Introduction
Curl Command
Audit Log Curl
All Events Between Two Dates Curl
All Events Related to a Specific User Curl
Query Params
Filters
Introduction
NowSecure Platform offers helpful API calls to return a list of Platform audit log entries. i.e. actions users have taken in Platform that affect apps, assessments, groups, policies, etc.
For all API calls, replace the $API_TOKEN
with your own token. Create a token by selecting the Profile icon on the top right corner of Platform > select Tokens.
See Creating an API Bearer Token for further information.
Curl commands
Viewing Audit Log of the latest completed assessment in NowSecure Platform can be done in two ways:
-
Within the Platform UI. Select the Admin tab in the top navigation menu > Audit Log along the left rail. Please see our NowSecure Platform Audit Log article to learn more.
- NowSecure's API curl command (Instructions below)
Audit Log Base cURL Command
This cURL command returns a list of Platform audit log entries on your affected app.
Note: Wrap the $API_TOKEN in double quotation marks ("...") to ensure the Shell extracts the value of the variable.
https://api.nowsecure.com/v2/logs/platform-audit/entries
curl --request GET \
--url 'https://api.nowsecure.com/v2/logs/platform-audit/entries' \
--header "Authorization: Bearer $API_TOKEN"
{
"rows": [
{
"id": 1238,
"entity": {
"ref": "c28d1b5a-1ddd-476f-9b98-614d4e626991",
"name": null,
"type": "USER"
},
"event": "ACTIVITY",
"values": {
"event": "login",
"provider": "auth0",
"destination": "platform"
},
"prevValues": null,
"user": {
"ref": "c28d1b5a-1ddd-476f-9b98-614d4e626991",
"name": "Tom Whitfield"
},
"updatedAt": 1678301134551
},
{
"id": 1234,
"entity": {
"ref": "58041f51-ac8f-427a-9385-65d15307ec85",
"name": "group 1",
"type": "GROUP"
},
"event": "UPDATE",
"values": {
"setting.jobs.concurrency": null
},
"prevValues": {
"setting.jobs.concurrency": 20
},
"user": {
"ref": "c28d1b5a-1ddd-476f-9b98-614d4e626991",
"name": "Tom Whitfield"
},
"updatedAt": 1678299358784
}
],
"pageInfo": {
"hasPreviousPage": true,
"hasNextPage": true,
"cursors": {
"previous": "eyJkaXJlY3Rpb24iOiJQUkVWIiwiaWQiOjEyODR9",
"next": "eyJkaXJlY3Rpb24iOiJORVhUIiwiaWQiOjEyMzR9"
}
},
"summaryInfo": {
"totalResults": 141
}
}
All Events Between Two Dates
This curl command returns all events between two selected dates.
GEThttps://api.nowsecure.com/v2/logs/platform-audit/entries
curl --request GET \
--url 'https://api.nowsecure.com/v2/logs/platform-audit/entries?filters=\[\{"name":"since","value":"2023-01-01T06:00:00.000Z"\},\{"name":"until","value":"2023-07-02T04:59:59.999Z"\}\]&pageSize=50&includeSummaryInfo=true' \
--header "Authorization: Bearer $API_TOKEN"
{
"rows": [
{
"id": 149500,
"entity": {
"ref": "d3f132fd-a9b6-493b-b8e7-b54876bfd732",
"type": "ASSESSMENT"
},
"event": "CREATE",
"values": {
"favorite": false,
"is_guided": false,
"config_level": "baseline",
"findings_overrides": null,
"is_appstore_download": true,
"niap_evaluation_assertions": null
},
"prevValues": null,
"user": {
"ref": null,
"name": null
},
"updatedAt": 1688224090426
}
],
"pageInfo": {
"hasPreviousPage": false,
"hasNextPage": true,
"cursors": {
"previous": null,
"next": "eyJkaXJlY3Rpb24iOiJORVhUIiwiaWQiOjE0OTUwMH0="
}
},
"summaryInfo": {
"totalResults": 256
}
}
All Events Related to a Specific User
This cURL command returns the events affected by a specific user.
GEThttps://api.nowsecure.com/v2/logs/platform-audit/entries
curl -g --request GET \
--url 'https://api.nowsecure.com/v2/logs/platform-audit/entries?filters=[{"name":"userRefs","value":["be889f24-cf5e-4369-8520-2384d531ed8f"]}]&pageSize=50&includeSummaryInfo=true' \
--header "Authorization: Bearer $API_TOKEN"
{
"rows": [
{
"id": 280615,
"entity": {
"ref": "be889f24-cf5e-4369-8520-2384d531ed8f",
"type": "USER",
"name": "NowSecure Support"
},
"event": "ACTIVITY",
"values": {
"event": "login",
"provider": "Auth0",
"destination": "platform"
},
"prevValues": null,
"user": {
"ref": "be889f24-cf5e-4369-8520-2384d531ed8f",
"name": "NowSecure Support"
},
"updatedAt": 1692714331766
},
{
"id": 277452,
"entity": {
"ref": "be889f24-cf5e-4369-8520-2384d531ed8f",
"type": "USER",
"name": "NowSecure Support"
},
"event": "ACTIVITY",
"values": {
"event": "login",
"provider": "Auth0",
"destination": "platform"
},
"prevValues": null,
"user": {
"ref": "be889f24-cf5e-4369-8520-2384d531ed8f",
"name": "NowSecure Support"
},
"updatedAt": 1692630852833
}
],
"pageInfo": {
"hasPreviousPage": false,
"hasNextPage": true,
"cursors": {
"previous": null,
"next": "eyJkaXJlY3Rpb24iOiJORVhUIiwiaWQiOjIwMTAyOX0="
}
},
"summaryInfo": {
"totalResults": 177
}
}
Query Parameters
Params | Description |
orderBy |
A list of columns to sort on. The only allowed column is updatedAt so in practice this is either ["updatedAt"] for ascending by date or ["-updatedAt"] for descending by date |
cursor |
Page cursor string used to navigate backwards or forwards from the previous request |
includeSummaryInfo |
true or false boolean. When true, the response includes a summary object with information on the response. Default: false . Example: "summaryInfo": {
"totalResults": 157
}
|
pageSize |
Number of entries should be returned per page. Minimum: 1, Maximum: 50, Default: 10 |
filters |
See below |
Filters
Filter | Type | Description |
since |
ISO 8601 date | Returns only events that occurred on or after the given date. |
until |
ISO 8601 date | Returns only events that occurred before or on the given date. |
groupRefs |
UUID [ ] | Returns only events that occurred to entities in one of the given groups. These can only be APP or ASSESSMENT entities. |
applicationRefs |
UUID [ ] | Returns only events that occurred to one of the given apps or to assessments belonging to one of those apps. |
userRefs |
UUID [ ] | Returns only events "caused" by one of the given users. |
entityRefs |
UUID [ ] | Returns only events that occurred to one of the specifically identified entities. |
entityTypes |
UUID [ ] | Returns only events that occurred to an entity of one of the given types. |
policyRefs |
UUID [ ] | Returns only events that occurred to one of the given policies or any of their policy versions. |
Comments
Article is closed for comments.