Skip to main content

Parameters

The Audit Log object schema includes the following attributes:

Attribute 

Description 

Type 

actor

The user or system that made the change. Possible returns are:

  • type - whether the change was made by a user or the system. Attributes: user and system-generated.

  • user - Details on the user account that performed the action. (Only included in changes made by a user.) Attributes: id, email, and name.

Object

action_type

The action that was made. Possible returns are:

  • init_state - the initial value.

  • create - when a resource is created.

  • update - when a resource is updated.

  • delete - when a resource is deleted.

String

context

Actor access details as reported by the client. (Only included in changes performed by a user.) 

actor_access object attributes:

  • user_agent - information about the user’s browser.

  • ip_address - the access point used to access the system.

Object

timestamp

Unix epoch time when the event occurred (in seconds). 

Timestamp (in seconds)

resource_id

The system id of the resource that was changed.

String

resource_type

The resource type that was changed. Possible returns are:

  • auto_share_rules 

  • correlation_patterns 

  • enrichment v1 custom_tags 

  • environments 

  • users 

  • integrations 

  • alert_filtering

  • enrichment v2 resources:

    • tag_enrichments_order 

    • tag_enrichments 

    • tag 

    • mapping_enrichment 

  • api_keys

  • jit_roles

  • roles

  • sso_config

String

object

The resource object after the change. Resource objects include:

  • Alert Correlation

  • Alert Enrichments

  • Alert Filtering

  • API Keys

  • AutoShare

  • Environments

  • Integrations

  • JIT Provisioning

  • Maintenance Plans

  • Roles

  • SAML Attribute Mapping

  • SSO Configuration

  • Users

When the resource is deleted, the object is {null}.

Object

Sample Object

Sample Query

curl --request GET \
     --url 'https://api.bigpanda.io/resources/v2.0/audit/logs?resource_type=users&action_type=create&start=1697765051&end=1697765555&per_page=100' \
     --header 'Authorization: Bearer <User API Key>' \
     --header 'accept: application/json'

Audit Log Return

{
  "actor": {
    "type": "user",
    "user": {
      "id": "62f0ec2d95918d0012bba5553",
      "email": "[email protected]"
    }
  },
  "action_type": "update",
  "context": {
    "actor_access": {
      "ip_address": "::ffff:10.12.55.55",
      "user_agent": "axios/0.24.0"
    }
  },
  "resource_type": "users",
  "resource_id": "631471d494528700126ca555",
  "timestamp": 1662284339,
  "object": {
    "createdAt": 1662284244,
    "lastLoginAt": 1662284281,
    "name": "Nataly",
    "state": "valid",
    "firstLoginAt": 1662284281,
    "username": "[email protected]",
    "id": "631471d494528700126a5559"
  }
}
In this section: