NowSecure Platform Audit Log API

Introduction
Curl Command
Audit Log Curl
All Events Between Two Dates Curl
All Events Related to a Specific User Curl
Query Params
Filters

Introduction

NowSecure Platform offers helpful API calls to return a list of Platform audit log entries. i.e. actions users have taken in Platform that affect apps, assessments, groups, policies, etc.

For all API calls, replace the $API_TOKEN with your own token. Create a token by selecting the Profile icon on the top right corner of Platform > select Tokens.

See Creating an API Bearer Token for further information.

Curl commands

Viewing Audit Log of the latest completed assessment in NowSecure Platform can be done in two ways:

  1. Within the Platform UI. Select the Admin tab in the top navigation menu > Audit Log along the left rail. Please see our NowSecure Platform Audit Log article to learn more.

  2. NowSecure's API curl command (Instructions below)

Audit Log Base cURL Command

This cURL command returns a list of Platform audit log entries on your affected app.

Note: Wrap the $API_TOKEN in double quotation marks ("...") to ensure the Shell extracts the value of the variable.

GET https://api.nowsecure.com/v2/logs/platform-audit/entries
curl --request GET \
--url 'https://api.nowsecure.com/v2/logs/platform-audit/entries' \
--header "Authorization: Bearer $API_TOKEN"

All Events Between Two Dates

This curl command returns all events between two selected dates.

GET https://api.nowsecure.com/v2/logs/platform-audit/entries
curl --request GET \
--url 'https://api.nowsecure.com/v2/logs/platform-audit/entries?filters=\[\{"name":"since","value":"2023-01-01T06:00:00.000Z"\},\{"name":"until","value":"2023-07-02T04:59:59.999Z"\}\]&pageSize=50&includeSummaryInfo=true' \
--header "Authorization: Bearer $API_TOKEN"

All Events Related to a Specific User

This cURL command returns the events affected by a specific user.

GET https://api.nowsecure.com/v2/logs/platform-audit/entries
curl -g --request GET \
--url 'https://api.nowsecure.com/v2/logs/platform-audit/entries?filters=[{"name":"userRefs","value":["be889f24-cf5e-4369-8520-2384d531ed8f"]}]&pageSize=50&includeSummaryInfo=true' \
--header "Authorization: Bearer $API_TOKEN"

Query Parameters

Params Description
orderBy A list of columns to sort on. The only allowed column is updatedAt so in practice this is either ["updatedAt"] for ascending by date or ["-updatedAt"] for descending by date
cursor Page cursor string used to navigate backwards or forwards from the previous request
includeSummaryInfo true or false boolean. When true, the response includes a summary object with information on the response. Default: false. Example: "summaryInfo": { "totalResults": 157 }
pageSize

Number of entries should be returned per page.

Minimum: 1, Maximum: 50, Default: 10

filters See below


Filters

Filter Type Description
since ISO 8601 date Returns only events that occurred on or after the given date.
until ISO 8601 date Returns only events that occurred before or on the given date.
groupRefs UUID [ ] Returns only events that occurred to entities in one of the given groups. These can only be APP or ASSESSMENT entities.
applicationRefs UUID [ ] Returns only events that occurred to one of the given apps or to assessments belonging to one of those apps.
userRefs UUID [ ] Returns only events "caused" by one of the given users.
entityRefs UUID [ ] Returns only events that occurred to one of the specifically identified entities.
entityTypes UUID [ ] Returns only events that occurred to an entity of one of the given types.
policyRefs UUID [ ] Returns only events that occurred to one of the given policies or any of their policy versions.

 

 

Comments

0 comments

Article is closed for comments.