Audit Logs

Audit logs enable admins to keep track of changes in their configuration and settings across the BigPanda platform. The Audit Logs API gives admins a vital troubleshooting, investigation, and security tool.

BigPanda audit logs report on Create, Update, and Delete actions for these resources:

Alert Enrichment including:
- Tags
- Tags Order
- Tag Enrichments
- Tag Enrichments Order
- Mapping Enrichment Schema
- Mapping Table Upload
Alert Correlation Patterns
Alert Filtering
API Keys
AutoShare
Enrichment V1 Custom Tags
Environments
Integrations
JIT Provisioning
Maintenance Plans
Roles
SAML Attribute Mapping
SSO Configuration
SSO Testing
Users

Users object

Currently, the audit log does not track changes to user phone number or name. In the future more details will be added to the Users audit log.

Read more about what fields are included in the Users Object Parameters.

Audit Logs

Authentication

All BigPanda APIs require Bearer Token Authorization in the call headers.

This API uses the User API Key type of Authorization token.

BigPanda recommends adding Authentication headers only in the secure tool you use to make API calls.

Parameters

The Audit Log object schema includes the following attributes:

Attribute	Description	Type
actor	The user or system that made the change. Possible returns are: `type` - whether the change was made by a user or the system. Attributes: `user` and `system-generated`. `user` - Details on the user account that performed the action. (Only included in changes made by a user.) Attributes: `id`, `email`, and `name`.	Object
action_type	The action that was made. Possible returns are: `init_state` - the initial value. `create` - when a resource is created. `update` - when a resource is updated. `delete` - when a resource is deleted.	String
context	Actor access details as reported by the client. (Only included in changes performed by a user.) `actor_access` object attributes: `user_agent` - information about the user’s browser. `ip_address` - the access point used to access the system.	Object
timestamp	Unix epoch time when the event occurred (in seconds).	Timestamp (in seconds)
resource_id	The system id of the resource that was changed.	String
resource_type	The resource type that was changed. Possible returns are: `auto_share_rules` `correlation_patterns` `enrichment v1 custom_tags` `environments` `users` `integrations` `alert_filtering` `enrichment v2 resources`: `tag_enrichments_order` `tag_enrichments` `tag` `mapping_enrichment` `api_keys` `jit_roles` `roles` `sso_config`	String
object	The resource object after the change. Resource objects include: Alert Correlation Alert Enrichments Alert Filtering API Keys AutoShare Environments Integrations JIT Provisioning Maintenance Plans Roles SAML Attribute Mapping SSO Configuration Users When the resource is deleted, the object is {null}.	Object

Sample Object

Sample Query

curl --request GET \
     --url 'https://api.bigpanda.io/resources/v2.0/audit/logs?resource_type=users&action_type=create&start=1697765051&end=1697765555&per_page=100' \
     --header 'Authorization: Bearer <User API Key>' \
     --header 'accept: application/json'

Audit Log Return

{
  "actor": {
    "type": "user",
    "user": {
      "id": "62f0ec2d95918d0012bba5553",
      "email": "[email protected]"
    }
  },
  "action_type": "update",
  "context": {
    "actor_access": {
      "ip_address": "::ffff:10.12.55.55",
      "user_agent": "axios/0.24.0"
    }
  },
  "resource_type": "users",
  "resource_id": "631471d494528700126ca555",
  "timestamp": 1662284339,
  "object": {
    "createdAt": 1662284244,
    "lastLoginAt": 1662284281,
    "name": "Nataly",
    "state": "valid",
    "firstLoginAt": 1662284281,
    "username": "[email protected]",
    "id": "631471d494528700126a5559"
  }
}

In this section:

Audit Logs

Audit Logs

Parameters

Sample Object

Search results