiA0D7CKP_sb9CAVPVKN9wlxU35gFzggiBYxifVXSAtB_wtWbJzHeirgx4fuAw8lTBIO0URjgRSR4mgMt0y6hOHIrGuLhtx13c3YQnQ2n5xfWX2OzbdwOLreIu87mbCiA4KZ9X95q1TuI7r6jKecUlrv-RwkVw" -H "Content-Type: application/json" -d "{ \"sort\": [ { \"field\": \"createdOn\", \"direction\": \"desc\" } ], \"filter\": { \"operator\": \"and\", \"operands\": [ { \"operator\": \"gt\", \"field\": \"createdOn\", \"value\": \"2019-12-01T00:00:00.001Z\" }, { \"operator\": \"lt\", \"field\": \"createdOn\", \"value\": \"2019-12-31T23:59:59.999Z\" }, { \"operator\": \"eq\", \"field\": \"status\", \"value\": \"Unsuccessful\" }, { \"operator\": \"substring\", \"field\": \"activityType\", \"value\": \"LOGIN\" } ] }, \"fields\": [], \"page\": { \"length\": \"1000\", \"offset\": \"0\" }}"