Search Audit Logs
Support for the audit endpoint and UI has been deprecated. Instead, pull audit logs from Kubernetes and push them to your SIEM.
This page describes the audit
endpoint API. The audit API allows users to programmatically search for audit records in Immuta.
Additional fields may be included in some responses you receive; however, these attributes are for internal purposes and are therefore undocumented.
Workflow
Search for audit records
GET
/audit
Search for audit records.
Query parameters
dataSourceId
array[integer]
The data source ID.
No
projectId
array[integer]
The project ID.
No
profileId
array[integer]
The user profile ID.
No
recordType
array[integer]
The type of audit event being captured. This also corresponds to the additional information in the record field.
No
outcome
Array[integer]
No
minDate
timestamp
The minimum date.
No
maxDate
timestamp
The maximum date.
No
blobId
string
The blob ID.
No
purpose
integer
No
offset
integer
Used in combination with size
to fetch pages.
No
size
integer
Pages results by default; size
is the number of results to return per page. Default 50
No
sortField
string
Sorts results by field. Default dateTime
No
sortOrder
string
Sorts results by order, which must be asc
or desc
. Default desc
No
Response parameters
hits
metadata
Details regarding the returned list of audits.
Request example
The following request searches for all audit records.
Response example
Retrieve a specific audit record
GET
/audit/{recordId}
Retrieve a specific audit record.
Query parameters
recordId
string
The audit record ID.
Yes
Response parameters
hits
metadata
Details regarding the returned audit record.
Request example
The following request retrieves a specific audit record.
Response Example
Query for activity by API key
GET
/audit/apikey/activity
Queries for the recent activity using the API key.
Query parameters
recordId
string
The audit record ID.
Yes
Response parameters
value
metadata
regarding the recent activity.
Request example
The following request queries for the recent activity using the API key.
Response example
Search for query list by data source
GET
/audit/queries/dataSource/{dataSourceId}/mine
Returns the list of the current user's distinct queries for the specified data source.
Query parameters
dataSourceId
array[integer]
The data source ID.
Yes
offset
integer
Used in combination with size
to fetch pages.
No
size
integer
Pages results by default; size
is the number of results to return per page. Default 50
No
sortField
string
Sorts results by field. Default dateTime
No
sortOrder
string
Sorts results by order, which must be asc
or desc
. Default desc
No
Response parameters
auditId
array[integer]
The audit ID.
query
string
The query run for the data source.
lastRun
integer
The date and time the query was last run in Unix.
timesRun
integer
The number of times the audit has been run.
name
string
The name of the query.
Request example
The following request returns the list of the current user's distinct queries.
Response example
Last updated